last executing test programs:

20.527174458s ago: executing program 4 (id=4293):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYRES16=r2], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x31, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000040))
r6 = syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x20000)
read$usbmon(r6, 0x0, 0x0)
ioctl$MON_IOCX_GET(r6, 0x40189206, &(0x7f0000000180)={0x0, 0x0})
syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680)
pwritev2(r4, &(0x7f0000000200)=[{&(0x7f00000014c0)="424d3f85b240893d1d20f01a3f91dfbffe42c5aa1b3a42002cf5d5c075a8285d9bd2f33c6cd381846821ac1a03936e3c85418ed92f133c610f82dc75b5336e5609604c27dc2198350151db97ae32669dd02a99c4a7d9bf00936eb2fd6117647df84d0e80f50b3e71975bcd72bd73f04120e4d46d046a5ffecd1aabec077f283816bc844b47f9659ff0f54d36ec790619e62956e32c9bf09265661feb", 0x9c}], 0x1, 0x100, 0x1, 0x18)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9901)
mount_setattr(r7, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000000080)={0xb, 0x0, 0x40000}, 0x20)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x3a9, 0x2, 0x7, 0x3})

20.373250041s ago: executing program 4 (id=4298):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xd76}, 0x18)
r1 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0x1, 0x900, 0x0, 0xffffff80}}) (fail_nth: 4)

20.294938513s ago: executing program 4 (id=4299):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000000000001000000", @ANYRES32=r0], 0x20, 0x40000}, 0x4000)
syz_genetlink_get_family_id$SEG6(&(0x7f0000003e40), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000340)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c)
sendmmsg$inet6(r2, &(0x7f0000001980)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)}}], 0x1, 0x1404c894)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16], 0x1000f)

20.294529233s ago: executing program 4 (id=4300):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x1c5902, 0x2d)
write(r2, &(0x7f0000004200)='t', 0x1)
sendfile(r2, r1, 0x0, 0x7ffff019)
r3 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)
r5 = syz_open_procfs(r3, &(0x7f0000000140)='comm\x00')
writev(r5, &(0x7f0000000240)=[{&(0x7f00000004c0)='\n', 0x5d}], 0x1)
fallocate(r0, 0x0, 0x0, 0x1001f0)

19.995994819s ago: executing program 4 (id=4304):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/wakeup_count', 0x80800, 0x8)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f00000000c0)={0xe000001a})
read$char_usb(r3, &(0x7f0000001980)=""/179, 0xb3)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r3, &(0x7f0000000000))

19.825867682s ago: executing program 4 (id=4305):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x2, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5}, 0x10)
open(0x0, 0x14507e, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x1000000}, 0x3)

19.806104422s ago: executing program 32 (id=4305):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x2, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5}, 0x10)
open(0x0, 0x14507e, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x1000000}, 0x3)

3.684964056s ago: executing program 3 (id=4556):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a500000008000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x100000000000000}, 0x0)

3.627922417s ago: executing program 3 (id=4557):
syz_read_part_table(0x5b2, &(0x7f00000005c0)="$eJzs0z9Lc3cUAOCTtOH2LbUJRXBoB8GMtgU76JBARWLI0ojY4tDOxcEOlg4OoqhDJ1u/QMV/i4t0LAhdihZEIU7iKH4BxcUpxeS2BHEQVOorzzPk5PzOuTm5nHuDt1o2/ky/NZOISKIrTZPOroU7J7nW55v4eqcyWusdGx6fiMjEtxFR+eSDVi3T+asR8Xua19O8lgw01g9HrnYKR30nB8XNbFrfy7anTZ9v5VsH368+/U3zauyW9/NLyzPVldny1Gl17uKLeL9dGNwozX/TU5pMH6y9dvzjuecXG0Pbx836ZRQ6XoLb9+CpB/Mi3N3/Wvfi2eLNV5n46fP+j87+mv81fQauM//3PwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF673TeRX1qeqa7Mlqd+/Dniu81PKx//UvlhdXCjNJ/0lCaz7b697L2Xv/vo+eX9/+YvVOcuio2h7eNm/fK3rs9yB42bgb/Tvv7MYyfxEqX7j9v9n1bnLta6F9/7t9bs2Pm1/QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1QZrfWODY9PRGRa+Ui2kLuNzaRdz6R9uTTW0/NaMtBYPxy52ikc9Z0cFDfHkuhtXZeNWIiI6fOtfMSX9418px0+fNb74mH+CQAA//+X4HWC")
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=<r4=>r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r3, 0x0, 0x5}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x0)
sendmsg$inet_sctp(r0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001007f00000108000200000000000c00028005000100010000000c001980080001000d"], 0x44}}, 0x0)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180400000000000000000000000000001801000069"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000c40)=ANY=[@ANYRESHEX=r3, @ANYRES8=r4, @ANYRES64], &(0x7f00000001c0)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
r8 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
read$ptp(r8, 0x0, 0x0)

3.505178269s ago: executing program 3 (id=4558):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffd3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
read$snapshot(r1, 0x0, 0xffffffbf)
read$watch_queue(r1, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

2.647142706s ago: executing program 3 (id=4569):
r0 = socket$inet6(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r6=>0x0)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c0000", @ANYRES16=r5, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r6], 0x1c}}, 0x0)
write$nci(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="400203e6070042"], 0x7)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5c, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
socket$inet6(0x10, 0x3, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xce, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800702, &(0x7f0000000100)={[{@max_batch_time={'max_batch_time', 0x3d, 0x8001}}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xffffffffffff0c05}}, {@noauto_da_alloc}, {@noload}, {@oldalloc}, {@errors_continue}]}, 0x2, 0x470, &(0x7f0000000dc0)="$eJzs209sFNUfAPDvTLuFH//an+IfELVKjI1/WlpQOXjRqPGA0UQPeKxtIYRCDa0JECLVGLyYGBL1ajyaePDszYtRTyZeNfFoSIhyAfVSM7Mz7XbplpZud2v380kG3tt52/e+++bNvJm3G0DH6s/+SSJ2RMQvEdFbzS4u0F/978a1C2N/XbswlsTc3Ot/JHm569cujJVFy/dtLzIDaUT6QVJUstj0ufMnRycnJ84U+aGZU28PTZ87/+SJU6PHJ45PnB45fPjQweFnnh55qilxZnFd3/vu1L49L795+ZWxo5ff+uGrrL07iv21cTRLfxb4n3O5+n2PNLuyNttZk06629gQVqUrIrLuquTjvze6YqHzeuPF99vaOGBdZdemLY13z84Bm1gS7W4B0B7lhT67/y23Fk09NoSrz1VvgLK4bxRbdU93pEWZSt39bTP1R8TR2b8/z7ZYp+cQAAC1Phr79Eg8sdT8Lz19d025XcUaSl9E/D8i7oiIOyNid0TcFRFZ2Xsi4t5V1l+/NHTz/Ce9cluBrVA2/3s24qUbN83/ytlf9HUVuZ15/JXk2InJiQPFZzIQlS1ZfniZOr594eePG+2rnf9lW1Z/ORcs2nGlu+4B3fjozGg+KW2Cq+9F7O2uru0tjj+ZXwlIImJPROxd3Z/eVSZOPPblvkaFbh3/MpqwzjT3RcSj1bXN2aiLv5Qsvz45tDUmJw4MlUfFzX786dJrjepfU/xNkPX/tljU//VF+pLa9drp1ddx6dcPG97T3O7x35O8kZ+PeorXzo7OzJwZjuhJjuT5Ra+PLLy3zJ8drczHP7B/qeM/zc9xUfT/fRGRHcT3R8QDEfFg0faHIuLhiNi/TPzfP99430bo//FYevwX6vp/9Ymuk99906j+lfX/oTw1ULySn/9uYaUNXMtnBwAAAP8Vaf4d+CQdnE+n6eBg9Tv8u2NbOjk1PfP4sal3To9XvyvfF5W0fNLVW/M8dDiZLf5iNT9SPCsu9x8snht/0vW/PD84NjU53ubYodNtbzD+M793tbt1wLpbah1tpKcNDQFarn78p4uzF19t+M7f1qdBQMv4vTZ0rluM/4XpwD/r3xagtVz/oXMtjP/P5lMX68pYC4DNyfUfOteKx781Qdh0XP+hcxn/0JHW8rv+liUqW6uN3SjtkZg+dz7SDdEMiXVKLHGy+Dpt9ekJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzf4NAAD//7Rs7dg=")
syz_open_dev$char_usb(0xc, 0xb4, 0x7)

2.417459161s ago: executing program 2 (id=4570):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = io_uring_setup(0x79bf, 0x0)
listen(0xffffffffffffffff, 0x0)
accept4$x25(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[], 0x50)
socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
socket$inet6(0xa, 0x3, 0xff)
r3 = socket(0x10, 0x3, 0x6)
r4 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xffff, 0xffff}}}, 0x24}}, 0x20000000)

2.367342042s ago: executing program 2 (id=4571):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x4000, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000580)='qgroup_meta_reserve\x00', r2}, 0x18)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
r4 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000400)={{r3}, 0x1, &(0x7f0000000240)=[0x4], 0x2, 0xa, 0x1})
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r5 = inotify_init1(0x800)
fcntl$setstatus(r4, 0x4, 0x2c00)
r6 = gettid()
fcntl$setown(r4, 0x8, r6)
fcntl$setsig(r5, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0x800)
rmdir(0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

1.651912566s ago: executing program 1 (id=4579):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000280)='writeback_bdi_register\x00', r1}, 0x18)
r2 = socket(0x80000000000000a, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000080010000400000007"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2000cc0, r3}, 0x38)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f00000008c0)={0x0, {{0xa, 0x4e21, 0x4, @mcast2, 0x8b}}, {{0xa, 0x4e21, 0xc962, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x4}}}, 0x108)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
fsetxattr$security_capability(r4, &(0x7f0000000040), &(0x7f0000000200)=@v3={0x3000000, [{0xffffff80, 0x2d}, {0x8, 0x4}]}, 0x18, 0x2)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={r4, 0x20, &(0x7f0000000080)={&(0x7f0000000000)=""/112, 0x70, 0x0, &(0x7f0000000180)=""/68, 0x44}}, 0x10)

1.572898218s ago: executing program 1 (id=4580):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffd3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
read$snapshot(r1, 0x0, 0xffffffbf)
read$watch_queue(r1, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

1.382803121s ago: executing program 3 (id=4581):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180300000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r1, 0x0, r3, 0x0, 0x88000cc, 0x1000000000000000)
fcntl$setpipe(r2, 0x407, 0x100004)
write$eventfd(r2, &(0x7f0000000240), 0xffffff14)

1.068087768s ago: executing program 5 (id=4582):
syz_read_part_table(0x5b2, &(0x7f00000005c0)="$eJzs0z9Lc3cUAOCTtOH2LbUJRXBoB8GMtgU76JBARWLI0ojY4tDOxcEOlg4OoqhDJ1u/QMV/i4t0LAhdihZEIU7iKH4BxcUpxeS2BHEQVOorzzPk5PzOuTm5nHuDt1o2/ky/NZOISKIrTZPOroU7J7nW55v4eqcyWusdGx6fiMjEtxFR+eSDVi3T+asR8Xua19O8lgw01g9HrnYKR30nB8XNbFrfy7anTZ9v5VsH368+/U3zauyW9/NLyzPVldny1Gl17uKLeL9dGNwozX/TU5pMH6y9dvzjuecXG0Pbx836ZRQ6XoLb9+CpB/Mi3N3/Wvfi2eLNV5n46fP+j87+mv81fQauM//3PwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF673TeRX1qeqa7Mlqd+/Dniu81PKx//UvlhdXCjNJ/0lCaz7b697L2Xv/vo+eX9/+YvVOcuio2h7eNm/fK3rs9yB42bgb/Tvv7MYyfxEqX7j9v9n1bnLta6F9/7t9bs2Pm1/QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1QZrfWODY9PRGRa+Ui2kLuNzaRdz6R9uTTW0/NaMtBYPxy52ikc9Z0cFDfHkuhtXZeNWIiI6fOtfMSX9418px0+fNb74mH+CQAA//+X4HWC")
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=<r4=>r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r3, 0x0, 0x5}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x0)
sendmsg$inet_sctp(r0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001007f00000108000200000000000c00028005000100010000000c001980080001000d"], 0x44}}, 0x0)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180400000000000000000000000000001801000069"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000c40)=ANY=[@ANYRESHEX=r3, @ANYRES8=r4, @ANYRES64], &(0x7f00000001c0)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
r8 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
read$ptp(r8, 0x0, 0x0)

949.268041ms ago: executing program 5 (id=4583):
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

928.032191ms ago: executing program 5 (id=4584):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000074000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d300012802c0001800a0001006c696d69740000001c0002800c00024000000002000010000c000140000000000000000108000340000001"], 0xbc}}, 0x20050800)
ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x4b67, &(0x7f0000000180))

912.108371ms ago: executing program 5 (id=4585):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)=@generic={&(0x7f0000000040)='./file0\x00'}, 0x18)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = getpid()
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x38, 0x24, 0xd0f, 0x4703d2d, 0xfffffffd, {0x60, 0x0, 0x0, r3, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x38}, 0x1, 0xf2ffffffffff, 0x0, 0x24000040}, 0x44080)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_rr_get_interval(r0, &(0x7f00000002c0))
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f00000037c0)='posixacl\x00', 0x0, 0x0)
pivot_root(&(0x7f00000001c0)='.\x00', &(0x7f0000002080)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')

851.970592ms ago: executing program 5 (id=4586):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYRES16], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x31}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r1}, 0x10)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040))
r3 = syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x20000)
read$usbmon(r3, 0x0, 0x0)
ioctl$MON_IOCX_GET(r3, 0x40189206, 0x0)
pwritev2(r2, &(0x7f0000000200), 0x0, 0x100, 0x1, 0x18)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)

842.605663ms ago: executing program 2 (id=4587):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000040", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x10, 0x1, 0x70bd27, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}]}, 0x2c}}, 0x0)

782.238214ms ago: executing program 2 (id=4590):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000ed741e15f5c67bf0ec9a8ccfa2776894cbef98c2290d342df80037a6494a868a0000a799806ee15357f9fed75b28d7abfce6d115484cdb38bb59543cf60902f29e5015411d0ffc280d3054ea5733448104c41f11c4fb566ee5c58a51dc76cc4240c39023eaa35fc84bd35dc208576a23e196ffbba80199"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f00000001c0)={'ip_vti0\x00', <r4=>0x0, 0x8, 0x7, 0x4, 0x4, {{0x7, 0x4, 0x3, 0x3, 0x1c, 0x67, 0x0, 0x5, 0x0, 0x0, @broadcast, @private=0xa010101, {[@rr={0x7, 0x7, 0xc1, [@rand_addr=0x2]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000240)={'sit0\x00', <r5=>0x0, 0xff79, 0x8, 0x2, 0x80, {{0x6, 0x4, 0x3, 0x0, 0x18, 0x66, 0x0, 0x7, 0x2f, 0x0, @rand_addr=0x64010101, @broadcast, {[@end]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000003c0)={'gretap0\x00', &(0x7f00000002c0)={'erspan0\x00', <r6=>0x0, 0x8, 0x40, 0x100, 0x7fff, {{0xa, 0x4, 0x1, 0x4, 0x28, 0x66, 0x0, 0x8, 0x4, 0x0, @private=0xa010102, @private=0xa010100, {[@generic={0x88, 0x12, "51b3c3de6f27e2f1dae98d17c7b306f1"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'ip6_vti0\x00', <r7=>0x0, 0x2f, 0x14, 0xe, 0x9, 0x8, @mcast2, @private2, 0x40, 0x700, 0xffffbd37}})
r8 = socket$inet6(0xa, 0x2, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f0000000180)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r10, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r10}]}}}]}, 0x3c}}, 0x4000010)
sendmmsg$inet(r8, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r10, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2020080}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)={0x124, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x120df304842816d6}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4000000}, 0x8010)
setsockopt$MRT6_ADD_MIF(r9, 0x29, 0xca, &(0x7f0000000780)={0x0, 0x0, 0x1, r6, 0xd}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r11 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r12 = socket$nl_route(0x10, 0x3, 0x0)
r13 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000240)={'veth0_to_bridge\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r14, {0x0, 0x5}, {0xfff1, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@deltfilter={0x2c, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r14, {0xfff3, 0x8}, {0xfff2, 0xffff}, {0x0, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffffa}]}, 0x2c}}, 0x20044800)
ioctl$USBDEVFS_CONTROL(r11, 0xc0105500, &(0x7f0000000040)={0x60, 0x15, 0x2, 0x3, 0x0, 0x7, 0x0})

696.019485ms ago: executing program 2 (id=4591):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x97a3}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

695.493606ms ago: executing program 1 (id=4592):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0xa8bc32dafc1846ed, &(0x7f00000002c0)={[], [{@appraise}, {@fowner_lt}]}, 0x3, 0x4c1, &(0x7f0000000b80)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLocymU/AmlEGjfSyktoU3Shz60VZF81SSubMvEshLr84Hje8+9V/5+j4SOdO656AbQsU5FxFhEdEXE2YjoT7dn0hJr66V63IP7tyarJYlK5dqXSSTptvr/StLlkfRhvRHxr39E/Df5adzSyurcRKGQX0rrufL8Yq60snpudn5iJj+TXxgbGb44emn0wujQrrX18t8+e+WFt/5++f0/3vhk/Isz/6um1Zfue7wdzVhr8rj1pvfUnou67ohY2kmwZ1hX2p6edicCAEBTqt/xfx4Rv42Ih6+3OxsAAACgFSp/6Ytvk4gKAAAAsG9latfAJplsei1AX2Qy2ez6Nby/jMOZQrFU/sN0cXlhav1a2YHoyUzPFvJD6bXCA9GTVOvDtfVH9fMb6iMRcSwiXuo/VKtnJ4uFqXaf/AAAAIAOcWTD+P/r/vXxPwAAALDPDLQ7AQAAAKDljP8BAABg/9t0/J90720iAAAAQCv888qVaqnU7389dX1lea54/dxUvjSXnV+ezE4WlxazM8XiTO03++a3+3+FYnHxT7GwfDNXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAYO8d+82dj5OIWPvzoVqpOpDua2KsPtba7IBWyuzs8KRVeQB7r6vdCQBt4wJf6Fzm44FtBvYvb6jv8LQBAADwLBj81VPN/5sPhOeYgTx0LvP/0LnM/0PnMv8PHe7g9of0brbjg13OBQAAaJm+Wkky2XQusC8ymWw24mjttgA9yfRsIT8UET+LiI/6ew5W68PtThoAAAAAAAAAAAAAAAAAAAAAAAAAnjOVShIVAAAAYF+LyHyepDfyH+w/3bfx/MCB5Jv+2jIibrxx7dWbE+Xy0nB1+1c/bi+/lm4/344zGAAAAMBG9XF6fRwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvpwf1bk/Wyl3Hv/TUiBhrF747e2rL33f6IOPwwie7HHpdERNcuxF+7HRHHG8VPqmnFQJrFxviZiDjU5vhHdiE+dLI71f5nrNH7LxOnasvG77/utDyte6c26/8y9f6v1s816v+ONhnjxN13cpvGvx1xortx/1OPnzxl//uff6+ubrav8mbEYMPPn+SJWLny/GKutLJ6bnZ+YiY/k18YGRm+OHpp9MLoUG56tpBP/zaM8eKv3/t+q/Yf3iT+wDbtP91k+7+7e/P+L7aIf+Z3jV//41vErz73v08/B6r7B+vra+vrjzv59ocnt2r/1Cbt3+71P9Nk+89e/f+nTR4KAOyB0srq3EShkF+yYsXK/lu5mr7Rd/zwNndMAADArnv0pb/dmQAAAAAAAAAAAAAAAAAAAEDnavmPkB188pcFetvXVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf0QAAD//9sy0wA=")
r0 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000100)}, 0x10)
socket$netlink(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f6873720000"], 0xfc}}, 0x0)
r7 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r7, 0x58, &(0x7f0000000340)}, 0x10)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)={0x74, 0x7, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x9}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x7f}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xd62}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x41}, 0x48000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601060000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

