last executing test programs:

6.217546788s ago: executing program 3 (id=4766):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000400)={0xffffffffffffffff, r0, 0xc}, 0x14)
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7ffff000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000030000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
open_tree(r2, &(0x7f0000000000)='./bus\x00', 0x1000)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
sendfile(r4, r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x30)
r6 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000004, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

5.717576844s ago: executing program 0 (id=4767):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000400)={0x0, 0x9}, 0x8)

5.646579821s ago: executing program 0 (id=4768):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
symlink(&(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='./file0\x00')
readlink(&(0x7f0000000640)='./file0\x00', &(0x7f0000000740)=""/4078, 0xfee)

5.642999301s ago: executing program 0 (id=4769):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
symlink(&(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='./file0\x00')
readlink(&(0x7f0000000640)='./file0\x00', &(0x7f0000000740)=""/4078, 0xfee)

5.587085246s ago: executing program 0 (id=4771):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000240)='./file0\x00')

5.564302878s ago: executing program 0 (id=4772):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x11, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)

5.507865643s ago: executing program 0 (id=4773):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
ptrace(0x10, 0x1)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000940)=0x707987cd)
recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0)

5.315144091s ago: executing program 3 (id=4777):
r0 = io_uring_setup(0x144c, &(0x7f0000000100))
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x0, 0x11, 0x148, 0x358, 0x0, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x358, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x22, 0x0, [{0x6b, 0x4, 0x6, 0x1}, {0x5, 0x7d, 0x1, 0x80}, {0x0, 0x5, 0xe0, 0x1}, {0x59, 0x80, 0x8, 0xfffffffd}, {0xfffd, 0xe4, 0xb, 0x6}, {0x2, 0x7, 0x8, 0x8}, {0x63, 0x3, 0x41, 0xfa60}, {0x1, 0x9f, 0x5, 0xd073}, {0xbd, 0x8, 0x10, 0x3}, {0x4, 0x0, 0x80, 0x6}, {0xfffa, 0xfb, 0x0, 0x9ef00bc2}, {0x9, 0x4, 0xce, 0xf}, {0x7fff, 0xcf, 0x9, 0x800000}, {0x9, 0x4, 0x8, 0x1}, {0x2, 0xa, 0xff, 0x100}, {0x5, 0x3, 0x1b, 0x1}, {0x3, 0x4, 0x1, 0x1}, {0x0, 0x3, 0x3, 0x6}, {0x1, 0x1, 0x75, 0x7}, {0x5d5b, 0x2, 0x8, 0x78b}, {0x1, 0x80, 0x3, 0x10001}, {0x40, 0x3, 0x80, 0x101}, {0x400, 0x6, 0x0, 0x3}, {0x3, 0x0, 0x7, 0xec}, {0x6, 0x2, 0x99, 0xfff}, {0x6, 0x8b, 0x90, 0x90}, {0x4, 0x8, 0x8, 0xfffffffd}, {0x5, 0x8, 0x4, 0x1}, {0x6, 0x4, 0x8, 0x9}, {0xb, 0x7, 0x2, 0x10001}, {0x8, 0x6, 0x5, 0x6}, {0x8001, 0x4, 0xe, 0x4}, {0x5, 0x5, 0x0, 0x2}, {0x1, 0x41, 0x8, 0x80000000}, {0xe00, 0xff, 0x80, 0xab9}, {0x52b6, 0x4, 0x7, 0x3}, {0xc15f, 0x81, 0x3}, {0x9, 0xc, 0x8, 0x40}, {0x81, 0x0, 0x1, 0xff}, {0x40, 0x6, 0x35, 0x1}, {0x1ff, 0xa0, 0x9a, 0x8001}, {0x401, 0x10, 0x7, 0xe}, {0x6, 0xa, 0x1, 0x1}, {0x7, 0xc, 0xff, 0x6}, {0x2, 0xec, 0x4, 0x200}, {0x4, 0xeb, 0x9, 0x3}, {0x0, 0xd, 0x3}, {0x8001, 0x2, 0x2, 0xfffffffa}, {0x9, 0xfe, 0x0, 0x1}, {0x6, 0xc6, 0x3, 0x200000}, {0x8, 0xe, 0xf1, 0xd34f}, {0x4, 0x81, 0x5, 0x9}, {0x6, 0x93, 0x1, 0xfffffffa}, {0x5, 0x6, 0x4, 0x6}, {0xffff, 0x33, 0x3, 0x8}, {0x8, 0x2, 0x9, 0x3}, {0x9ab, 0x65, 0xab, 0x3}, {0x7, 0x0, 0x2, 0x7}, {0x6, 0x9, 0x1, 0x7}, {0x1700, 0x0, 0x1}, {0x1099, 0x1, 0xe0, 0x5}, {0x2, 0x9, 0x5, 0x8}, {0x3, 0xaa}, {0x9, 0x2, 0x9e, 0x6}], {0x7}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@local, [0x0, 0x0, 0xffffff00, 0xffffff00], 0x4e20, 0x4e24, 0x4e22, 0x4e20, 0x2, 0xfff7, 0x7, 0xffffff80, 0x6}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x550)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000340)="03", 0x1}], 0x1}}], 0x1, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x300, 0x0)
close(r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYRES16=0x0], 0x26)