645.185006ms ago: executing program 1 (id=4593):
syz_read_part_table(0x5b2, &(0x7f00000005c0)="$eJzs0z9Lc3cUAOCTtOH2LbUJRXBoB8GMtgU76JBARWLI0ojY4tDOxcEOlg4OoqhDJ1u/QMV/i4t0LAhdihZEIU7iKH4BxcUpxeS2BHEQVOorzzPk5PzOuTm5nHuDt1o2/ky/NZOISKIrTZPOroU7J7nW55v4eqcyWusdGx6fiMjEtxFR+eSDVi3T+asR8Xua19O8lgw01g9HrnYKR30nB8XNbFrfy7anTZ9v5VsH368+/U3zauyW9/NLyzPVldny1Gl17uKLeL9dGNwozX/TU5pMH6y9dvzjuecXG0Pbx836ZRQ6XoLb9+CpB/Mi3N3/Wvfi2eLNV5n46fP+j87+mv81fQauM//3PwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF673TeRX1qeqa7Mlqd+/Dniu81PKx//UvlhdXCjNJ/0lCaz7b697L2Xv/vo+eX9/+YvVOcuio2h7eNm/fK3rs9yB42bgb/Tvv7MYyfxEqX7j9v9n1bnLta6F9/7t9bs2Pm1/QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1QZrfWODY9PRGRa+Ui2kLuNzaRdz6R9uTTW0/NaMtBYPxy52ikc9Z0cFDfHkuhtXZeNWIiI6fOtfMSX9418px0+fNb74mH+CQAA//+X4HWC")
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r2, 0x0, 0x5}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0)
sendmsg$inet_sctp(r0, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001007f00000108000200000000000c00028005000100010000000c001980080001000d"], 0x44}}, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180400000000000000000000000000001801000069"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000c40)=ANY=[@ANYRESHEX=r2, @ANYRES8, @ANYRES64], &(0x7f00000001c0)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
r6 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
read$ptp(r6, 0x0, 0x0)

612.518577ms ago: executing program 2 (id=4595):
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000200)='./file0\x00')
chmod(&(0x7f0000000000)='./file0/file0\x00', 0x3ec)
lchown(&(0x7f00000001c0)='./file0\x00', 0xee00, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000380)=@gcm_256={{0x304}, "52a8b434bf319568", "45506259d44b009edfacc61e6f5f58ea2a1114bd3bada93ca6fb5992f90f8e4d", "a20f056c", "7e48d891ab187e2e"}, 0x38)
write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000600)=0x40)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0xc2f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_io_uring_setup(0x647e, &(0x7f0000000440)={0x0, 0x0, 0x10100, 0x5, 0xfffffffd}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}})
io_uring_enter(r4, 0x5b43, 0x0, 0x0, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x4e21, 0x5c14d826, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}]}, &(0x7f0000000280)=0x10)
shutdown(r1, 0x0)

549.498398ms ago: executing program 1 (id=4596):
io_setup(0x7, &(0x7f0000000600)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x400000}])
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r5, &(0x7f0000001400)=""/4076, 0xfffffeea)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000938500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x1ffffffffffffffd}, 0x18)
r7 = add_key$keyring(&(0x7f0000000500), &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000380)=@urb_type_interrupt={0x1, {}, 0x200, 0x82, &(0x7f0000000340)="981984afd80ee5cab63ee5f86a4fdf435b941008e21c47", 0x17, 0xb, 0x401, 0x0, 0x80, 0x3, &(0x7f0000000580)="27af22818e035ec1a41b70431310cd65725c5598c0bb8edd338f1de413793f3fcee56dd93983dc02c342e5ee7c5613333b27b1f5c4f1e616a8bd156fd04829e6d2b655acb9067f851bc8df0bcd37cfb004e134f8318c00cb971b1c"})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', 0x0, 0x2})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r8, 0x0, 0x1, 0x4)
ioctl$sock_inet_udp_SIOCINQ(r8, 0x541b, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
setxattr$incfs_metadata(&(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000740), 0x0, 0x0, 0x0)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
io_submit(0x0, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x4e}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4, 0x6, r3, &(0x7f00000001c0)='m', 0x1, 0x1}])

507.908859ms ago: executing program 3 (id=4597):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x4000, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000580)='qgroup_meta_reserve\x00', r2}, 0x18)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
r4 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000400)={{r3}, 0x1, &(0x7f0000000240)=[0x4], 0x2, 0xa, 0x1})
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r5 = inotify_init1(0x800)
fcntl$setstatus(r4, 0x4, 0x2c00)
r6 = gettid()
fcntl$setown(r4, 0x8, r6)
fcntl$setsig(r5, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0x800)
rmdir(0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

505.09962ms ago: executing program 0 (id=4598):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a500000008000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) (fail_nth: 8)

444.87386ms ago: executing program 0 (id=4599):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb01001800000000000000730000007300000005000000070000000400000f0300000002000000040000000400000002000000000000000100000002000000000000000300000002000000010000000300000024f9f30e0000000000000700000000000000000200000d001dc9e0e2000000040000000c000000010000000a0000000000000804000000000030613000b6b8190bc0bb0784f99f42a3ba9afbd61cec292271df6190ce5a905ce5d2a40d000000000000005a6bbfaca078223b26fd455cc15667109d08241a00a79fb8630efd5c6a6eaa1959d8c0c496d639099f5a3b4634191c83e7547e7cb9b2d54d2913112bef12654abb60b2cfcef753dde65b68f86c86901f6ab9476b5510aa65960662ab4851ef032f1487b657e08e75ab2320077522ae91a23b8facc60d10157bb9830c24f2d7e9cb7eed02faa6684ad2554fe90a227a80dbdfdb7b55f62cf42e1851792859c424d2613962ebc3a27ff74dd200e87b7c446102e3e348c2eeca4909a07610f3b9584b273337e9c2c3bd7841e1648aede05bd6ca3920c5af68faf56f4bb7e6ebd8aa000050fb938090772c5dbf9e125ead74a0be3c2dca0540d0c57d76e49cac90902e8be99448aefb50e7b3edb6d70c17fd89154156d6a9fab5d21852b81e7ffa59e57599c328d955f638e170307e101851f64a3789c08157b5dfd8cb14cd0592b2fe779c2510dab8bd20daf168867d65"], &(0x7f0000000200)=""/205, 0x91, 0xcd, 0x2, 0x7}, 0x28)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000bc0000000000000000030000850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x2, r0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x80000}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)

444.497301ms ago: executing program 0 (id=4600):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000040", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x10, 0x1, 0x70bd27, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}]}, 0x2c}}, 0x0)

444.037141ms ago: executing program 0 (id=4601):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x97a3}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

380.764012ms ago: executing program 1 (id=4602):
r0 = perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1e37cf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x200, 0x0, 0x7, 0x8, 0x100}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0900000004000000ff0f000005", @ANYRES32=r0], 0x48)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0x7, 0xd, 0x0, 0xffdffffc, 0x6, "00001000"})
write$binfmt_aout(r2, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r3 = syz_open_pts(r2, 0x0)
r4 = dup3(r3, r2, 0x0)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_GET(r4, &(0x7f0000000400)={&(0x7f0000000280), 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fef442a75b6af916920000", @ANYRES16=r5, @ANYBLOB="200027bd7000fbdbdf2512000000140003800800020004000000080001000700000060000280080001000400000008000100c805000014000380080001009a03000008000200090000002400038008000100090000000800020001000100080001000200000008000200adaa0000040004000c00038008000100090000000400038014000980080001000900000008000200050000002c0002800800010008000000080002002c0000000c00038008000100030000000400040008000100070000000c0002800800020000010000"], 0xd4}, 0x1, 0x0, 0x0, 0x801}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000800)='./file0\x00', 0x800, &(0x7f0000000f80)=ANY=[@ANYBLOB="757466382c6869646500757466383a0176558a0bca7c0a5fba6a2c6f76657272696465726f636b7065726d2c6d61703d6f66662c6d61703d6e6f726d616c4173657373696f6e3d30783030303030303030303030b6303033372c756e686964652c756e686964652c6f76657272696465726f636b7065726d2c6d61703d6f66662c6d61703d6e6f726d616c2c6e6f726f636b2c00"], 0x2, 0x6b1, &(0x7f0000001100)="$eJzs3V1vG1kdx/HfOI7jZqFaAaqqqg+nLSulorhjZ5sqKhJrxuNkwPZYMw5qJKRV2Sarqk4X2iLR3Cy54UFa3gDihgu44EUgcb3vghsE0grukJYLr+bJseOnuuu2u9vvJ9r1eM5/zvnPjOu/JvEcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHJqtl221PBaO3fMZE4t8Jvp8v97o+1Jb8u6lixcmzmuZEX/qVjU2WTV2W8dN5+J/ndF55Nn51WMHoo6fOPMm7e/mc9l209J+Hlo3g4fPz18cLfb3Xv0DLFLmrv7V0m5bOlUek7GBG25LS/0vWZ1yzVe6JvNjQ37xnY9NHWv4Ya7YcdtGidwcx0/MGvONVPe3Fw3bmnX32lt1aoNN1t567sV294wP1xJTrSkUuhse42G19qKY6LmKOaW+egnSYBbbRqzf7+7tz5rT6Kg8rMEVWYFVexKpVyuVMobNzdv3rLt/OCKnKS8HbHsPo1ssvAXLb5kFvPGDSxALqr//7CkhopqaUd3ZMb+OKopkK/mhPZUVv/fuuFOHXew/mdV/qz0/bT5nOL6fzF5dnFS/Z+Qi5GJNxjXYk1YP9/PcpyR0WM91aEe6K666mpPjxbQt5G5tJBeXsLPlly15CmUL09NVbWlP39d6RqjTW1oQ7be1bbqCmVUl6eGXIXaVaiO3PgV5SiQq6o68hXIaE2OrsmorE1tal1Grkrala8dtbSlmqr6X6/X29f9+LivT8lRWVB5QsDKYFBlSk/DxfyPyur/Tz9MXqd23j6B+v96SV4HK8nDx9NigC+AXnr9Pyg3e7NLLy4jAAAAAACwaFb823cr/tv9BUk91b2Ga7/qtAAAAAAAwAJZ6q3ovKzo+l/SBVlc/wMAAAAA8FVjxffYWZJW4w/1W8d3Qj3LLwGWXkKKAAAAAADgc4rv/L9YkHrxpBWXZM11/Q8AAAAAAL4Efjswx34+m2O3l/1ZPycpbK9Yf/vPioJl66h959vWQTVqqR6kMZ+e7LFTP2edTifqjR8KkuJnjnveOp9MjplOgtmfd/CT/Vlz/VvBiQQKS4MdTEjAikbeyKfP9JEuJ5tcTueZv3eYU9ySjLJa9xpuyfEbt8uqVk/nOu6dzi8e3v+lFPQ/6bB/v7tXeu+D7r04l6No1dFB1OmHQ+nkxh+M41yexPMtxPdcjNvjU6pnQ/6u1Vy14nHtbP+XVD3IDQ407QQcj/lrXVH8qY0rq0ns6mF/xv1o/4vR/pdL8Skb2vtg2TrOonxyz8ediAlZFOMsriYxV9euqvLPZLl/FnJW8TtLUqU0eg6GsqgMZjH7WFj/HTkWA1nED1nLwLFYj7L4e9TRhCzW58ti5IwAwKuyrwuK34UuKJ7EvF+FimndzcpD9qb2XHVndnV/Z7i6P/lDrxdvsCTl079NTB2lqOgdfc2K61Ah2aX8uTHv6HZaV4qa8I5uf47qFo311+PvQErTHsni016vd7scj/v7E1X1T0PDjYwbNipL0SG88eTgZ/EE+JH3997fe1iprG/Yb9v2zYqW491IH5ZE7QEAjJj9HTszI6y3dTmJuHzv328lS0MV7xv9jxSU9J4+UFf3dD37CoFL43tdHfgYwvXkqlUDV63mzJu34++lG44t6/rEq7q4lg7EVvqxy8o2Ga7Ux7HrL/gsAADwcl2ZUYfH1//iUP2/rrUkYu3c2Ovu4VqeXh33L+knxZZnJ//Ooo8GAACvBzf4xFrt/MYKAq/9bnlzs1ztbLsm8J0fmcCrbbnGa3XcwNmutrZc0w78ju/4DdMOtOLV3NCEO+22H3RM3Q9M2w+9O/E3v5v0q99Dt1ltdTwnbDfcaugax291qk7H1LzQMe2dHzS8cNsN4o3Dtut4dc+pdjy/ZUJ/J3DckjGh6w4EejW31fHqXrTYMu3Aa1aDXfNjv7HTdE3NDZ3Aa3f8pMNsLK9V94Nm3G0p3xv3eQEAAF47j58ePrjb7e49OrlwKro0T9YcaULM6EJBj59GV+XRmnzaxBxBAAB8wRwX8Dk2Kr7AhAAAAAAAAAAAAAAAAAAAAAAAwIjZt/TNubA87mZBqb/m56fTNfqVjm8xHOnH0qITm2chN+9W2S0Rhw8+nhRT0N1T/TXZ4R+MOXppO/ivr0lvxGuUrMkvfqxTU07ui1j43n5yRCfGRI1jm1b65yL/HP8cCpoZ8/AvE5p6vV5v+hArw8ewMLSDuWmD5iU9Ksx9CgojL1EAX1WfBQAA//843TOC")
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f00000006c0), 0x9, r1}, 0x38)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setreuid(0xee01, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x15, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r9, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000bc0)={0x2bc, 0x17, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x880}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x80000000}]}, @NFTA_FLOWTABLE_HOOK={0x68, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'macsec0\x00'}, {0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xffffffff}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xffff}]}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfff}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HOOK={0x204, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0xa4, 0x3, 0x0, 0x1, [{0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'hsr0\x00'}, {0x14, 0x1, 'team_slave_1\x00'}, {0x14, 0x1, 'gre0\x00'}, {0x14, 0x1, 'syzkaller1\x00'}, {0x14, 0x1, 'ip6_vti0\x00'}, {0x14, 0x1, 'bond_slave_1\x00'}, {0x14, 0x1, 'lo\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0xcc, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'ip_vti0\x00'}, {0x14, 0x1, 'ipvlan0\x00'}, {0x14, 0x1, 'netdevsim0\x00'}, {0x14, 0x1, 'caif0\x00'}, {0x14, 0x1, 'wg0\x00'}, {0x14, 0x1, 'ipvlan0\x00'}, {0x14, 0x1, 'wg0\x00'}, {0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6882}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'macvlan0\x00'}, {0x14, 0x1, 'netdevsim0\x00'}, {0x14, 0x1, 'geneve1\x00'}, {0x14, 0x1, 'veth1_macvtap\x00'}, {0x14, 0x1, 'veth0_to_hsr\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x20004040)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8923, &(0x7f0000000040)={'bond0\x00', 0x1001})

333.603993ms ago: executing program 0 (id=4603):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'team_slave_0\x00', <r0=>0x0})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1c, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000200)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000380)={0x2, 0x4e25, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
sendmmsg(r3, &(0x7f0000006140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000740)="65c6d96326a838047976a77611d4c4ecc94b3585c42786716ad7c93fd3a228e9a1cd93801f5b4033ea9ae2b561128c2893aba2af73f86ac4a65917672e186b297cada86c7b329c4831efa7d660040c757e6ce437d7853ac2cca9605a2e18bf6529e94453fac161511f4483dc8b5294583cc78cd79fb68fb57bd8697ac1639517070e92cd2d36932b0e26cf8fdd87e817f08f7d937282c63371e22e43e8ab5c2b3d851d147f260004a12512be6e3b6b48a430a4e4747a28d766c634658499181a54867295ad5496ef6eed69b0da6b885004a5bc869e090798f4a1139e098f282ab4aefc8a67fe2087e1eadd30c54f4c87b1fb7a", 0xf3}, {&(0x7f00000002c0)="b16b5d1ddcad4b5eedb9593060ada4a1778939f40388ef540871ce291c1010f3310edf7028093cf8709632cad4866d5e448d5385c80db3518564b1194247acfb3b463ee97c794123a991311e51e1790748a23c3301974b905bbd18b3e54cb3cc90c180fba7461df205130349d430083d2c66", 0x72}], 0x2}}], 0x1, 0x4000)
close(r3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r4, 0x0, 0xfffffffffffffffe}, 0x18)
r5 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x4002, 0x0, 0x3, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000180)='cpu>=0|&!')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000740)={'veth0_virt_wifi\x00', &(0x7f00000006c0)=@ethtool_gstrings={0x1b, 0x5}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r7}, 0x10)
listen(0xffffffffffffffff, 0x8)
write(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x110, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xfc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x5, 0x0, 0x3, 0x1000, {0x0, 0x2, 0x0, 0x0, 0x5}, {0x2, 0x0, 0xff, 0x0, 0x2}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffff7}}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0x44, 0x3, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3ff, 0x9, 0x2, 0x7, 0x3}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x110}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r9)

281.992304ms ago: executing program 0 (id=4604):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0xa8bc32dafc1846ed, &(0x7f00000002c0)={[], [{@appraise}, {@fowner_lt}]}, 0x3, 0x4c1, &(0x7f0000000b80)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLocymU/AmlEGjfSyktoU3Shz60VZF81SSubMvEshLr84Hje8+9V/5+j4SOdO656AbQsU5FxFhEdEXE2YjoT7dn0hJr66V63IP7tyarJYlK5dqXSSTptvr/StLlkfRhvRHxr39E/Df5adzSyurcRKGQX0rrufL8Yq60snpudn5iJj+TXxgbGb44emn0wujQrrX18t8+e+WFt/5++f0/3vhk/Isz/6um1Zfue7wdzVhr8rj1pvfUnou67ohY2kmwZ1hX2p6edicCAEBTqt/xfx4Rv42Ih6+3OxsAAACgFSp/6Ytvk4gKAAAAsG9latfAJplsei1AX2Qy2ez6Nby/jMOZQrFU/sN0cXlhav1a2YHoyUzPFvJD6bXCA9GTVOvDtfVH9fMb6iMRcSwiXuo/VKtnJ4uFqXaf/AAAAIAOcWTD+P/r/vXxPwAAALDPDLQ7AQAAAKDljP8BAABg/9t0/J90720iAAAAQCv888qVaqnU7389dX1lea54/dxUvjSXnV+ezE4WlxazM8XiTO03++a3+3+FYnHxT7GwfDNXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAYO8d+82dj5OIWPvzoVqpOpDua2KsPtba7IBWyuzs8KRVeQB7r6vdCQBt4wJf6Fzm44FtBvYvb6jv8LQBAADwLBj81VPN/5sPhOeYgTx0LvP/0LnM/0PnMv8PHe7g9of0brbjg13OBQAAaJm+Wkky2XQusC8ymWw24mjttgA9yfRsIT8UET+LiI/6ew5W68PtThoAAAAAAAAAAAAAAAAAAAAAAAAAnjOVShIVAAAAYF+LyHyepDfyH+w/3bfx/MCB5Jv+2jIibrxx7dWbE+Xy0nB1+1c/bi+/lm4/344zGAAAAMBG9XF6fRwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvpwf1bk/Wyl3Hv/TUiBhrF747e2rL33f6IOPwwie7HHpdERNcuxF+7HRHHG8VPqmnFQJrFxviZiDjU5vhHdiE+dLI71f5nrNH7LxOnasvG77/utDyte6c26/8y9f6v1s816v+ONhnjxN13cpvGvx1xortx/1OPnzxl//uff6+ubrav8mbEYMPPn+SJWLny/GKutLJ6bnZ+YiY/k18YGRm+OHpp9MLoUG56tpBP/zaM8eKv3/t+q/Yf3iT+wDbtP91k+7+7e/P+L7aIf+Z3jV//41vErz73v08/B6r7B+vra+vrjzv59ocnt2r/1Cbt3+71P9Nk+89e/f+nTR4KAOyB0srq3EShkF+yYsXK/lu5mr7Rd/zwNndMAADArnv0pb/dmQAAAAAAAAAAAAAAAAAAAEDnavmPkB188pcFetvXVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf0QAAD//9sy0wA=")
r0 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000100)}, 0x10)
socket$netlink(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100003020702500000000002020207b1af8ff00000000bfa1000000000000070100003affffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f6873720000"], 0xfc}}, 0x0)
r7 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r7, 0x58, &(0x7f0000000340)}, 0x10)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)={0x74, 0x7, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x9}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x7f}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xd62}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x41}, 0x48000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601060000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

0s ago: executing program 5 (id=4605):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000380)={[{@noauto_da_alloc}]}, 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
pwrite64(r1, &(0x7f0000000140)='2', 0xfcd1, 0xfecc)
fallocate(r0, 0x0, 0xbf5, 0x2000402)
r2 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
fallocate(r2, 0x0, 0x0, 0x1001f0)
rseq(&(0x7f0000000080), 0x20, 0x0, 0x0)
read$nci(r2, &(0x7f0000000340)=""/43, 0x2b)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffdffffff})

kernel console output (not intermixed with test programs):

f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.560961][T14369] RSP: 002b:00007fb19f787038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  256.560993][T14369] RAX: ffffffffffffffda RBX: 00007fb1a0f65fa0 RCX: 00007fb1a0d1ec29
[  256.561011][T14369] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  256.561028][T14369] RBP: 00007fb1a0da1e41 R08: 0000000000000000 R09: 0000000000000000
[  256.561063][T14369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  256.561101][T14369] R13: 00007fb1a0f66038 R14: 00007fb1a0f65fa0 R15: 00007ffe7da7a2e8
[  256.561146][T14369]  </TASK>
[  256.561159][T14369] memory: usage 307200kB, limit 307200kB, failcnt 4270
[  256.618697][T14382] __nla_validate_parse: 12 callbacks suppressed
[  256.618719][T14382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4040'.
[  256.619749][T14369] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0
[  256.922438][T14369] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0
[  256.929894][T14369] Memory cgroup stats for /syz4:
[  256.932002][T14369] cache 4096
[  256.940250][T14369] rss 4096
[  256.943344][T14369] shmem 0
[  256.946333][T14369] mapped_file 4096
[  256.950241][T14369] dirty 0
[  256.953294][T14369] writeback 0
[  256.956588][T14369] workingset_refault_anon 1039
[  256.961375][T14369] workingset_refault_file 8578
[  256.966168][T14369] swap 204800
[  256.969528][T14369] swapcached 4096
[  256.973193][T14369] pgpgin 172806
[  256.976653][T14369] pgpgout 172804
[  256.980264][T14369] pgfault 262763
[  256.983845][T14369] pgmajfault 656
[  256.987416][T14369] inactive_anon 0
[  256.991108][T14369] active_anon 0
[  256.994602][T14369] inactive_file 0
[  256.998252][T14369] active_file 4096
[  257.002034][T14369] unevictable 0
[  257.005541][T14369] hierarchical_memory_limit 314572800
[  257.010929][T14369] hierarchical_memsw_limit 9223372036854771712
[  257.017156][T14369] total_cache 4096
[  257.020882][T14369] total_rss 4096
[  257.024509][T14369] total_shmem 0
[  257.027976][T14369] total_mapped_file 4096
[  257.032248][T14369] total_dirty 0
[  257.035710][T14369] total_writeback 0
[  257.039567][T14369] total_workingset_refault_anon 1039
[  257.044974][T14369] total_workingset_refault_file 8578
[  257.050272][T14369] total_swap 204800
[  257.054373][T14369] total_swapcached 4096
[  257.058547][T14369] total_pgpgin 172806
[  257.062666][T14369] total_pgpgout 172804
[  257.066739][T14369] total_pgfault 262763
[  257.070814][T14369] total_pgmajfault 656
[  257.074909][T14369] total_inactive_anon 0
[  257.079080][T14369] total_active_anon 0
[  257.083076][T14369] total_inactive_file 0
[  257.087235][T14369] total_active_file 4096
[  257.091491][T14369] total_unevictable 0
[  257.095509][T14369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4037,pid=14368,uid=0
[  257.110256][T14369] Memory cgroup out of memory: Killed process 14368 (syz.4.4037) total-vm:94024kB, anon-rss:1052kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  257.203537][T14394] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  257.232915][T14394] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  257.416137][T14413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4053'.
[  257.430665][T14407] loop4: detected capacity change from 0 to 1024
[  257.437373][T14407] EXT4-fs: Ignoring removed nobh option
[  257.445232][T14407] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  257.477619][T14407] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.4050: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  257.501826][T14407] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.4050: couldn't read orphan inode 11 (err -117)
[  257.515514][T14407] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.534124][T14407] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.4050: Invalid block bitmap block 0 in block_group 0
[  257.548389][T14407] __quota_error: 31 callbacks suppressed
[  257.548403][T14407] Quota error (device loop4): write_blk: dquota write failed
[  257.561527][T14407] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  257.576320][T14407] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.4050: Failed to acquire dquot type 0
[  257.603445][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.650870][T14424] loop4: detected capacity change from 0 to 512
[  257.663745][T14424] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.744272][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.832843][T14432] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4059'.
[  258.054252][T14387] syz.1.4043 (14387) used greatest stack depth: 6312 bytes left
[  258.114905][T14438] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  258.125495][T14438] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  258.340592][T14450] loop2: detected capacity change from 0 to 1024
[  258.390008][T14455] netlink: 'syz.4.4067': attribute type 5 has an invalid length.
[  258.430827][T14461] loop2: detected capacity change from 0 to 164
[  258.443295][T14461] Unable to read rock-ridge attributes
[  258.546491][T14470] loop4: detected capacity change from 0 to 2048
[  258.582161][T14470]  loop4: p1 p3 p4
[  258.587839][T14470] loop4: p4 size 589824 extends beyond EOD, truncated
[  258.676278][T14436] syz.1.4060 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  258.690574][T14436] CPU: 1 UID: 0 PID: 14436 Comm: syz.1.4060 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  258.690606][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  258.690623][T14436] Call Trace:
[  258.690632][T14436]  <TASK>
[  258.690642][T14436]  __dump_stack+0x1d/0x30
[  258.690671][T14436]  dump_stack_lvl+0xe8/0x140
[  258.690697][T14436]  dump_stack+0x15/0x1b
[  258.690751][T14436]  dump_header+0x81/0x220
[  258.690787][T14436]  oom_kill_process+0x342/0x400
[  258.690832][T14436]  out_of_memory+0x979/0xb80
[  258.690875][T14436]  try_charge_memcg+0x5e6/0x9e0
[  258.690984][T14436]  obj_cgroup_charge_pages+0xa6/0x150
[  258.691026][T14436]  __memcg_kmem_charge_page+0x9f/0x170
[  258.691068][T14436]  __alloc_frozen_pages_noprof+0x188/0x360
[  258.691158][T14436]  alloc_pages_mpol+0xb3/0x250
[  258.691220][T14436]  alloc_pages_noprof+0x90/0x130
[  258.691261][T14436]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  258.691391][T14436]  __kvmalloc_node_noprof+0x30f/0x4e0
[  258.691430][T14436]  ? ip_set_alloc+0x1f/0x30
[  258.691457][T14436]  ? ip_set_alloc+0x1f/0x30
[  258.691483][T14436]  ? __kmalloc_cache_noprof+0x189/0x320
[  258.691585][T14436]  ip_set_alloc+0x1f/0x30
[  258.691612][T14436]  hash_netiface_create+0x282/0x740
[  258.691648][T14436]  ? __pfx_hash_netiface_create+0x10/0x10
[  258.691680][T14436]  ip_set_create+0x3c9/0x960
[  258.691807][T14436]  ? __nla_parse+0x40/0x60
[  258.691844][T14436]  nfnetlink_rcv_msg+0x4c3/0x590
[  258.691900][T14436]  netlink_rcv_skb+0x123/0x220
[  258.691948][T14436]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  258.691974][T14436]  nfnetlink_rcv+0x16b/0x1690
[  258.691999][T14436]  ? nlmon_xmit+0x4f/0x60
[  258.692037][T14436]  ? consume_skb+0x49/0x150
[  258.692120][T14436]  ? nlmon_xmit+0x4f/0x60
[  258.692155][T14436]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  258.692302][T14436]  ? __dev_queue_xmit+0x1200/0x2000
[  258.692372][T14436]  ? __dev_queue_xmit+0x182/0x2000
[  258.692407][T14436]  ? ref_tracker_free+0x37d/0x3e0
[  258.692487][T14436]  ? __netlink_deliver_tap+0x4dc/0x500
[  258.692519][T14436]  netlink_unicast+0x5bd/0x690
[  258.692550][T14436]  netlink_sendmsg+0x58b/0x6b0
[  258.692587][T14436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  258.692660][T14436]  __sock_sendmsg+0x142/0x180
[  258.692734][T14436]  ____sys_sendmsg+0x31e/0x4e0
[  258.692850][T14436]  ___sys_sendmsg+0x17b/0x1d0
[  258.692975][T14436]  __x64_sys_sendmsg+0xd4/0x160
[  258.693016][T14436]  x64_sys_call+0x191e/0x2ff0
[  258.693043][T14436]  do_syscall_64+0xd2/0x200
[  258.693165][T14436]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  258.693196][T14436]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  258.693233][T14436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.693259][T14436] RIP: 0033:0x7fee4aa2ec29
[  258.693280][T14436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.693349][T14436] RSP: 002b:00007fee4948f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  258.693378][T14436] RAX: ffffffffffffffda RBX: 00007fee4ac75fa0 RCX: 00007fee4aa2ec29
[  258.693391][T14436] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  258.693404][T14436] RBP: 00007fee4aab1e41 R08: 0000000000000000 R09: 0000000000000000
[  258.693416][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  258.693428][T14436] R13: 00007fee4ac76038 R14: 00007fee4ac75fa0 R15: 00007ffd2527d9a8
[  258.693452][T14436]  </TASK>
[  259.023041][T14436] memory: usage 307200kB, limit 307200kB, failcnt 3359
[  259.030000][T14436] memory+swap: usage 307704kB, limit 9007199254740988kB, failcnt 0
[  259.038098][T14436] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0
[  259.045411][T14436] Memory cgroup stats for /syz1:
[  259.045863][T14436] cache 0
[  259.053783][T14436] rss 0
[  259.056578][T14436] shmem 0
[  259.059513][T14436] mapped_file 0
[  259.063013][T14436] dirty 0
[  259.065951][T14436] writeback 0
[  259.069267][T14436] workingset_refault_anon 1240
[  259.074061][T14436] workingset_refault_file 2522
[  259.078816][T14436] swap 516096
[  259.082158][T14436] swapcached 4096
[  259.085826][T14436] pgpgin 182205
[  259.089418][T14436] pgpgout 182204
[  259.092988][T14436] pgfault 293825
[  259.096590][T14436] pgmajfault 694
[  259.100223][T14436] inactive_anon 0
[  259.103864][T14436] active_anon 4096
[  259.107578][T14436] inactive_file 0
[  259.111208][T14436] active_file 0
[  259.114760][T14436] unevictable 0
[  259.118249][T14436] hierarchical_memory_limit 314572800
[  259.123675][T14436] hierarchical_memsw_limit 9223372036854771712
[  259.129827][T14436] total_cache 0
[  259.133334][T14436] total_rss 0
[  259.136615][T14436] total_shmem 0
[  259.140066][T14436] total_mapped_file 0
[  259.144262][T14436] total_dirty 0
[  259.147728][T14436] total_writeback 0
[  259.151529][T14436] total_workingset_refault_anon 1240
[  259.156876][T14436] total_workingset_refault_file 2522
[  259.162471][T14436] total_swap 516096
[  259.166283][T14436] total_swapcached 4096
[  259.170460][T14436] total_pgpgin 182205
[  259.174481][T14436] total_pgpgout 182204
[  259.178569][T14436] total_pgfault 293825
[  259.182667][T14436] total_pgmajfault 694
[  259.186757][T14436] total_inactive_anon 0
[  259.190978][T14436] total_active_anon 4096
[  259.195288][T14436] total_inactive_file 0
[  259.199511][T14436] total_active_file 0
[  259.203540][T14436] total_unevictable 0
[  259.207529][T14436] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4060,pid=14435,uid=0
[  259.222509][T14436] Memory cgroup out of memory: Killed process 14435 (syz.1.4060) total-vm:94024kB, anon-rss:1068kB, file-rss:22180kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  259.334457][T14482] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4074'.
[  259.370126][T14484] loop3: detected capacity change from 0 to 2048
[  259.402328][T14484]  loop3: p1 p3 p4
[  259.408109][T14484] loop3: p4 size 589824 extends beyond EOD, truncated
[  259.415753][T14486] loop4: detected capacity change from 0 to 512
[  259.453489][T14486] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.468145][T14488] loop1: detected capacity change from 0 to 1024
[  259.487969][T14488] EXT4-fs: Ignoring removed nobh option
[  259.513060][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.524944][T14488] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  259.546681][T14488] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #11: comm syz.1.4077: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  259.580598][T14488] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.4077: couldn't read orphan inode 11 (err -117)
[  259.595372][T14488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.629356][T14488] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.4077: Invalid block bitmap block 0 in block_group 0
[  259.653835][T14488] Quota error (device loop1): write_blk: dquota write failed
[  259.661279][T14488] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  259.673090][T14488] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.4077: Failed to acquire dquot type 0
[  259.702033][T11517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.050067][T14524] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  260.064389][T14494] syz.3.4079 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  260.078570][T14494] CPU: 1 UID: 0 PID: 14494 Comm: syz.3.4079 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  260.078612][T14494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  260.078631][T14494] Call Trace:
[  260.078644][T14494]  <TASK>
[  260.078655][T14494]  __dump_stack+0x1d/0x30
[  260.078683][T14494]  dump_stack_lvl+0xe8/0x140
[  260.078760][T14494]  dump_stack+0x15/0x1b
[  260.078777][T14494]  dump_header+0x81/0x220
[  260.078817][T14494]  oom_kill_process+0x342/0x400
[  260.078863][T14494]  out_of_memory+0x979/0xb80
[  260.078987][T14494]  try_charge_memcg+0x5e6/0x9e0
[  260.079025][T14494]  obj_cgroup_charge_pages+0xa6/0x150
[  260.079068][T14494]  __memcg_kmem_charge_page+0x9f/0x170
[  260.079144][T14494]  __alloc_frozen_pages_noprof+0x188/0x360
[  260.079231][T14494]  alloc_pages_mpol+0xb3/0x250
[  260.079265][T14494]  alloc_pages_noprof+0x90/0x130
[  260.079307][T14494]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  260.079392][T14494]  __kvmalloc_node_noprof+0x30f/0x4e0
[  260.079451][T14494]  ? ip_set_alloc+0x1f/0x30
[  260.079484][T14494]  ? ip_set_alloc+0x1f/0x30
[  260.079510][T14494]  ? __kmalloc_cache_noprof+0x189/0x320
[  260.079545][T14494]  ip_set_alloc+0x1f/0x30
[  260.079634][T14494]  hash_netiface_create+0x282/0x740
[  260.079660][T14494]  ? __pfx_hash_netiface_create+0x10/0x10
[  260.079683][T14494]  ip_set_create+0x3c9/0x960
[  260.079725][T14494]  ? __nla_parse+0x40/0x60
[  260.079762][T14494]  nfnetlink_rcv_msg+0x4c3/0x590
[  260.079812][T14494]  netlink_rcv_skb+0x123/0x220
[  260.079838][T14494]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  260.079899][T14494]  nfnetlink_rcv+0x16b/0x1690
[  260.079927][T14494]  ? nlmon_xmit+0x4f/0x60
[  260.080043][T14494]  ? consume_skb+0x49/0x150
[  260.080066][T14494]  ? nlmon_xmit+0x4f/0x60
[  260.080096][T14494]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  260.080131][T14494]  ? __dev_queue_xmit+0x1200/0x2000
[  260.080176][T14494]  ? __dev_queue_xmit+0x182/0x2000
[  260.080238][T14494]  ? ref_tracker_free+0x37d/0x3e0
[  260.080298][T14494]  ? __netlink_deliver_tap+0x4dc/0x500
[  260.080336][T14494]  netlink_unicast+0x5bd/0x690
[  260.080375][T14494]  netlink_sendmsg+0x58b/0x6b0
[  260.080411][T14494]  ? __pfx_netlink_sendmsg+0x10/0x10
[  260.080480][T14494]  __sock_sendmsg+0x142/0x180
[  260.080524][T14494]  ____sys_sendmsg+0x31e/0x4e0
[  260.080560][T14494]  ___sys_sendmsg+0x17b/0x1d0
[  260.080616][T14494]  __x64_sys_sendmsg+0xd4/0x160
[  260.080706][T14494]  x64_sys_call+0x191e/0x2ff0
[  260.080793][T14494]  do_syscall_64+0xd2/0x200
[  260.080835][T14494]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  260.080943][T14494]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  260.080975][T14494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.081000][T14494] RIP: 0033:0x7f8df48cec29
[  260.081082][T14494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.081107][T14494] RSP: 002b:00007f8df332f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  260.081128][T14494] RAX: ffffffffffffffda RBX: 00007f8df4b15fa0 RCX: 00007f8df48cec29
[  260.081142][T14494] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  260.081218][T14494] RBP: 00007f8df4951e41 R08: 0000000000000000 R09: 0000000000000000
[  260.081234][T14494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  260.081304][T14494] R13: 00007f8df4b16038 R14: 00007f8df4b15fa0 R15: 00007fff4b284e68
[  260.081327][T14494]  </TASK>
[  260.081336][T14494] memory: usage 307200kB, limit 307200kB, failcnt 3599
[  260.206151][T14526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4084'.
[  260.207300][T14494] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0
[  260.207321][T14494] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0
[  260.207389][T14494] Memory cgroup stats for /syz3:
[  260.207703][T14494] cache 0
[  260.451531][T14494] rss 0
[  260.454369][T14494] shmem 0
[  260.457300][T14494] mapped_file 0
[  260.460802][T14494] dirty 0
[  260.463843][T14494] writeback 0
[  260.467123][T14494] workingset_refault_anon 818
[  260.471805][T14494] workingset_refault_file 7662
[  260.476572][T14494] swap 204800
[  260.479849][T14494] swapcached 4096
[  260.483497][T14494] pgpgin 243949
[  260.486975][T14494] pgpgout 243945
[  260.490535][T14494] pgfault 332484
[  260.494239][T14494] pgmajfault 528
[  260.497782][T14494] inactive_anon 4096
[  260.501694][T14494] active_anon 0
[  260.505159][T14494] inactive_file 12288
[  260.509134][T14494] active_file 0
[  260.512607][T14494] unevictable 0
[  260.516113][T14494] hierarchical_memory_limit 314572800
[  260.521478][T14494] hierarchical_memsw_limit 9223372036854771712
[  260.527711][T14494] total_cache 0
[  260.531222][T14494] total_rss 0
[  260.534573][T14494] total_shmem 0
[  260.538057][T14494] total_mapped_file 0
[  260.542115][T14494] total_dirty 0
[  260.545617][T14494] total_writeback 0
[  260.549443][T14494] total_workingset_refault_anon 818
[  260.554698][T14494] total_workingset_refault_file 7662
[  260.559990][T14494] total_swap 204800
[  260.563838][T14494] total_swapcached 4096
[  260.568009][T14494] total_pgpgin 243949
[  260.572073][T14494] total_pgpgout 243945
[  260.576158][T14494] total_pgfault 332484
[  260.580246][T14494] total_pgmajfault 528
[  260.584095][T14531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4085'.
[  260.584370][T14494] total_inactive_anon 4096
[  260.597605][T14494] total_active_anon 0
[  260.601587][T14494] total_inactive_file 12288
[  260.606108][T14494] total_active_file 0
[  260.610098][T14494] total_unevictable 0
[  260.614104][T14494] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.4079,pid=14493,uid=0
[  260.628779][T14494] Memory cgroup out of memory: Killed process 14493 (syz.3.4079) total-vm:94024kB, anon-rss:1200kB, file-rss:22180kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  260.704824][T14537] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  260.716316][T14536] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  260.716327][T14537] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  260.775908][   T29] audit: type=1326 audit(260.721:4278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.1.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee4aa2ec29 code=0x7ffc0000
[  260.798834][   T29] audit: type=1326 audit(260.721:4279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.1.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee4aa2ec29 code=0x7ffc0000
[  260.827945][   T29] audit: type=1326 audit(260.801:4280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.1.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee4aa2ec29 code=0x7ffc0000
[  260.850970][   T29] audit: type=1326 audit(260.801:4281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.1.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee4aa2ec29 code=0x7ffc0000
[  260.874016][   T29] audit: type=1326 audit(260.801:4282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.1.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee4aa2ec29 code=0x7ffc0000
[  260.897677][   T29] audit: type=1326 audit(260.831:4283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14540 comm="syz.1.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee4aa2ec29 code=0x7ffc0000
[  260.946899][T14541] loop1: detected capacity change from 0 to 1764
[  261.012913][T14554] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  261.022735][T14554] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  261.042157][T14561] loop1: detected capacity change from 0 to 2048
[  261.056777][T14558] loop4: detected capacity change from 0 to 1024
[  261.063893][T14558] EXT4-fs: Ignoring removed nobh option
[  261.069941][T14558] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  261.081884][T14558] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.4097: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  261.089077][T14561]  loop1: p1 p3 p4
[  261.102409][T14558] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.4097: couldn't read orphan inode 11 (err -117)
[  261.105575][T14561] loop1: p4 size 589824 extends beyond EOD, truncated
[  261.116991][T14558] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.140829][T14558] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.4097: Invalid block bitmap block 0 in block_group 0
[  261.157400][T14558] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.4097: Failed to acquire dquot type 0
[  261.187385][T14568] netlink: 'syz.2.4100': attribute type 10 has an invalid length.
[  261.205414][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.230421][T14572] loop2: detected capacity change from 0 to 2048
[  261.252195][T14572]  loop2: p1 p3 p4
[  261.257027][T14572] loop2: p4 size 589824 extends beyond EOD, truncated
[  261.329465][T14581] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  261.487266][T14593] loop4: detected capacity change from 0 to 2048
[  261.532553][T14593]  loop4: p1 p3 p4
[  261.538252][T14593] loop4: p4 size 589824 extends beyond EOD, truncated
[  261.790559][T14598] FAULT_INJECTION: forcing a failure.
[  261.790559][T14598] name failslab, interval 1, probability 0, space 0, times 0
[  261.803327][T14598] CPU: 0 UID: 0 PID: 14598 Comm: syz.0.4112 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  261.803356][T14598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  261.803372][T14598] Call Trace:
[  261.803381][T14598]  <TASK>
[  261.803426][T14598]  __dump_stack+0x1d/0x30
[  261.803448][T14598]  dump_stack_lvl+0xe8/0x140
[  261.803467][T14598]  dump_stack+0x15/0x1b
[  261.803557][T14598]  should_fail_ex+0x265/0x280
[  261.803581][T14598]  should_failslab+0x8c/0xb0
[  261.803667][T14598]  kmem_cache_alloc_noprof+0x50/0x310
[  261.803700][T14598]  ? getname_kernel+0x3c/0x1f0
[  261.803729][T14598]  ? __pfx_resume_store+0x10/0x10
[  261.803811][T14598]  getname_kernel+0x3c/0x1f0
[  261.803847][T14598]  kern_path+0x23/0x130
[  261.803877][T14598]  ? __pfx_resume_store+0x10/0x10
[  261.803903][T14598]  lookup_bdev+0x66/0x150
[  261.804020][T14598]  resume_store+0x10b/0x3d0
[  261.804115][T14598]  ? x2apic_send_IPI_self+0x10/0x20
[  261.804189][T14598]  ? should_fail_ex+0xdb/0x280
[  261.804214][T14598]  ? __pfx_resume_store+0x10/0x10
[  261.804257][T14598]  kobj_attr_store+0x4a/0x70
[  261.804285][T14598]  ? __pfx_kobj_attr_store+0x10/0x10
[  261.804315][T14598]  sysfs_kf_write+0xfb/0x120
[  261.804357][T14598]  ? __pfx_sysfs_kf_write+0x10/0x10
[  261.804383][T14598]  kernfs_fop_write_iter+0x1e8/0x300
[  261.804427][T14598]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  261.804521][T14598]  vfs_write+0x527/0x960
[  261.804630][T14598]  ksys_write+0xda/0x1a0
[  261.804667][T14598]  __x64_sys_write+0x40/0x50
[  261.804697][T14598]  x64_sys_call+0x27fe/0x2ff0
[  261.804743][T14598]  do_syscall_64+0xd2/0x200
[  261.804794][T14598]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  261.804894][T14598]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  261.804925][T14598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.804946][T14598] RIP: 0033:0x7f843964ec29
[  261.804963][T14598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.805000][T14598] RSP: 002b:00007f84380af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  261.805024][T14598] RAX: ffffffffffffffda RBX: 00007f8439895fa0 RCX: 00007f843964ec29
[  261.805040][T14598] RDX: 0000000000000012 RSI: 0000200000000000 RDI: 0000000000000003
[  261.805056][T14598] RBP: 00007f84380af090 R08: 0000000000000000 R09: 0000000000000000
[  261.805070][T14598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.805086][T14598] R13: 00007f8439896038 R14: 00007f8439895fa0 R15: 00007fffa51e4ca8
[  261.805111][T14598]  </TASK>
[  262.060875][T14598] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  262.074488][T14578] syz.2.4104 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  262.085584][T14578] CPU: 0 UID: 0 PID: 14578 Comm: syz.2.4104 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  262.085624][T14578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  262.085641][T14578] Call Trace:
[  262.085709][T14578]  <TASK>
[  262.085717][T14578]  __dump_stack+0x1d/0x30
[  262.085739][T14578]  dump_stack_lvl+0xe8/0x140
[  262.085761][T14578]  dump_stack+0x15/0x1b
[  262.085777][T14578]  dump_header+0x81/0x220
[  262.085884][T14578]  oom_kill_process+0x342/0x400
[  262.085926][T14578]  out_of_memory+0x979/0xb80
[  262.085969][T14578]  try_charge_memcg+0x5e6/0x9e0
[  262.086008][T14578]  charge_memcg+0x51/0xc0
[  262.086085][T14578]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  262.086114][T14578]  __read_swap_cache_async+0x1df/0x350
[  262.086157][T14578]  swap_cluster_readahead+0x277/0x3e0
[  262.086212][T14578]  swapin_readahead+0xde/0x6f0
[  262.086245][T14578]  ? __filemap_get_folio+0x4f7/0x6b0
[  262.086268][T14578]  ? swap_cache_get_folio+0x77/0x200
[  262.086383][T14578]  do_swap_page+0x301/0x2430
[  262.086415][T14578]  ? css_rstat_updated+0xb7/0x240
[  262.086455][T14578]  ? __pfx_default_wake_function+0x10/0x10
[  262.086484][T14578]  handle_mm_fault+0x9a5/0x2c20
[  262.086535][T14578]  do_user_addr_fault+0x636/0x1090
[  262.086642][T14578]  ? fpregs_restore_userregs+0xe2/0x1d0
[  262.086704][T14578]  ? switch_fpu_return+0xe/0x20
[  262.086758][T14578]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  262.086790][T14578]  exc_page_fault+0x62/0xa0
[  262.086818][T14578]  asm_exc_page_fault+0x26/0x30
[  262.086869][T14578] RIP: 0033:0x7f1f812c565c
[  262.086921][T14578] Code: 66 0f 1f 44 00 00 69 3d 56 00 ea 00 e8 03 00 00 48 8d 1d 57 09 37 00 e8 32 95 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[  262.086943][T14578] RSP: 002b:00007ffc6e620eb0 EFLAGS: 00010283
[  262.086958][T14578] RAX: 0000000000000000 RBX: 00007f1f81637080 RCX: 0000000000000000
[  262.086971][T14578] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555564e7e808
[  262.086982][T14578] RBP: 00007f1f81637da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  262.087033][T14578] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000003ffd1
[  262.087048][T14578] R13: 00007f1f81636090 R14: ffffffffffffffff R15: 00007ffc6e620fc0
[  262.087068][T14578]  </TASK>
[  262.087075][T14578] memory: usage 307200kB, limit 307200kB, failcnt 6666
[  262.091864][T14599] siw: device registration error -23
[  262.096938][T14578] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0
[  262.113532][T14599] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4112'.
[  262.117594][T14578] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[  262.156691][T14601] loop3: detected capacity change from 0 to 512
[  262.161628][T14578] Memory cgroup stats for /syz2:
[  262.170789][T14598] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 649
[  262.175007][T14603] netlink: 'syz.1.4114': attribute type 10 has an invalid length.
[  262.177840][T14578] cache 0
[  262.215028][T14605] loop1: detected capacity change from 0 to 512
[  262.218654][T14578] rss 0
[  262.218666][T14578] shmem 0
[  262.218675][T14578] mapped_file 0
[  262.266020][T14601] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  262.272386][T14578] dirty 0
[  262.272398][T14578] writeback 0
[  262.272405][T14578] workingset_refault_anon 947
[  262.272414][T14578] workingset_refault_file 8099
[  262.272424][T14578] swap 204800
[  262.272432][T14578] swapcached 8192
[  262.282312][T14601] EXT4-fs (loop3): mount failed
[  262.288514][T14578] pgpgin 150832
[  262.437346][T14578] pgpgout 150829
[  262.441010][T14578] pgfault 248138
[  262.441024][T14578] pgmajfault 613
[  262.441033][T14578] inactive_anon 8192
[  262.441042][T14578] active_anon 0
[  262.441051][T14578] inactive_file 4096
[  262.441060][T14578] active_file 0
[  262.441070][T14578] unevictable 0
[  262.466678][T14578] hierarchical_memory_limit 314572800
[  262.472101][T14578] hierarchical_memsw_limit 9223372036854771712
[  262.478346][T14578] total_cache 0
[  262.482018][T14578] total_rss 0
[  262.485308][T14578] total_shmem 0
[  262.488776][T14578] total_mapped_file 0
[  262.492820][T14578] total_dirty 0
[  262.496291][T14578] total_writeback 0
[  262.500109][T14578] total_workingset_refault_anon 947
[  262.505554][T14578] total_workingset_refault_file 8099
[  262.510894][T14578] total_swap 204800
[  262.514709][T14578] total_swapcached 8192
[  262.518854][T14578] total_pgpgin 150832
[  262.522876][T14578] total_pgpgout 150829
[  262.526992][T14578] total_pgfault 248138
[  262.531059][T14578] total_pgmajfault 613
[  262.535197][T14578] total_inactive_anon 8192
[  262.539608][T14578] total_active_anon 0
[  262.543610][T14578] total_inactive_file 4096
[  262.548080][T14578] total_active_file 0
[  262.552083][T14578] total_unevictable 0
[  262.556105][T14578] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.4104,pid=14578,uid=0
[  262.570854][T14578] Memory cgroup out of memory: Killed process 14578 (syz.2.4104) total-vm:94024kB, anon-rss:1048kB, file-rss:22180kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  262.656133][T14612] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  262.690275][T14612] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  262.910089][   T29] kauditd_printk_skb: 50 callbacks suppressed
[  262.910107][   T29] audit: type=1326 audit(262.881:4331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  262.959774][   T29] audit: type=1326 audit(262.911:4332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  262.964714][T14634] lo speed is unknown, defaulting to 1000
[  262.982725][   T29] audit: type=1326 audit(262.911:4333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.011684][   T29] audit: type=1326 audit(262.911:4334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.012876][T14635] loop1: detected capacity change from 0 to 128
[  263.034683][   T29] audit: type=1326 audit(262.911:4335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.034719][   T29] audit: type=1326 audit(262.911:4336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.086867][   T29] audit: type=1326 audit(262.911:4337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.109694][   T29] audit: type=1326 audit(262.911:4338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.132653][   T29] audit: type=1326 audit(262.911:4339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.155623][   T29] audit: type=1326 audit(262.911:4340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14630 comm="syz.2.4124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  263.177527][T14634] syz.1.4126: attempt to access beyond end of device
[  263.177527][T14634] loop1: rw=0, sector=121, nr_sectors = 920 limit=128
[  263.198338][T14634] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4126'.
[  263.207403][T14634] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4126'.
[  263.260353][T14647] loop2: detected capacity change from 0 to 1024
[  263.369405][T14662] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  263.416426][T14667] netlink: 'syz.2.4131': attribute type 10 has an invalid length.
[  263.442985][T14671] loop3: detected capacity change from 0 to 512
[  263.476396][T14671] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.544672][T10955] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.664893][T14687] FAULT_INJECTION: forcing a failure.
[  263.664893][T14687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.678020][T14687] CPU: 1 UID: 0 PID: 14687 Comm: syz.3.4140 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  263.678047][T14687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  263.678101][T14687] Call Trace:
[  263.678107][T14687]  <TASK>
[  263.678115][T14687]  __dump_stack+0x1d/0x30
[  263.678137][T14687]  dump_stack_lvl+0xe8/0x140
[  263.678157][T14687]  dump_stack+0x15/0x1b
[  263.678174][T14687]  should_fail_ex+0x265/0x280
[  263.678200][T14687]  should_fail+0xb/0x20
[  263.678229][T14687]  should_fail_usercopy+0x1a/0x20
[  263.678255][T14687]  _copy_from_user+0x1c/0xb0
[  263.678290][T14687]  sel_write_load+0x192/0x380
[  263.678317][T14687]  ? __pfx_sel_write_load+0x10/0x10
[  263.678472][T14687]  vfs_write+0x266/0x960
[  263.678499][T14687]  ? __cond_resched+0x4e/0x90
[  263.678590][T14687]  ksys_write+0xda/0x1a0
[  263.678614][T14687]  __x64_sys_write+0x40/0x50
[  263.678638][T14687]  x64_sys_call+0x27fe/0x2ff0
[  263.678660][T14687]  do_syscall_64+0xd2/0x200
[  263.678708][T14687]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  263.678761][T14687]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  263.678793][T14687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.678815][T14687] RIP: 0033:0x7f8df48cec29
[  263.678831][T14687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.678850][T14687] RSP: 002b:00007f8df332f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  263.678928][T14687] RAX: ffffffffffffffda RBX: 00007f8df4b15fa0 RCX: 00007f8df48cec29
[  263.678941][T14687] RDX: 000000000000603f RSI: 0000200000000000 RDI: 0000000000000005
[  263.679010][T14687] RBP: 00007f8df332f090 R08: 0000000000000000 R09: 0000000000000000
[  263.679022][T14687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.679035][T14687] R13: 00007f8df4b16038 R14: 00007f8df4b15fa0 R15: 00007fff4b284e68
[  263.679055][T14687]  </TASK>
[  263.922219][T14699] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.962857][T14699] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  264.351384][T14711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4143'.
[  264.445663][T14719] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4145'.
[  264.544526][T14723] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  264.656535][T14747] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  264.668091][T14747] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  264.690993][T14750] loop2: detected capacity change from 0 to 2048
[  264.732588][T14750]  loop2: p1 p3 p4
[  264.737510][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4157'.
[  264.742149][T14750] loop2: p4 size 589824 extends beyond EOD, truncated
[  264.792799][T14757] loop2: detected capacity change from 0 to 2048
[  264.893571][T14757]  loop2: p1 p3 p4
[  264.898218][T14757] loop2: p4 size 589824 extends beyond EOD, truncated
[  265.063304][T14780] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  265.183621][T14786] loop2: detected capacity change from 0 to 512
[  265.200586][T14786] ext4: Bad value for 'debug_want_extra_isize'
[  265.566182][T14812] netlink: 'syz.4.4169': attribute type 5 has an invalid length.
[  265.644784][T14821] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4171'.
[  265.765239][T14833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4176'.
[  265.786280][T14829] loop4: detected capacity change from 0 to 2048
[  265.810670][T14835] loop3: detected capacity change from 0 to 2048
[  265.831912][T14829]  loop4: p1 p3 p4
[  265.836764][T14829] loop4: p4 size 589824 extends beyond EOD, truncated
[  265.858193][T14841] netlink: 'syz.1.4180': attribute type 10 has an invalid length.
[  265.866421][T14835]  loop3: p1 p3 p4
[  265.872132][T14835] loop3: p4 size 589824 extends beyond EOD, truncated
[  265.897526][T14844] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  265.907647][T14844] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  265.918270][T14846] bridge_slave_0: default FDB implementation only supports local addresses
[  265.930096][T14846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4181'.
[  265.950899][T14846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4181'.
[  266.056798][T14860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  266.094044][T14862] netlink: 'syz.1.4188': attribute type 5 has an invalid length.
[  266.165021][T14872] FAULT_INJECTION: forcing a failure.
[  266.165021][T14872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.178259][T14872] CPU: 0 UID: 0 PID: 14872 Comm: syz.1.4191 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  266.178308][T14872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  266.178323][T14872] Call Trace:
[  266.178331][T14872]  <TASK>
[  266.178340][T14872]  __dump_stack+0x1d/0x30
[  266.178365][T14872]  dump_stack_lvl+0xe8/0x140
[  266.178391][T14872]  dump_stack+0x15/0x1b
[  266.178439][T14872]  should_fail_ex+0x265/0x280
[  266.178471][T14872]  should_fail+0xb/0x20
[  266.178587][T14872]  should_fail_usercopy+0x1a/0x20
[  266.178616][T14872]  _copy_from_iter+0xd2/0xe80
[  266.178643][T14872]  ? __build_skb_around+0x1a0/0x200
[  266.178735][T14872]  ? __alloc_skb+0x223/0x320
[  266.178761][T14872]  netlink_sendmsg+0x471/0x6b0
[  266.178790][T14872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.178816][T14872]  __sock_sendmsg+0x142/0x180
[  266.178892][T14872]  ____sys_sendmsg+0x31e/0x4e0
[  266.178930][T14872]  ___sys_sendmsg+0x17b/0x1d0
[  266.179002][T14872]  __x64_sys_sendmsg+0xd4/0x160
[  266.179042][T14872]  x64_sys_call+0x191e/0x2ff0
[  266.179066][T14872]  do_syscall_64+0xd2/0x200
[  266.179152][T14872]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  266.179178][T14872]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  266.179208][T14872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.179304][T14872] RIP: 0033:0x7fee4aa2ec29
[  266.179324][T14872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.179342][T14872] RSP: 002b:00007fee4948f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.179424][T14872] RAX: ffffffffffffffda RBX: 00007fee4ac75fa0 RCX: 00007fee4aa2ec29
[  266.179505][T14872] RDX: 0000000024040084 RSI: 0000200000006040 RDI: 0000000000000007
[  266.179522][T14872] RBP: 00007fee4948f090 R08: 0000000000000000 R09: 0000000000000000
[  266.179538][T14872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.179578][T14872] R13: 00007fee4ac76038 R14: 00007fee4ac75fa0 R15: 00007ffd2527d9a8
[  266.179597][T14872]  </TASK>
[  266.573606][T14883] loop1: detected capacity change from 0 to 512
[  266.606805][T14877] loop2: detected capacity change from 0 to 512
[  266.613391][T14877] ext4: Bad value for 'debug_want_extra_isize'
[  266.661054][T14883] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.715746][T11517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.738020][T14899] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  266.757507][T14899] ip6tnl1: entered allmulticast mode
[  266.810652][T14908] 9pnet_fd: Insufficient options for proto=fd
[  266.820173][T14899] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 649
[  266.823620][T14907] loop4: detected capacity change from 0 to 1024
[  266.900540][T14914] loop4: detected capacity change from 0 to 2048
[  266.965451][T14914]  loop4: p1 p3 p4
[  266.979885][T14914] loop4: p4 size 589824 extends beyond EOD, truncated
[  267.158416][T14927] loop3: detected capacity change from 0 to 512
[  267.173988][T14927] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.221271][T10955] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.307189][T14934] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  267.333420][T14936] __nla_validate_parse: 3 callbacks suppressed
[  267.333434][T14936] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4212'.
[  267.410508][T14944] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  267.421696][T14944] siw: device registration error -23
[  267.431044][T14944] loop3: detected capacity change from 0 to 512
[  267.438977][T14944] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  267.450535][T14944] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:17 to non-existent VLAN 649
[  267.760951][T14954] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  267.776659][   T23] lo speed is unknown, defaulting to 1000
[  267.782593][T14956] loop4: detected capacity change from 0 to 2048
[  267.802721][T14956]  loop4: p1 p3 p4
[  267.807587][T14956] loop4: p4 size 589824 extends beyond EOD, truncated
[  267.873394][T14967] netlink: 'syz.4.4225': attribute type 5 has an invalid length.
[  267.874471][T14970] netlink: 'syz.0.4226': attribute type 10 has an invalid length.
[  267.891078][T14970] 
: (slave dummy0): Releasing backup interface
[  267.901130][T14970] team0: Port device dummy0 added
[  267.958783][T14979] loop2: detected capacity change from 0 to 2048
[  267.987255][T14979]  loop2: p1 p3 p4
[  267.992358][T14979] loop2: p4 size 589824 extends beyond EOD, truncated
[  268.000386][   T29] kauditd_printk_skb: 32 callbacks suppressed
[  268.000401][   T29] audit: type=1400 audit(267.971:4371): avc:  denied  { read } for  pid=14983 comm="syz.0.4232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  268.060880][T14991] loop2: detected capacity change from 0 to 512
[  268.069222][T14988] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  268.090017][T14993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4235'.
[  268.135220][T14996] loop2: detected capacity change from 0 to 2048
[  268.149806][T15000] netlink: 'syz.4.4238': attribute type 10 has an invalid length.
[  268.160362][T15000] 
: (slave dummy0): Releasing backup interface
[  268.169675][T15000] team0: Port device dummy0 added
[  268.175072][T14996]  loop2: p1 p3 p4
[  268.179882][T14996] loop2: p4 size 589824 extends beyond EOD, truncated
[  268.363654][T15031] loop2: detected capacity change from 0 to 2048
[  268.374864][T15034] loop4: detected capacity change from 0 to 512
[  268.412331][T15031]  loop2: p1 p3 p4
[  268.413489][T15036] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4247'.
[  268.420284][T15031] loop2: p4 size 589824 extends beyond EOD, truncated
[  268.481553][T15036] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4247'.
[  268.538371][T15045] netlink: 'syz.4.4251': attribute type 10 has an invalid length.
[  268.557787][   T29] audit: type=1400 audit(268.531:4372): avc:  denied  { create } for  pid=15042 comm="syz.2.4250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  268.581394][   T29] audit: type=1400 audit(268.561:4373): avc:  denied  { read } for  pid=15042 comm="syz.2.4250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  268.585912][T15048] loop4: detected capacity change from 0 to 2048
[  268.643658][T15048]  loop4: p1 p3 p4
[  268.644655][T15048] loop4: p4 size 589824 extends beyond EOD, truncated
[  268.818590][T15067] loop2: detected capacity change from 0 to 1024
[  268.830150][T15067] EXT4-fs: Ignoring removed nobh option
[  268.831327][T15067] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  268.858766][T15067] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.4257: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  268.877786][T15067] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.4257: couldn't read orphan inode 11 (err -117)
[  268.893689][T15078] loop1: detected capacity change from 0 to 512
[  268.901823][T15067] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.907789][T15067] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.4257: Invalid block bitmap block 0 in block_group 0
[  268.950040][T15067] Quota error (device loop2): write_blk: dquota write failed
[  268.950058][T15067] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  268.950090][T15067] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.4257: Failed to acquire dquot type 0
[  268.984761][T15082] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  268.984987][T15082] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  268.986436][T11696] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.011233][T15080] netlink: 'syz.1.4259': attribute type 5 has an invalid length.
[  269.077555][   T29] audit: type=1326 audit(269.051:4374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15096 comm="syz.2.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  269.077720][   T29] audit: type=1326 audit(269.051:4375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15096 comm="syz.2.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  269.163845][   T29] audit: type=1326 audit(269.111:4376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15096 comm="syz.2.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  269.163880][   T29] audit: type=1326 audit(269.111:4377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15096 comm="syz.2.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  269.163986][   T29] audit: type=1326 audit(269.111:4378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15096 comm="syz.2.4264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f813eec29 code=0x7ffc0000
[  269.233046][T15105] loop4: detected capacity change from 0 to 2048
[  269.246282][T15103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4265'.
[  269.263424][T15105]  loop4: p1 p3 p4
[  269.288807][T15105] loop4: p4 size 589824 extends beyond EOD, truncated
[  269.327396][T15114] loop3: detected capacity change from 0 to 164
[  269.336415][T15114] Unable to read rock-ridge attributes
[  269.577418][T15136] loop4: detected capacity change from 0 to 1024
[  269.585518][T15136] EXT4-fs: Ignoring removed nobh option
[  269.591878][T15136] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  269.603753][T15136] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.4272: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  269.623937][T15136] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.4272: couldn't read orphan inode 11 (err -117)
[  269.636626][T15136] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.650908][T15136] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.4272: Invalid block bitmap block 0 in block_group 0
[  269.664736][T15136] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.4272: Failed to acquire dquot type 0
[  269.689720][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.825315][T15146] netlink: 'syz.4.4275': attribute type 5 has an invalid length.
[  269.865750][T15151] loop4: detected capacity change from 0 to 512
[  269.883890][T15151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.941513][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.962951][T15159] loop4: detected capacity change from 0 to 512
[  269.973955][T15159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.004603][T15163] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  270.047200][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.067211][T15168] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  270.067942][T15167] loop2: detected capacity change from 0 to 512
[  270.142769][T15170] loop4: detected capacity change from 0 to 1024
[  270.158080][T15170] EXT4-fs: Ignoring removed nobh option
[  270.170366][T15176] loop2: detected capacity change from 0 to 1024
[  270.180824][T15176] EXT4-fs: Ignoring removed nobh option
[  270.186826][T15170] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  270.206462][T15176] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  270.222762][T15170] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.4282: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  270.248467][T15170] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.4282: couldn't read orphan inode 11 (err -117)
[  270.261521][T15170] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.275890][T15176] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.4284: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  270.296173][T15170] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.4282: Invalid block bitmap block 0 in block_group 0
[  270.310605][T15176] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.4284: couldn't read orphan inode 11 (err -117)
[  270.320117][T15170] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.4282: Failed to acquire dquot type 0
[  270.324763][T15176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.350146][T15176] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.4284: Invalid block bitmap block 0 in block_group 0
[  270.379002][T11379] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.388963][T15176] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.4284: Failed to acquire dquot type 0
[  270.426882][T15205] loop1: detected capacity change from 0 to 512
[  270.444907][T11696] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.485268][T15205] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.502855][T15216] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  270.513625][T15216] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  270.522978][T15209] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  270.557323][T11517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.642789][T15233] FAULT_INJECTION: forcing a failure.
[  270.642789][T15233] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.655958][T15233] CPU: 0 UID: 0 PID: 15233 Comm: syz.4.4298 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  270.656022][T15233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  270.656037][T15233] Call Trace:
[  270.656044][T15233]  <TASK>
[  270.656052][T15233]  __dump_stack+0x1d/0x30
[  270.656076][T15233]  dump_stack_lvl+0xe8/0x140
[  270.656113][T15233]  dump_stack+0x15/0x1b
[  270.656129][T15233]  should_fail_ex+0x265/0x280
[  270.656154][T15233]  should_fail+0xb/0x20
[  270.656180][T15233]  should_fail_usercopy+0x1a/0x20
[  270.656227][T15233]  _copy_to_user+0x20/0xa0
[  270.656265][T15233]  br_dev_siocdevprivate+0xc60/0xce0
[  270.656377][T15233]  ? full_name_hash+0x92/0xe0
[  270.656417][T15233]  ? netdev_name_node_lookup+0xa4/0xd0
[  270.656454][T15233]  dev_ifsioc+0x8f8/0xaa0
[  270.656512][T15233]  dev_ioctl+0x78d/0x960
[  270.656544][T15233]  sock_ioctl+0x593/0x610
[  270.656583][T15233]  ? __pfx_sock_ioctl+0x10/0x10
[  270.656614][T15233]  __se_sys_ioctl+0xce/0x140
[  270.656709][T15233]  __x64_sys_ioctl+0x43/0x50
[  270.656739][T15233]  x64_sys_call+0x1816/0x2ff0
[  270.656762][T15233]  do_syscall_64+0xd2/0x200
[  270.656805][T15233]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  270.656836][T15233]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  270.656876][T15233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.656903][T15233] RIP: 0033:0x7fb1a0d1ec29
[  270.656920][T15233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.657009][T15233] RSP: 002b:00007fb19f787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.657028][T15233] RAX: ffffffffffffffda RBX: 00007fb1a0f65fa0 RCX: 00007fb1a0d1ec29
[  270.657042][T15233] RDX: 0000200000001440 RSI: 00000000000089f0 RDI: 0000000000000003
[  270.657058][T15233] RBP: 00007fb19f787090 R08: 0000000000000000 R09: 0000000000000000
[  270.657074][T15233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.657089][T15233] R13: 00007fb1a0f66038 R14: 00007fb1a0f65fa0 R15: 00007ffe7da7a2e8
[  270.657180][T15233]  </TASK>
[  270.667414][T15228] loop2: detected capacity change from 0 to 164
[  270.736994][T15238] loop4: detected capacity change from 0 to 2048
[  270.743888][T15228] Unable to read rock-ridge attributes
[  270.838341][T15238] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  271.172967][T15250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.315096][T15255] lo speed is unknown, defaulting to 1000
[  271.370966][T15255] chnl_net:caif_netlink_parms(): no params data found
[  271.408320][T15255] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.415512][T15255] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.424021][T15255] bridge_slave_0: entered allmulticast mode
[  271.430552][T15255] bridge_slave_0: entered promiscuous mode
[  271.437474][T15255] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.444737][T15255] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.453029][T15255] bridge_slave_1: entered allmulticast mode
[  271.459575][T15255] bridge_slave_1: entered promiscuous mode
[  271.483868][T15255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  271.496208][T15255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  271.499156][T15273] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  271.514197][T15273] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  271.534662][T15255] team0: Port device team_slave_0 added
[  271.541629][T15255] team0: Port device team_slave_1 added
[  271.561122][T15255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  271.568145][T15255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  271.594296][T15255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  271.607205][T15255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  271.614232][T15255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  271.640149][T15255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  271.672738][T15255] hsr_slave_0: entered promiscuous mode
[  271.679039][T15255] hsr_slave_1: entered promiscuous mode
[  271.763239][T15255] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  271.772539][T15255] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  271.781936][T15255] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  271.795240][T15255] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  271.854205][T15255] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.869179][T15255] 8021q: adding VLAN 0 to HW filter on device team0
[  271.881105][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.888326][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.909927][T15255] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  271.920369][T15255] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  271.934430][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.941601][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.008354][T15255] 8021q: adding VLAN 0 to HW filter on device batadv0
[  272.128325][T15255] veth0_vlan: entered promiscuous mode
[  272.137396][T15255] veth1_vlan: entered promiscuous mode
[  272.157921][T15255] veth0_macvtap: entered promiscuous mode
[  272.165885][T15255] veth1_macvtap: entered promiscuous mode
[  272.179086][T15255] batman_adv: batadv0: Interface activated: batadv_slave_0
[  272.192005][T15255] batman_adv: batadv0: Interface activated: batadv_slave_1
[  272.203657][ T2799] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  272.212539][ T2799] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  272.222015][ T2799] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  272.230905][ T2799] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  272.273772][T15338] loop5: detected capacity change from 0 to 512
[  272.283443][T15338] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.328173][T15255] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.451418][T15350] netlink: 'syz.3.4321': attribute type 10 has an invalid length.
[  272.461044][T15350] 
: (slave dummy0): Releasing backup interface
[  272.469750][T15350] team0: Port device dummy0 added
[  272.494899][T15352] loop3: detected capacity change from 0 to 512
[  272.609245][T15363] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  272.618386][T15363] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  272.640473][T15364] lo speed is unknown, defaulting to 1000
[  272.753392][T15369] loop1: detected capacity change from 0 to 512
[  272.786121][T15369] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.912948][T11517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.933541][T15379] netlink: 'syz.1.4332': attribute type 10 has an invalid length.
[  272.943103][T15379] 
: (slave dummy0): Releasing backup interface
[  272.952574][T15379] team0: Port device dummy0 added
[  273.022993][   T31] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.123464][   T31] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.156086][   T31] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.205705][   T31] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.276129][   T31] bridge_slave_1: left allmulticast mode
[  273.281874][   T31] bridge_slave_1: left promiscuous mode
[  273.287561][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.302808][   T31] bridge_slave_0: left allmulticast mode
[  273.308472][   T31] bridge_slave_0: left promiscuous mode
[  273.314236][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.415516][   T31] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  273.426607][   T31] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  273.436515][   T31] 
 (unregistering): Released all slaves
[  273.476455][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  273.483925][   T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[  273.495141][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  273.502617][   T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[  273.609098][   T31] team0 (unregistering): Port device team_slave_1 removed
[  273.620608][   T31] team0 (unregistering): Port device team_slave_0 removed
[  273.661054][   T31] team0 (unregistering): Port device dummy0 removed
[  273.768621][   T29] kauditd_printk_skb: 105 callbacks suppressed
[  273.768639][   T29] audit: type=1326 audit(273.741:4476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.798293][   T29] audit: type=1326 audit(273.761:4477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.821199][   T29] audit: type=1326 audit(273.761:4478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.844229][   T29] audit: type=1326 audit(273.761:4479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.867202][   T29] audit: type=1326 audit(273.761:4480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.872013][T15410] netlink: 'syz.2.4343': attribute type 10 has an invalid length.
[  273.890157][   T29] audit: type=1326 audit(273.761:4481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.890196][   T29] audit: type=1326 audit(273.761:4482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.943833][   T29] audit: type=1326 audit(273.761:4483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.966838][   T29] audit: type=1326 audit(273.761:4484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  273.990211][T15410] 
: (slave dummy0): Releasing backup interface
[  273.996879][   T29] audit: type=1326 audit(273.781:4485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15404 comm="syz.3.4341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df48cec29 code=0x7ffc0000
[  274.024286][T15410] team0: Port device dummy0 added
[  274.069917][T15415] netlink: 'syz.1.4345': attribute type 5 has an invalid length.
[  274.112823][T15423] loop2: detected capacity change from 0 to 1024
[  274.119698][T15423] EXT4-fs: Ignoring removed nobh option
[  274.126933][T15423] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  274.141213][T15423] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.4346: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  274.161881][T15423] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.4346: couldn't read orphan inode 11 (err -117)
[  274.176153][T15423] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.190401][T15423] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.4346: Invalid block bitmap block 0 in block_group 0
[  274.210576][T15423] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.4346: Failed to acquire dquot type 0
[  274.254425][T15428] loop1: detected capacity change from 0 to 2048
[  274.258754][T11696] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.282320][T15428]  loop1: p1 p3 p4
[  274.287068][T15428] loop1: p4 size 589824 extends beyond EOD, truncated
[  274.333039][T15435] loop2: detected capacity change from 0 to 1024
[  274.339697][T15435] EXT4-fs: Ignoring removed nobh option
[  274.345878][T15435] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  274.357169][T15435] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.4349: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  274.376953][T15435] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.4349: couldn't read orphan inode 11 (err -117)
[  274.389586][T15435] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.408965][T15432] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.4349: Invalid block bitmap block 0 in block_group 0
[  274.423331][T15432] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.4349: Failed to acquire dquot type 0
[  274.427985][T15441] loop1: detected capacity change from 0 to 512
[  274.455551][T11696] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.475068][T15443] loop1: detected capacity change from 0 to 512
[  274.482865][T15445] loop2: detected capacity change from 0 to 1024
[  274.494667][T15443] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.514189][T15449] FAULT_INJECTION: forcing a failure.
[  274.514189][T15449] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.527385][T15449] CPU: 0 UID: 0 PID: 15449 Comm: syz.2.4356 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  274.527414][T15449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  274.527426][T15449] Call Trace:
[  274.527433][T15449]  <TASK>
[  274.527441][T15449]  __dump_stack+0x1d/0x30
[  274.527468][T15449]  dump_stack_lvl+0xe8/0x140
[  274.527492][T15449]  dump_stack+0x15/0x1b
[  274.527603][T15449]  should_fail_ex+0x265/0x280
[  274.527707][T15449]  should_fail+0xb/0x20
[  274.527732][T15449]  should_fail_usercopy+0x1a/0x20
[  274.527757][T15449]  _copy_from_iter+0xd2/0xe80
[  274.527826][T15449]  ? __build_skb_around+0x1a0/0x200
[  274.527850][T15449]  ? __alloc_skb+0x223/0x320
[  274.527873][T15449]  netlink_sendmsg+0x471/0x6b0
[  274.527910][T15449]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.527949][T15449]  __sock_sendmsg+0x142/0x180
[  274.527982][T15449]  ____sys_sendmsg+0x31e/0x4e0
[  274.528033][T15449]  ___sys_sendmsg+0x17b/0x1d0
[  274.528135][T15449]  __x64_sys_sendmsg+0xd4/0x160
[  274.528176][T15449]  x64_sys_call+0x191e/0x2ff0
[  274.528220][T15449]  do_syscall_64+0xd2/0x200
[  274.528258][T15449]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  274.528284][T15449]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  274.528317][T15449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.528414][T15449] RIP: 0033:0x7f1f813eec29
[  274.528435][T15449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.528532][T15449] RSP: 002b:00007f1f7fe4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.528552][T15449] RAX: ffffffffffffffda RBX: 00007f1f81635fa0 RCX: 00007f1f813eec29
[  274.528567][T15449] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000003
[  274.528643][T15449] RBP: 00007f1f7fe4f090 R08: 0000000000000000 R09: 0000000000000000
[  274.528658][T15449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.528670][T15449] R13: 00007f1f81636038 R14: 00007f1f81635fa0 R15: 00007ffc6e620d48
[  274.528715][T15449]  </TASK>
[  274.746736][T11517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.757364][T15451] netlink: 'syz.0.4357': attribute type 10 has an invalid length.
[  274.793523][T15453] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4359'.
[  274.804272][T15459] netlink: 'syz.0.4360': attribute type 5 has an invalid length.
[  274.945634][T15472] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4364'.
[  275.107428][T15481] loop3: detected capacity change from 0 to 1024
[  275.207350][T15485] netlink: 112 bytes leftover after parsing attributes in process `syz.3.4370'.
[  275.243561][T15485] loop3: detected capacity change from 0 to 8192
[  275.251137][T15485] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  275.287665][T15487] netlink: 'syz.3.4371': attribute type 10 has an invalid length.
[  275.322316][T15489] netlink: 'syz.3.4372': attribute type 5 has an invalid length.
[  275.358928][T15493] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  275.483327][T15502] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4376'.
[  275.513290][T15505] loop3: detected capacity change from 0 to 512
[  275.618098][T15508] loop2: detected capacity change from 0 to 512
[  275.642124][T15508] ext4: Bad value for 'debug_want_extra_isize'
[  275.901578][T15521] netlink: 'syz.5.4382': attribute type 10 has an invalid length.
[  275.914778][T15521] team0: Port device dummy0 added
[  275.983375][T15525] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15525 comm=syz.0.4383
[  275.996542][T15525] FAULT_INJECTION: forcing a failure.
[  275.996542][T15525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.009684][T15525] CPU: 1 UID: 0 PID: 15525 Comm: syz.0.4383 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  276.009716][T15525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  276.009733][T15525] Call Trace:
[  276.009817][T15525]  <TASK>
[  276.009826][T15525]  __dump_stack+0x1d/0x30
[  276.009867][T15525]  dump_stack_lvl+0xe8/0x140
[  276.009892][T15525]  dump_stack+0x15/0x1b
[  276.009914][T15525]  should_fail_ex+0x265/0x280
[  276.009947][T15525]  should_fail+0xb/0x20
[  276.009998][T15525]  should_fail_usercopy+0x1a/0x20
[  276.010031][T15525]  _copy_from_iter+0xd2/0xe80
[  276.010067][T15525]  ? __build_skb_around+0x1a0/0x200
[  276.010098][T15525]  ? __alloc_skb+0x223/0x320
[  276.010186][T15525]  netlink_sendmsg+0x471/0x6b0
[  276.010222][T15525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.010311][T15525]  __sock_sendmsg+0x142/0x180
[  276.010354][T15525]  ____sys_sendmsg+0x31e/0x4e0
[  276.010390][T15525]  ___sys_sendmsg+0x17b/0x1d0
[  276.010443][T15525]  __x64_sys_sendmsg+0xd4/0x160
[  276.010530][T15525]  x64_sys_call+0x191e/0x2ff0
[  276.010558][T15525]  do_syscall_64+0xd2/0x200
[  276.010600][T15525]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  276.010697][T15525]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  276.010843][T15525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.010868][T15525] RIP: 0033:0x7f843964ec29
[  276.010883][T15525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.010906][T15525] RSP: 002b:00007f84380af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.010980][T15525] RAX: ffffffffffffffda RBX: 00007f8439895fa0 RCX: 00007f843964ec29
[  276.010995][T15525] RDX: 0000000020000800 RSI: 0000200000000540 RDI: 0000000000000004
[  276.011052][T15525] RBP: 00007f84380af090 R08: 0000000000000000 R09: 0000000000000000
[  276.011068][T15525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.011084][T15525] R13: 00007f8439896038 R14: 00007f8439895fa0 R15: 00007fffa51e4ca8
[  276.011108][T15525]  </TASK>
[  276.028265][T15523] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4384'.
[  276.033968][T15525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4383'.
[  276.504056][T15528] netlink: 'syz.3.4385': attribute type 5 has an invalid length.
[  276.543130][T15531] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  276.599201][T15539] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4388'.
[  277.037330][T15560] netdevsim netdevsim5: Direct firmware load for ..€ failed with error -2
[  277.319243][T15566] loop5: detected capacity change from 0 to 512
[  277.337141][T15566] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  277.394041][T15255] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.414709][T15571] loop5: detected capacity change from 0 to 512
[  277.433145][T15571] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4399'.
[  277.503564][T11517] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  277.514541][T11517] CPU: 0 UID: 0 PID: 11517 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  277.514574][T11517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  277.514591][T11517] Call Trace:
[  277.514599][T11517]  <TASK>
[  277.514608][T11517]  __dump_stack+0x1d/0x30
[  277.514678][T11517]  dump_stack_lvl+0xe8/0x140
[  277.514703][T11517]  dump_stack+0x15/0x1b
[  277.514719][T11517]  dump_header+0x81/0x220
[  277.514782][T11517]  oom_kill_process+0x342/0x400
[  277.514896][T11517]  out_of_memory+0x979/0xb80
[  277.514937][T11517]  try_charge_memcg+0x5e6/0x9e0
[  277.514975][T11517]  charge_memcg+0x51/0xc0
[  277.515068][T11517]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  277.515102][T11517]  __read_swap_cache_async+0x1df/0x350
[  277.515145][T11517]  swap_cluster_readahead+0x277/0x3e0
[  277.515186][T11517]  swapin_readahead+0xde/0x6f0
[  277.515299][T11517]  ? __filemap_get_folio+0x4f7/0x6b0
[  277.515317][T11517]  ? update_load_avg+0x1da/0x820
[  277.515426][T11517]  ? swap_cache_get_folio+0x77/0x200
[  277.515472][T11517]  do_swap_page+0x301/0x2430
[  277.515521][T11517]  ? finish_task_switch+0xad/0x2b0
[  277.515614][T11517]  ? __pfx_default_wake_function+0x10/0x10
[  277.515638][T11517]  handle_mm_fault+0x9a5/0x2c20
[  277.515678][T11517]  do_user_addr_fault+0x636/0x1090
[  277.515726][T11517]  ? fpregs_restore_userregs+0xe2/0x1d0
[  277.515793][T11517]  ? switch_fpu_return+0xe/0x20
[  277.515826][T11517]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  277.515860][T11517]  exc_page_fault+0x62/0xa0
[  277.515958][T11517]  asm_exc_page_fault+0x26/0x30
[  277.515983][T11517] RIP: 0033:0x7fee4aa614a5
[  277.516002][T11517] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d be 70 1e 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  277.516039][T11517] RSP: 002b:00007ffd2527dce8 EFLAGS: 00010246
[  277.516119][T11517] RAX: 0000000000000000 RBX: 00000000000002a7 RCX: 00007fee4aa614a3
[  277.516134][T11517] RDX: 00007ffd2527dd00 RSI: 0000000000000000 RDI: 0000000000000000
[  277.516176][T11517] RBP: 00007ffd2527dd6c R08: 0000000019d925c7 R09: 0000000000000000
[  277.516188][T11517] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  277.516199][T11517] R13: 00000000000927c0 R14: 0000000000043a6e R15: 00007ffd2527ddc0
[  277.516219][T11517]  </TASK>
[  277.516227][T11517] memory: usage 307200kB, limit 307200kB, failcnt 3789
[  277.595950][T15577] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4400'.
[  277.597267][T11517] memory+swap: usage 308852kB, limit 9007199254740988kB, failcnt 0
[  277.597288][T11517] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[  277.661849][T15582] loop3: detected capacity change from 0 to 1024
[  277.665271][T11517] Memory cgroup stats for 
[  277.694252][T11517] /syz1:
[  277.697397][T11517] cache 0
[  277.791864][T11517] rss 0
[  277.794695][T11517] shmem 0
[  277.797627][T11517] mapped_file 0
[  277.801188][T11517] dirty 0
[  277.804299][T11517] writeback 0
[  277.807723][T11517] workingset_refault_anon 1412
[  277.812524][T11517] workingset_refault_file 3108
[  277.817331][T11517] swap 1691648
[  277.820745][T11517] swapcached 20480
[  277.824492][T11517] pgpgin 194316
[  277.828120][T11517] pgpgout 194311
[  277.831727][T11517] pgfault 312566
[  277.835272][T11517] pgmajfault 835
[  277.838866][T11517] inactive_anon 20480
[  277.842893][T11517] active_anon 0
[  277.846387][T11517] inactive_file 0
[  277.850021][T11517] active_file 0
[  277.853741][T11517] unevictable 0
[  277.857328][T11517] hierarchical_memory_limit 314572800
[  277.862760][T11517] hierarchical_memsw_limit 9223372036854771712
[  277.868919][T11517] total_cache 0
[  277.872434][T11517] total_rss 0
[  277.875719][T11517] total_shmem 0
[  277.879257][T11517] total_mapped_file 0
[  277.883394][T11517] total_dirty 0
[  277.886847][T11517] total_writeback 0
[  277.890650][T11517] total_workingset_refault_anon 1412
[  277.895981][T11517] total_workingset_refault_file 3108
[  277.901265][T11517] total_swap 1691648
[  277.905206][T11517] total_swapcached 20480
[  277.909519][T11517] total_pgpgin 194316
[  277.913549][T11517] total_pgpgout 194311
[  277.917610][T11517] total_pgfault 312566
[  277.921723][T11517] total_pgmajfault 835
[  277.925792][T11517] total_inactive_anon 20480
[  277.930285][T11517] total_active_anon 0
[  277.934466][T11517] total_inactive_file 0
[  277.938631][T11517] total_active_file 0
[  277.942651][T11517] total_unevictable 0
[  277.946629][T11517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4333,pid=15389,uid=0
[  277.961484][T11517] Memory cgroup out of memory: Killed process 15389 (syz.1.4333) total-vm:98260kB, anon-rss:1100kB, file-rss:24832kB, shmem-rss:0kB, UID:0 pgtables:104kB oom_score_adj:1000
[  277.978917][T15576] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  278.084211][T15556] syz.1.4395 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  278.095269][T15556] CPU: 1 UID: 0 PID: 15556 Comm: syz.1.4395 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  278.095301][T15556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  278.095318][T15556] Call Trace:
[  278.095327][T15556]  <TASK>
[  278.095337][T15556]  __dump_stack+0x1d/0x30
[  278.095363][T15556]  dump_stack_lvl+0xe8/0x140
[  278.095425][T15556]  dump_stack+0x15/0x1b
[  278.095444][T15556]  dump_header+0x81/0x220
[  278.095475][T15556]  oom_kill_process+0x342/0x400
[  278.095553][T15556]  out_of_memory+0x979/0xb80
[  278.095605][T15556]  try_charge_memcg+0x5e6/0x9e0
[  278.095646][T15556]  charge_memcg+0x51/0xc0
[  278.095672][T15556]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  278.095747][T15556]  __read_swap_cache_async+0x1df/0x350
[  278.095865][T15556]  swap_cluster_readahead+0x376/0x3e0
[  278.095976][T15556]  swapin_readahead+0xde/0x6f0
[  278.096016][T15556]  ? __filemap_get_folio+0x4f7/0x6b0
[  278.096096][T15556]  ? __rcu_read_unlock+0x34/0x70
[  278.096126][T15556]  ? swap_cache_get_folio+0x77/0x200
[  278.096226][T15556]  do_swap_page+0x301/0x2430
[  278.096255][T15556]  ? __pfx_default_wake_function+0x10/0x10
[  278.096282][T15556]  handle_mm_fault+0x9a5/0x2c20
[  278.096326][T15556]  do_user_addr_fault+0x636/0x1090
[  278.096425][T15556]  exc_page_fault+0x62/0xa0
[  278.096479][T15556]  asm_exc_page_fault+0x26/0x30
[  278.096503][T15556] RIP: 0033:0x7fee4aa614b4
[  278.096518][T15556] Code: ff ff ff 49 89 ca 0f 44 f8 80 3d be 70 1e 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 <48> 89 54 24 10 89 74 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff
[  278.096542][T15556] RSP: 002b:00007ffd2527daa0 EFLAGS: 00010206
[  278.096594][T15556] RAX: 00000000fffffffa RBX: 00007fee4ac75fa0 RCX: 0000000000000000
[  278.096610][T15556] RDX: 00007ffd2527dae0 RSI: 0000000000000000 RDI: 0000000000000000
[  278.096626][T15556] RBP: 00007fee4ac77da0 R08: 000000001a690567 R09: 7fffffffffffffff
[  278.096643][T15556] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000043cf6
[  278.096691][T15556] R13: 00007fee4ac76180 R14: ffffffffffffffff R15: 00007ffd2527dc20
[  278.096717][T15556]  </TASK>
[  278.096723][T15556] memory: usage 307200kB, limit 307200kB, failcnt 3963
[  278.145901][T15594] loop2: detected capacity change from 0 to 164
[  278.150152][T15556] memory+swap: usage 307704kB, limit 9007199254740988kB, failcnt 0
[  278.150173][T15556] kmem: usage 307088kB, limit 9007199254740988kB, failcnt 0
[  278.150187][T15556] Memory cgroup stats for /syz1:
[  278.329944][T15556] cache 0
[  278.334383][T15594] Unable to read rock-ridge attributes
[  278.334963][T15556] rss 0
[  278.346177][T15556] shmem 0
[  278.349128][T15556] mapped_file 0
[  278.352622][T15556] dirty 0
[  278.355566][T15556] writeback 0
[  278.358894][T15556] workingset_refault_anon 1417
[  278.363807][T15556] workingset_refault_file 3108
[  278.368673][T15556] swap 516096
[  278.371999][T15556] swapcached 0
[  278.375379][T15556] pgpgin 194321
[  278.378857][T15556] pgpgout 194321
[  278.382497][T15556] pgfault 312570
[  278.386047][T15556] pgmajfault 839
[  278.389636][T15556] inactive_anon 0
[  278.393366][T15556] active_anon 0
[  278.396821][T15556] inactive_file 0
[  278.400443][T15556] active_file 0
[  278.404005][T15556] unevictable 0
[  278.407461][T15556] hierarchical_memory_limit 314572800
[  278.412932][T15556] hierarchical_memsw_limit 9223372036854771712
[  278.419092][T15556] total_cache 0
[  278.422630][T15556] total_rss 0
[  278.425917][T15556] total_shmem 0
[  278.429366][T15556] total_mapped_file 0
[  278.433382][T15556] total_dirty 0
[  278.436830][T15556] total_writeback 0
[  278.440634][T15556] total_workingset_refault_anon 1417
[  278.446033][T15556] total_workingset_refault_file 3108
[  278.451372][T15556] total_swap 516096
[  278.455207][T15556] total_swapcached 0
[  278.459091][T15556] total_pgpgin 194321
[  278.463076][T15556] total_pgpgout 194321
[  278.467164][T15556] total_pgfault 312570
[  278.471221][T15556] total_pgmajfault 839
[  278.475330][T15556] total_inactive_anon 0
[  278.479488][T15556] total_active_anon 0
[  278.483518][T15556] total_inactive_file 0
[  278.487676][T15556] total_active_file 0
[  278.491788][T15556] total_unevictable 0
[  278.495793][T15556] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4395,pid=15556,uid=0
[  278.510762][T15556] Memory cgroup out of memory: Killed process 15556 (syz.1.4395) total-vm:96072kB, anon-rss:1068kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  278.675723][T15598] netlink: 'syz.5.4408': attribute type 5 has an invalid length.
[  278.715105][T15606] loop5: detected capacity change from 0 to 2048
[  278.762845][T15606]  loop5: p1 p3 p4
[  278.767575][T15606] loop5: p4 size 589824 extends beyond EOD, truncated
[  278.958382][T15617] loop2: detected capacity change from 0 to 1024
[  279.030617][T15623] loop1: detected capacity change from 0 to 512
[  279.030662][T15621] loop2: detected capacity change from 0 to 2048
[  279.047809][T15623] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4419'.
[  279.083102][T15621]  loop2: p1 p3 p4
[  279.087968][T15621] loop2: p4 size 589824 extends beyond EOD, truncated
[  279.096668][T15629] netlink: 'syz.1.4421': attribute type 5 has an invalid length.
[  279.357316][T15634] loop2: detected capacity change from 0 to 512
[  279.363896][T15634] ext4: Bad value for 'debug_want_extra_isize'
[  279.698313][T15656] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15656 comm=syz.5.4428
[  279.926642][T15666] loop3: detected capacity change from 0 to 512
[  279.942379][T15666] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4432'.
[  279.978513][T15668] netlink: 'syz.3.4433': attribute type 5 has an invalid length.
[  280.090664][T15679] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15679 comm=syz.3.4437
[  280.103605][T15679] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15679 comm=syz.3.4437
[  280.119492][T15679] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4437'.
[  280.152575][T15683] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4439'.
[  280.188290][T15685] netlink: 14 bytes leftover after parsing attributes in process `gtp'.
[  280.234840][T15691] loop3: detected capacity change from 0 to 512
[  280.250211][T15691] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4443'.
[  280.404136][T15697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4445'.
[  280.509933][T15699] loop3: detected capacity change from 0 to 512
[  280.530426][T15699] ext4: Bad value for 'debug_want_extra_isize'
[  281.154016][T15714] loop1: detected capacity change from 0 to 164
[  281.173442][T15714] Unable to read rock-ridge attributes
[  281.411722][T15704] syz.5.4446 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  281.425927][T15704] CPU: 0 UID: 0 PID: 15704 Comm: syz.5.4446 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  281.426000][T15704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  281.426059][T15704] Call Trace:
[  281.426068][T15704]  <TASK>
[  281.426078][T15704]  __dump_stack+0x1d/0x30
[  281.426106][T15704]  dump_stack_lvl+0xe8/0x140
[  281.426180][T15704]  dump_stack+0x15/0x1b
[  281.426202][T15704]  dump_header+0x81/0x220
[  281.426244][T15704]  oom_kill_process+0x342/0x400
[  281.426287][T15704]  out_of_memory+0x979/0xb80
[  281.426372][T15704]  try_charge_memcg+0x5e6/0x9e0
[  281.426411][T15704]  obj_cgroup_charge_pages+0xa6/0x150
[  281.426456][T15704]  __memcg_kmem_charge_page+0x9f/0x170
[  281.426499][T15704]  __alloc_frozen_pages_noprof+0x188/0x360
[  281.426588][T15704]  alloc_pages_mpol+0xb3/0x250
[  281.426631][T15704]  alloc_pages_noprof+0x90/0x130
[  281.426736][T15704]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  281.426794][T15704]  __kvmalloc_node_noprof+0x30f/0x4e0
[  281.426855][T15704]  ? ip_set_alloc+0x1f/0x30
[  281.426890][T15704]  ? ip_set_alloc+0x1f/0x30
[  281.426973][T15704]  ? __kmalloc_cache_noprof+0x189/0x320
[  281.427014][T15704]  ip_set_alloc+0x1f/0x30
[  281.427041][T15704]  hash_netiface_create+0x282/0x740
[  281.427073][T15704]  ? __pfx_hash_netiface_create+0x10/0x10
[  281.427161][T15704]  ip_set_create+0x3c9/0x960
[  281.427196][T15704]  ? __nla_parse+0x40/0x60
[  281.427225][T15704]  nfnetlink_rcv_msg+0x4c3/0x590
[  281.427324][T15704]  netlink_rcv_skb+0x123/0x220
[  281.427349][T15704]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  281.427376][T15704]  nfnetlink_rcv+0x16b/0x1690
[  281.427398][T15704]  ? nlmon_xmit+0x4f/0x60
[  281.427504][T15704]  ? consume_skb+0x49/0x150
[  281.427529][T15704]  ? nlmon_xmit+0x4f/0x60
[  281.427560][T15704]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  281.427591][T15704]  ? __dev_queue_xmit+0x1200/0x2000
[  281.427720][T15704]  ? __dev_queue_xmit+0x182/0x2000
[  281.427750][T15704]  ? ref_tracker_free+0x37d/0x3e0
[  281.427781][T15704]  ? __netlink_deliver_tap+0x4dc/0x500
[  281.427862][T15704]  netlink_unicast+0x5bd/0x690
[  281.427929][T15704]  netlink_sendmsg+0x58b/0x6b0
[  281.427962][T15704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.427991][T15704]  __sock_sendmsg+0x142/0x180
[  281.428073][T15704]  ____sys_sendmsg+0x31e/0x4e0
[  281.428173][T15704]  ___sys_sendmsg+0x17b/0x1d0
[  281.428214][T15704]  __x64_sys_sendmsg+0xd4/0x160
[  281.428257][T15704]  x64_sys_call+0x191e/0x2ff0
[  281.428281][T15704]  do_syscall_64+0xd2/0x200
[  281.428321][T15704]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  281.428347][T15704]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  281.428419][T15704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.428441][T15704] RIP: 0033:0x7fdad24aec29
[  281.428458][T15704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.428478][T15704] RSP: 002b:00007fdad0f17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.428499][T15704] RAX: ffffffffffffffda RBX: 00007fdad26f5fa0 RCX: 00007fdad24aec29
[  281.428512][T15704] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  281.428525][T15704] RBP: 00007fdad2531e41 R08: 0000000000000000 R09: 0000000000000000
[  281.428583][T15704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  281.428596][T15704] R13: 00007fdad26f6038 R14: 00007fdad26f5fa0 R15: 00007ffc8ab9c768
[  281.428616][T15704]  </TASK>
[  281.428762][T15704] memory: usage 307200kB, limit 307200kB, failcnt 160
[  281.747460][T15729] netlink: 'syz.2.4456': attribute type 5 has an invalid length.
[  281.750316][T15704] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0
[  281.750336][T15704] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[  281.791248][T15704] Memory cgroup stats for /syz5:
[  281.804876][T15704] cache 0
[  281.813088][T15704] rss 4096
[  281.816141][T15704] shmem 0
[  281.819234][T15704] mapped_file 0
[  281.822902][T15704] dirty 0
[  281.825883][T15704] writeback 0
[  281.829190][T15704] workingset_refault_anon 1
[  281.833751][T15704] workingset_refault_file 0
[  281.838273][T15704] swap 196608
[  281.841584][T15704] swapcached 8192
[  281.845265][T15704] pgpgin 2368
[  281.848564][T15704] pgpgout 2366
[  281.851459][T15738] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4457'.
[  281.852032][T15704] pgfault 8562
[  281.864354][T15704] pgmajfault 0
[  281.867733][T15704] inactive_anon 8192
[  281.871750][T15704] active_anon 0
[  281.875427][T15704] inactive_file 0
[  281.879208][T15704] active_file 0
[  281.882732][T15704] unevictable 0
[  281.886198][T15704] hierarchical_memory_limit 314572800
[  281.891605][T15704] hierarchical_memsw_limit 9223372036854771712
[  281.897806][T15704] total_cache 0
[  281.901288][T15704] total_rss 4096
[  281.904882][T15704] total_shmem 0
[  281.908351][T15704] total_mapped_file 0
[  281.912382][T15704] total_dirty 0
[  281.915859][T15704] total_writeback 0
[  281.919680][T15704] total_workingset_refault_anon 1
[  281.924834][T15704] total_workingset_refault_file 0
[  281.929922][T15704] total_swap 196608
[  281.933783][T15704] total_swapcached 8192
[  281.937943][T15704] total_pgpgin 2368
[  281.941785][T15704] total_pgpgout 2366
[  281.945685][T15704] total_pgfault 8562
[  281.949676][T15704] total_pgmajfault 0
[  281.953747][T15704] total_inactive_anon 8192
[  281.958213][T15704] total_active_anon 0
[  281.962231][T15704] total_inactive_file 0
[  281.966387][T15704] total_active_file 0
[  281.970366][T15704] total_unevictable 0
[  281.974363][T15704] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.4446,pid=15703,uid=0
[  281.989250][T15704] Memory cgroup out of memory: Killed process 15703 (syz.5.4446) total-vm:94024kB, anon-rss:1072kB, file-rss:22180kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  282.069324][T15744] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4460'.
[  282.354272][T15762] loop5: detected capacity change from 0 to 512
[  282.383450][T15762] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  282.437121][T15255] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.466056][T15769] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  282.474896][T15769] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  282.689660][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  282.689678][   T29] audit: type=1326 audit(282.661:4487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.707541][T15780] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4469'.
[  282.718774][   T29] audit: type=1326 audit(282.661:4488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.753247][   T29] audit: type=1326 audit(282.681:4489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.776249][   T29] audit: type=1326 audit(282.681:4490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.799165][   T29] audit: type=1326 audit(282.681:4491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.822139][   T29] audit: type=1326 audit(282.721:4492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.845149][   T29] audit: type=1326 audit(282.721:4493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f843964d590 code=0x7ffc0000
[  282.868086][   T29] audit: type=1326 audit(282.721:4494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.891082][   T29] audit: type=1326 audit(282.721:4495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.916806][T15784] netlink: 'syz.5.4474': attribute type 10 has an invalid length.
[  282.937583][   T29] audit: type=1326 audit(282.751:4496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15776 comm="syz.0.4470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  282.989140][T15790] loop1: detected capacity change from 0 to 1024
[  283.010937][T15796] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  283.026056][T15796] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  283.038785][T15798] loop2: detected capacity change from 0 to 2048
[  283.082181][T15798]  loop2: p1 p3 p4
[  283.087069][T15798] loop2: p4 size 589824 extends beyond EOD, truncated
[  283.107670][T15800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4481'.
[  283.186821][T15813] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  283.393998][T15833] loop2: detected capacity change from 0 to 2048
[  283.421912][T15833]  loop2: p1 p3 p4
[  283.426515][T15833] loop2: p4 size 589824 extends beyond EOD, truncated
[  283.759043][T15843] loop1: detected capacity change from 0 to 164
[  283.766349][T15843] Unable to read rock-ridge attributes
[  283.982960][T15856] FAULT_INJECTION: forcing a failure.
[  283.982960][T15856] name failslab, interval 1, probability 0, space 0, times 0
[  283.995693][T15856] CPU: 0 UID: 0 PID: 15856 Comm: syz.1.4502 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  283.995728][T15856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  283.995818][T15856] Call Trace:
[  283.995824][T15856]  <TASK>
[  283.995835][T15856]  __dump_stack+0x1d/0x30
[  283.995863][T15856]  dump_stack_lvl+0xe8/0x140
[  283.995922][T15856]  dump_stack+0x15/0x1b
[  283.995939][T15856]  should_fail_ex+0x265/0x280
[  283.995965][T15856]  should_failslab+0x8c/0xb0
[  283.996020][T15856]  kmem_cache_alloc_noprof+0x50/0x310
[  283.996058][T15856]  ? security_inode_alloc+0x37/0x100
[  283.996090][T15856]  security_inode_alloc+0x37/0x100
[  283.996153][T15856]  inode_init_always_gfp+0x4b7/0x500
[  283.996179][T15856]  ? __pfx_hugetlbfs_alloc_inode+0x10/0x10
[  283.996304][T15856]  alloc_inode+0x58/0x170
[  283.996364][T15856]  new_inode+0x1d/0xe0
[  283.996389][T15856]  hugetlbfs_get_inode+0x7b/0x370
[  283.996445][T15856]  hugetlb_file_setup+0x192/0x3d0
[  283.996473][T15856]  ksys_mmap_pgoff+0x157/0x310
[  283.996494][T15856]  x64_sys_call+0x14a3/0x2ff0
[  283.996522][T15856]  do_syscall_64+0xd2/0x200
[  283.996564][T15856]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  283.996596][T15856]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  283.996634][T15856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.996699][T15856] RIP: 0033:0x7fee4aa2ec29
[  283.996718][T15856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.996742][T15856] RSP: 002b:00007fee4948f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  283.996766][T15856] RAX: ffffffffffffffda RBX: 00007fee4ac75fa0 RCX: 00007fee4aa2ec29
[  283.996781][T15856] RDX: 0000000007000000 RSI: 0000000000800000 RDI: 0000200000800000
[  283.996794][T15856] RBP: 00007fee4948f090 R08: 0000000000000006 R09: 0000000000002000
[  283.996809][T15856] R10: 000000000006e073 R11: 0000000000000246 R12: 0000000000000001
[  283.996870][T15856] R13: 00007fee4ac76038 R14: 00007fee4ac75fa0 R15: 00007ffd2527d9a8
[  283.996892][T15856]  </TASK>
[  284.056601][T15860] loop1: detected capacity change from 0 to 512
[  284.213819][T15858] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  284.271724][T15870] loop1: detected capacity change from 0 to 1024
[  284.331560][T15880] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  284.340463][T15880] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  284.396036][T15879] loop5: detected capacity change from 0 to 164
[  284.405127][T15879] Unable to read rock-ridge attributes
[  284.413127][T15879] 
: renamed from bond0 (while UP)
[  284.442553][T15891] loop5: detected capacity change from 0 to 2048
[  284.502859][T15891]  loop5: p1 p3 p4
[  284.507845][T15891] loop5: p4 size 589824 extends beyond EOD, truncated
[  285.026413][T15902] __nla_validate_parse: 4 callbacks suppressed
[  285.026431][T15902] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4517'.
[  285.066385][T15904] netlink: 'syz.3.4518': attribute type 5 has an invalid length.
[  285.388788][T15927] program gtp is using a deprecated SCSI ioctl, please convert it to SG_IO
[  285.407760][T15927] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  285.492743][T15930] loop1: detected capacity change from 0 to 512
[  285.507008][T15930] ext4: Bad value for 'debug_want_extra_isize'
[  285.610915][T15940] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4528'.
[  285.654380][T15942] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15942 comm=syz.2.4529
[  285.693804][T15942] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15942 comm=syz.2.4529
[  285.715775][T15942] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4529'.
[  285.766671][T15945] pimreg: entered allmulticast mode
[  285.785552][T15945] pimreg: left allmulticast mode
[  286.309829][T15965] FAULT_INJECTION: forcing a failure.
[  286.309829][T15965] name failslab, interval 1, probability 0, space 0, times 0
[  286.322640][T15965] CPU: 1 UID: 0 PID: 15965 Comm: syz.1.4538 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  286.322671][T15965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  286.322684][T15965] Call Trace:
[  286.322691][T15965]  <TASK>
[  286.322698][T15965]  __dump_stack+0x1d/0x30
[  286.322729][T15965]  dump_stack_lvl+0xe8/0x140
[  286.322752][T15965]  dump_stack+0x15/0x1b
[  286.322783][T15965]  should_fail_ex+0x265/0x280
[  286.322876][T15965]  should_failslab+0x8c/0xb0
[  286.322903][T15965]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  286.322943][T15965]  ? sidtab_sid2str_get+0xa0/0x130
[  286.322973][T15965]  kmemdup_noprof+0x2b/0x70
[  286.323069][T15965]  sidtab_sid2str_get+0xa0/0x130
[  286.323096][T15965]  security_sid_to_context_core+0x1eb/0x2e0
[  286.323125][T15965]  security_sid_to_context+0x27/0x40
[  286.323149][T15965]  selinux_lsmprop_to_secctx+0x67/0xf0
[  286.323326][T15965]  security_lsmprop_to_secctx+0x43/0x80
[  286.323375][T15965]  audit_log_task_context+0x77/0x190
[  286.323439][T15965]  audit_log_task+0xf4/0x250
[  286.323477][T15965]  audit_seccomp+0x61/0x100
[  286.323549][T15965]  ? __seccomp_filter+0x68c/0x10d0
[  286.323578][T15965]  __seccomp_filter+0x69d/0x10d0
[  286.323607][T15965]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  286.323705][T15965]  ? vfs_write+0x7e8/0x960
[  286.323742][T15965]  ? __rcu_read_unlock+0x4f/0x70
[  286.323843][T15965]  ? __fget_files+0x184/0x1c0
[  286.323871][T15965]  __secure_computing+0x82/0x150
[  286.323926][T15965]  syscall_trace_enter+0xcf/0x1e0
[  286.323957][T15965]  do_syscall_64+0xac/0x200
[  286.324005][T15965]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  286.324095][T15965]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  286.324132][T15965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.324172][T15965] RIP: 0033:0x7fee4aa2ec29
[  286.324191][T15965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.324213][T15965] RSP: 002b:00007fee4948f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000074
[  286.324310][T15965] RAX: ffffffffffffffda RBX: 00007fee4ac75fa0 RCX: 00007fee4aa2ec29
[  286.324325][T15965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  286.324340][T15965] RBP: 00007fee4948f090 R08: 0000000000000000 R09: 0000000000000000
[  286.324355][T15965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.324370][T15965] R13: 00007fee4ac76038 R14: 00007fee4ac75fa0 R15: 00007ffd2527d9a8
[  286.324394][T15965]  </TASK>
[  286.586835][T15967] loop1: detected capacity change from 0 to 512
[  286.688563][T15971] loop1: detected capacity change from 0 to 512
[  286.734249][T15973] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  286.845087][T15982] loop5: detected capacity change from 0 to 512
[  286.866207][T15982] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.928887][T15255] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.254129][T16008] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  287.357374][T16015] loop3: detected capacity change from 0 to 2048
[  287.392932][T15980] syz.1.4545 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  287.407122][T15980] CPU: 1 UID: 0 PID: 15980 Comm: syz.1.4545 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  287.407214][T15980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  287.407231][T15980] Call Trace:
[  287.407308][T15980]  <TASK>
[  287.407319][T15980]  __dump_stack+0x1d/0x30
[  287.407342][T15980]  dump_stack_lvl+0xe8/0x140
[  287.407363][T15980]  dump_stack+0x15/0x1b
[  287.407386][T15980]  dump_header+0x81/0x220
[  287.407426][T15980]  oom_kill_process+0x342/0x400
[  287.407478][T15980]  out_of_memory+0x979/0xb80
[  287.407525][T15980]  try_charge_memcg+0x5e6/0x9e0
[  287.407702][T15980]  obj_cgroup_charge_pages+0xa6/0x150
[  287.407739][T15980]  __memcg_kmem_charge_page+0x9f/0x170
[  287.407775][T15980]  __alloc_frozen_pages_noprof+0x188/0x360
[  287.407854][T15980]  alloc_pages_mpol+0xb3/0x250
[  287.407922][T15980]  alloc_pages_noprof+0x90/0x130
[  287.408074][T15980]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  287.408258][T15980]  __kvmalloc_node_noprof+0x30f/0x4e0
[  287.408290][T15980]  ? ip_set_alloc+0x1f/0x30
[  287.408311][T15980]  ? ip_set_alloc+0x1f/0x30
[  287.408350][T15980]  ? __kmalloc_cache_noprof+0x189/0x320
[  287.408391][T15980]  ip_set_alloc+0x1f/0x30
[  287.408418][T15980]  hash_netiface_create+0x282/0x740
[  287.408513][T15980]  ? __pfx_hash_netiface_create+0x10/0x10
[  287.408546][T15980]  ip_set_create+0x3c9/0x960
[  287.408608][T15980]  ? __nla_parse+0x40/0x60
[  287.408639][T15980]  nfnetlink_rcv_msg+0x4c3/0x590
[  287.408726][T15980]  netlink_rcv_skb+0x123/0x220
[  287.408753][T15980]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  287.408861][T15980]  nfnetlink_rcv+0x16b/0x1690
[  287.408890][T15980]  ? nlmon_xmit+0x4f/0x60
[  287.408930][T15980]  ? consume_skb+0x49/0x150
[  287.408961][T15980]  ? nlmon_xmit+0x4f/0x60
[  287.409001][T15980]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  287.409056][T15980]  ? __dev_queue_xmit+0x1200/0x2000
[  287.409090][T15980]  ? __dev_queue_xmit+0x182/0x2000
[  287.409126][T15980]  ? ref_tracker_free+0x37d/0x3e0
[  287.409167][T15980]  ? __netlink_deliver_tap+0x4dc/0x500
[  287.409253][T15980]  netlink_unicast+0x5bd/0x690
[  287.409316][T15980]  netlink_sendmsg+0x58b/0x6b0
[  287.409354][T15980]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.409381][T15980]  __sock_sendmsg+0x142/0x180
[  287.409465][T15980]  ____sys_sendmsg+0x31e/0x4e0
[  287.409496][T15980]  ___sys_sendmsg+0x17b/0x1d0
[  287.409552][T15980]  __x64_sys_sendmsg+0xd4/0x160
[  287.409622][T15980]  x64_sys_call+0x191e/0x2ff0
[  287.409645][T15980]  do_syscall_64+0xd2/0x200
[  287.409679][T15980]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  287.409780][T15980]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  287.409869][T15980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.409891][T15980] RIP: 0033:0x7fee4aa2ec29
[  287.409907][T15980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.409982][T15980] RSP: 002b:00007fee4948f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.410008][T15980] RAX: ffffffffffffffda RBX: 00007fee4ac75fa0 RCX: 00007fee4aa2ec29
[  287.410026][T15980] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  287.410109][T15980] RBP: 00007fee4aab1e41 R08: 0000000000000000 R09: 0000000000000000
[  287.410175][T15980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  287.410189][T15980] R13: 00007fee4ac76038 R14: 00007fee4ac75fa0 R15: 00007ffd2527d9a8
[  287.410209][T15980]  </TASK>
[  287.410216][T15980] memory: usage 307200kB, limit 307200kB, failcnt 4151
[  287.421504][T16015]  loop3: p1 p3 p4
[  287.430431][T15980] memory+swap: usage 307700kB, limit 9007199254740988kB, failcnt 0
[  287.430455][T15980] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0
[  287.437302][T16015] loop3: p4 size 589824 extends beyond EOD, 
[  287.441161][T15980] Memory cgroup stats for /syz1:
[  287.441435][T15980] cache 0
[  287.445910][T16015] truncated
[  287.450088][T15980] rss 12288
[  287.788075][T15980] shmem 0
[  287.791012][T15980] mapped_file 0
[  287.794554][T15980] dirty 0
[  287.797495][T15980] writeback 0
[  287.800778][T15980] workingset_refault_anon 1473
[  287.805647][T15980] workingset_refault_file 3111
[  287.810477][T15980] swap 503808
[  287.813782][T15980] swapcached 8192
[  287.817417][T15980] pgpgin 202770
[  287.820885][T15980] pgpgout 202767
[  287.824476][T15980] pgfault 325438
[  287.828060][T15980] pgmajfault 890
[  287.831607][T15980] inactive_anon 8192
[  287.835615][T15980] active_anon 4096
[  287.839416][T15980] inactive_file 0
[  287.843069][T15980] active_file 0
[  287.846641][T15980] unevictable 0
[  287.850126][T15980] hierarchical_memory_limit 314572800
[  287.855548][T15980] hierarchical_memsw_limit 9223372036854771712
[  287.861751][T15980] total_cache 0
[  287.865213][T15980] total_rss 12288
[  287.868844][T15980] total_shmem 0
[  287.872352][T15980] total_mapped_file 0
[  287.876346][T15980] total_dirty 0
[  287.879807][T15980] total_writeback 0
[  287.883671][T15980] total_workingset_refault_anon 1473
[  287.888955][T15980] total_workingset_refault_file 3111
[  287.894272][T15980] total_swap 503808
[  287.898127][T15980] total_swapcached 8192
[  287.902368][T15980] total_pgpgin 202770
[  287.906362][T15980] total_pgpgout 202767
[  287.910424][T15980] total_pgfault 325438
[  287.914512][T15980] total_pgmajfault 890
[  287.918581][T15980] total_inactive_anon 8192
[  287.923092][T15980] total_active_anon 4096
[  287.927354][T15980] total_inactive_file 0
[  287.931511][T15980] total_active_file 0
[  287.935537][T15980] total_unevictable 0
[  287.939534][T15980] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4545,pid=15979,uid=0
[  287.954323][T15980] Memory cgroup out of memory: Killed process 15979 (syz.1.4545) total-vm:94024kB, anon-rss:1200kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  288.204684][T16027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4562'.
[  288.367306][   T29] kauditd_printk_skb: 101 callbacks suppressed
[  288.367324][   T29] audit: type=1326 audit(288.341:4597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.397995][   T29] audit: type=1326 audit(288.341:4598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.421040][   T29] audit: type=1326 audit(288.341:4599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.444068][   T29] audit: type=1326 audit(288.341:4600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.467026][   T29] audit: type=1326 audit(288.341:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.489982][   T29] audit: type=1326 audit(288.341:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.512921][   T29] audit: type=1326 audit(288.341:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.535838][   T29] audit: type=1326 audit(288.341:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.559047][   T29] audit: type=1326 audit(288.341:4605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.582073][   T29] audit: type=1326 audit(288.361:4606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16042 comm="syz.0.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f843964ec29 code=0x7ffc0000
[  288.662823][T16055] loop1: detected capacity change from 0 to 512
[  288.704231][T16061] netlink: 'syz.0.4573': attribute type 6 has an invalid length.
[  288.712258][T16061] FAULT_INJECTION: forcing a failure.
[  288.712258][T16061] name failslab, interval 1, probability 0, space 0, times 0
[  288.724937][T16061] CPU: 0 UID: 0 PID: 16061 Comm: syz.0.4573 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  288.725039][T16061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  288.725136][T16061] Call Trace:
[  288.725143][T16061]  <TASK>
[  288.725151][T16061]  __dump_stack+0x1d/0x30
[  288.725175][T16061]  dump_stack_lvl+0xe8/0x140
[  288.725197][T16061]  dump_stack+0x15/0x1b
[  288.725214][T16061]  should_fail_ex+0x265/0x280
[  288.725241][T16061]  should_failslab+0x8c/0xb0
[  288.725311][T16061]  kmem_cache_alloc_noprof+0x50/0x310
[  288.725342][T16061]  ? fib_table_insert+0x1ab/0xeb0
[  288.725380][T16061]  fib_table_insert+0x1ab/0xeb0
[  288.725483][T16061]  ? fib_trie_table+0xd0/0xf0
[  288.725516][T16061]  ? fib_new_table+0x1ac/0x1c0
[  288.725539][T16061]  inet_rtm_newroute+0xab/0x140
[  288.725571][T16061]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  288.725639][T16061]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  288.725785][T16061]  netlink_rcv_skb+0x123/0x220
[  288.725814][T16061]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  288.725853][T16061]  rtnetlink_rcv+0x1c/0x30
[  288.725886][T16061]  netlink_unicast+0x5bd/0x690
[  288.725913][T16061]  netlink_sendmsg+0x58b/0x6b0
[  288.725943][T16061]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.726053][T16061]  __sock_sendmsg+0x142/0x180
[  288.726089][T16061]  ____sys_sendmsg+0x31e/0x4e0
[  288.726120][T16061]  ___sys_sendmsg+0x17b/0x1d0
[  288.726208][T16061]  __x64_sys_sendmsg+0xd4/0x160
[  288.726243][T16061]  x64_sys_call+0x191e/0x2ff0
[  288.726264][T16061]  do_syscall_64+0xd2/0x200
[  288.726325][T16061]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  288.726394][T16061]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  288.726426][T16061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.726458][T16061] RIP: 0033:0x7f843964ec29
[  288.726562][T16061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.726581][T16061] RSP: 002b:00007f84380af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  288.726601][T16061] RAX: ffffffffffffffda RBX: 00007f8439895fa0 RCX: 00007f843964ec29
[  288.726614][T16061] RDX: 00000000000008b4 RSI: 0000200000000000 RDI: 0000000000000006
[  288.726627][T16061] RBP: 00007f84380af090 R08: 0000000000000000 R09: 0000000000000000
[  288.726710][T16061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.726725][T16061] R13: 00007f8439896038 R14: 00007f8439895fa0 R15: 00007fffa51e4ca8
[  288.726747][T16061]  </TASK>
[  289.050508][T16055] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.074359][T16054] loop3: detected capacity change from 0 to 512
[  289.094910][T16054] ext4: Bad value for 'debug_want_extra_isize'
[  289.215145][T11517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.513603][T16051] syz.2.4571 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  289.524692][T16051] CPU: 1 UID: 0 PID: 16051 Comm: syz.2.4571 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  289.524727][T16051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  289.524760][T16051] Call Trace:
[  289.524767][T16051]  <TASK>
[  289.524775][T16051]  __dump_stack+0x1d/0x30
[  289.524801][T16051]  dump_stack_lvl+0xe8/0x140
[  289.524840][T16051]  dump_stack+0x15/0x1b
[  289.524937][T16051]  dump_header+0x81/0x220
[  289.524970][T16051]  oom_kill_process+0x342/0x400
[  289.525053][T16051]  out_of_memory+0x979/0xb80
[  289.525132][T16051]  try_charge_memcg+0x5e6/0x9e0
[  289.525171][T16051]  charge_memcg+0x51/0xc0
[  289.525202][T16051]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  289.525229][T16051]  __read_swap_cache_async+0x1df/0x350
[  289.525267][T16051]  swap_cluster_readahead+0x376/0x3e0
[  289.525314][T16051]  swapin_readahead+0xde/0x6f0
[  289.525405][T16051]  ? __filemap_get_folio+0x4f7/0x6b0
[  289.525433][T16051]  ? swap_cache_get_folio+0x77/0x200
[  289.525480][T16051]  do_swap_page+0x301/0x2430
[  289.525556][T16051]  ? __set_next_task_fair+0x5b/0x150
[  289.525576][T16051]  ? tracing_record_taskinfo_sched_switch+0x71/0x260
[  289.525610][T16051]  ? finish_task_switch+0xad/0x2b0
[  289.525636][T16051]  ? __pfx_default_wake_function+0x10/0x10
[  289.525678][T16051]  handle_mm_fault+0x9a5/0x2c20
[  289.525805][T16051]  do_user_addr_fault+0x636/0x1090
[  289.525860][T16051]  ? fpregs_restore_userregs+0xe2/0x1d0
[  289.525890][T16051]  ? switch_fpu_return+0xe/0x20
[  289.525922][T16051]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  289.525999][T16051]  exc_page_fault+0x62/0xa0
[  289.526029][T16051]  asm_exc_page_fault+0x26/0x30
[  289.526076][T16051] RIP: 0033:0x7f1f812c565c
[  289.526096][T16051] Code: 66 0f 1f 44 00 00 69 3d 56 00 ea 00 e8 03 00 00 48 8d 1d 57 09 37 00 e8 32 95 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[  289.526116][T16051] RSP: 002b:00007ffc6e620eb0 EFLAGS: 00010202
[  289.526132][T16051] RAX: 0000000000000000 RBX: 00007f1f81635fa0 RCX: 0000000000000000
[  289.526147][T16051] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555564e7e808
[  289.526163][T16051] RBP: 00007f1f81637da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  289.526200][T16051] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000046ab2
[  289.526216][T16051] R13: 00007f1f81636180 R14: ffffffffffffffff R15: 00007ffc6e620fc0
[  289.526236][T16051]  </TASK>
[  289.526243][T16051] memory: usage 307200kB, limit 307200kB, failcnt 7005
[  289.764563][T16051] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0
[  289.772474][T16051] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0
[  289.779769][T16051] Memory cgroup stats for /syz2:
[  289.779984][T16051] cache 0
[  289.787952][T16051] rss 0
[  289.790726][T16051] shmem 0
[  289.793718][T16051] mapped_file 0
[  289.797185][T16051] dirty 0
[  289.800173][T16051] writeback 0
[  289.803505][T16051] workingset_refault_anon 1031
[  289.808262][T16051] workingset_refault_file 8399
[  289.813042][T16051] swap 212992
[  289.816393][T16051] swapcached 0
[  289.819765][T16051] pgpgin 173928
[  289.823324][T16051] pgpgout 173927
[  289.826897][T16051] pgfault 281199
[  289.830436][T16051] pgmajfault 652
[  289.834061][T16051] inactive_anon 0
[  289.837688][T16051] active_anon 0
[  289.841187][T16051] inactive_file 0
[  289.844898][T16051] active_file 4096
[  289.848617][T16051] unevictable 0
[  289.852110][T16051] hierarchical_memory_limit 314572800
[  289.857491][T16051] hierarchical_memsw_limit 9223372036854771712
[  289.863671][T16051] total_cache 0
[  289.867183][T16051] total_rss 0
[  289.870535][T16051] total_shmem 0
[  289.874014][T16051] total_mapped_file 0
[  289.877997][T16051] total_dirty 0
[  289.881498][T16051] total_writeback 0
[  289.885343][T16051] total_workingset_refault_anon 1031
[  289.890679][T16051] total_workingset_refault_file 8399
[  289.896000][T16051] total_swap 212992
[  289.899811][T16051] total_swapcached 0
[  289.903825][T16051] total_pgpgin 173928
[  289.907803][T16051] total_pgpgout 173927
[  289.911877][T16051] total_pgfault 281199
[  289.915936][T16051] total_pgmajfault 652
[  289.920034][T16051] total_inactive_anon 0
[  289.924221][T16051] total_active_anon 0
[  289.928242][T16051] total_inactive_file 0
[  289.932441][T16051] total_active_file 4096
[  289.936751][T16051] total_unevictable 0
[  289.940935][T16051] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.4571,pid=16051,uid=0
[  289.955687][T16051] Memory cgroup out of memory: Killed process 16051 (syz.2.4571) total-vm:94024kB, anon-rss:1068kB, file-rss:22180kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  289.978330][T16085] loop5: detected capacity change from 0 to 2048
[  290.031849][T16085]  loop5: p1 p3 p4
[  290.036652][T16085] loop5: p4 size 589824 extends beyond EOD, truncated
[  290.203417][T16100] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4587'.
[  290.242824][T16102] ip6gre1: entered allmulticast mode
[  290.251890][T16102] vhci_hcd: default hub control req: 6015 v0002 i0003 l0
[  290.320911][T16107] loop1: detected capacity change from 0 to 512
[  290.378254][T16109] loop1: detected capacity change from 0 to 2048
[  290.432259][T16109]  loop1: p1 p3 p4
[  290.437195][T16109] loop1: p4 size 589824 extends beyond EOD, truncated
[  290.543007][T16125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4600'.
[  290.695020][T16134] loop1: detected capacity change from 0 to 164
[  290.702114][T16134] Unable to read rock-ridge attributes
[  290.976604][T16140] loop5: detected capacity change from 0 to 512
[  290.996428][T16140] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.011746][T16121] ==================================================================
[  291.019873][T16121] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[  291.029812][T16121] 
[  291.032153][T16121] read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 1:
[  291.040238][T16121]  tick_do_update_jiffies64+0x113/0x1c0
[  291.045823][T16121]  tick_nohz_handler+0x7f/0x2d0
[  291.050699][T16121]  __hrtimer_run_queues+0x20f/0x5a0
[  291.055926][T16121]  hrtimer_interrupt+0x21a/0x460
[  291.060888][T16121]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  291.066839][T16121]  sysvec_apic_timer_interrupt+0x6f/0x80
[  291.072520][T16121]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  291.078530][T16121]  __tsan_read1+0x114/0x180
[  291.083051][T16121]  copy_page_to_iter+0x120/0x2d0
[  291.088012][T16121]  shmem_file_read_iter+0x2d6/0x540
[  291.093215][T16121]  lo_rw_aio+0x69d/0x760
[  291.097465][T16121]  loop_process_work+0x52d/0xa60
[  291.102420][T16121]  loop_workfn+0x31/0x40
[  291.106679][T16121]  process_scheduled_works+0x4cb/0x9d0
[  291.112153][T16121]  worker_thread+0x582/0x770
[  291.116869][T16121]  kthread+0x489/0x510
[  291.120940][T16121]  ret_from_fork+0x11f/0x1b0
[  291.125534][T16121]  ret_from_fork_asm+0x1a/0x30
[  291.130301][T16121] 
[  291.132632][T16121] read to 0xffffffff868099c0 of 8 bytes by task 16121 on cpu 0:
[  291.140272][T16121]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[  291.146528][T16121]  count_shadow_nodes+0x6a/0x230
[  291.151494][T16121]  do_shrink_slab+0x60/0x680
[  291.156095][T16121]  shrink_slab+0x448/0x760
[  291.160526][T16121]  shrink_node+0x6c3/0x2120
[  291.165213][T16121]  do_try_to_free_pages+0x3f6/0xcd0
[  291.170419][T16121]  try_to_free_mem_cgroup_pages+0x1ab/0x410
[  291.176343][T16121]  try_charge_memcg+0x358/0x9e0
[  291.181234][T16121]  obj_cgroup_charge_pages+0xa6/0x150
[  291.186656][T16121]  __memcg_kmem_charge_page+0x9f/0x170
[  291.192132][T16121]  __alloc_frozen_pages_noprof+0x188/0x360
[  291.197987][T16121]  alloc_pages_mpol+0xb3/0x250
[  291.202767][T16121]  alloc_pages_noprof+0x90/0x130
[  291.207727][T16121]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  291.213562][T16121]  __kvmalloc_node_noprof+0x30f/0x4e0
[  291.218969][T16121]  ip_set_alloc+0x1f/0x30
[  291.223380][T16121]  hash_netiface_create+0x282/0x740
[  291.228602][T16121]  ip_set_create+0x3c9/0x960
[  291.233242][T16121]  nfnetlink_rcv_msg+0x4c3/0x590
[  291.238192][T16121]  netlink_rcv_skb+0x123/0x220
[  291.242974][T16121]  nfnetlink_rcv+0x16b/0x1690
[  291.247666][T16121]  netlink_unicast+0x5bd/0x690
[  291.252544][T16121]  netlink_sendmsg+0x58b/0x6b0
[  291.257336][T16121]  __sock_sendmsg+0x142/0x180
[  291.262041][T16121]  ____sys_sendmsg+0x31e/0x4e0
[  291.266821][T16121]  ___sys_sendmsg+0x17b/0x1d0
[  291.271607][T16121]  __x64_sys_sendmsg+0xd4/0x160
[  291.276482][T16121]  x64_sys_call+0x191e/0x2ff0
[  291.281177][T16121]  do_syscall_64+0xd2/0x200
[  291.285792][T16121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.291698][T16121] 
[  291.294031][T16121] value changed: 0x00000000fffffc43 -> 0x00000000fffffc44
[  291.301154][T16121] 
[  291.303573][T16121] Reported by Kernel Concurrency Sanitizer on:
[  291.309816][T16121] CPU: 0 UID: 0 PID: 16121 Comm: syz.3.4597 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  291.319634][T16121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  291.329697][T16121] ==================================================================
[  291.342772][T15255] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.389148][T16145] loop5: detected capacity change from 0 to 2048
[  291.462308][T16145]  loop5: p1 p3 p4
[  291.469889][T16145] loop5: p4 size 589824 extends beyond EOD, truncated