5.205355571s ago: executing program 3 (id=4779):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000940)=0x707987cd)
recvmsg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0)

2.760085706s ago: executing program 2 (id=4813):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x9, 0x3, 0x290, 0x128, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, &(0x7f00000000c0), {[{{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x19}, 0xffffffff, 0x0, 'veth1_macvtap\x00', 'sit0\x00', {0xff}, {0xff}, 0x2e, 0x1, 0x1b}, 0x0, 0xc0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x0, 0x1, 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xd, 0x9, 0x0, 0x4, 'pptp\x00', 'syz0\x00', {0x1}}}}, {{@ip={@loopback, @broadcast, 0x0, 0xff, 'wlan0\x00', 'veth0_to_bridge\x00', {0xff}, {0xff}, 0x0, 0x0, 0x8}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x3, 0x6, 0x4, 0x4], 0x6, 0x4}, {0x2, [0x0, 0x5, 0x0, 0x0, 0x2, 0x5], 0x2, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0)
syz_open_procfs(0x0, 0x0)
dup(0xffffffffffffffff)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x1000)
ftruncate(r5, 0xc17a)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000003100)=@ccm_128={{0x304}, "af8eefd04cad3223", "3e60dc68da5675e60ae160ef2d95ea54", "d7c1f21a", "cd4a35bb97fe1ac1"}, 0x28)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000001a00)=0x2, 0x4)
writev(r4, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x4000}], 0x1)
close(r3)
memfd_create(0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x64, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0)

2.336918595s ago: executing program 4 (id=4819):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000000062fa51f657c13a1c8500000073000000850000007d000000953cd45ec2a587b772", @ANYRES32, @ANYRES16=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e5277b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000040), 0x0, 0x0, 0x0)

2.266836401s ago: executing program 4 (id=4820):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

2.266555051s ago: executing program 4 (id=4821):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
symlink(0x0, &(0x7f0000000140)='./file0\x00')

2.206614217s ago: executing program 4 (id=4822):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00'}, 0x10) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0x3) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000080), &(0x7f00000002c0)}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) (async)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x11}, 0x20)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0xfdef) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r7, 0xc0f85403, 0x0)

2.206274247s ago: executing program 3 (id=4823):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x20, &(0x7f0000000200)={0x0, 0x0, <r1=>0x0, &(0x7f0000000600)=""/247, 0xf7}}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000400)={0xffffffffffffffff, r0, 0xc, 0x0, @val=@target_btf_id=r1}, 0x14)
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000030000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
open_tree(r3, &(0x7f0000000000)='./bus\x00', 0x1000)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
sendfile(r5, r5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x30)
r7 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000004, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

2.206037477s ago: executing program 4 (id=4824):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x9, 0x3, 0x290, 0x128, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, &(0x7f00000000c0), {[{{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x19}, 0xffffffff, 0x0, 'veth1_macvtap\x00', 'sit0\x00', {0xff}, {0xff}, 0x2e, 0x1, 0x1b}, 0x0, 0xc0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x0, 0x1, 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xd, 0x9, 0x0, 0x4, 'pptp\x00', 'syz0\x00', {0x1}}}}, {{@ip={@loopback, @broadcast, 0x0, 0xff, 'wlan0\x00', 'veth0_to_bridge\x00', {0xff}, {0xff}, 0x0, 0x0, 0x8}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x3, 0x6, 0x4, 0x4], 0x6, 0x4}, {0x2, [0x0, 0x5, 0x0, 0x0, 0x2, 0x5], 0x2, 0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0)
syz_open_procfs(0x0, 0x0)
dup(0xffffffffffffffff)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x1000)
ftruncate(r5, 0xc17a)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000003100)=@ccm_128={{0x304}, "af8eefd04cad3223", "3e60dc68da5675e60ae160ef2d95ea54", "d7c1f21a", "cd4a35bb97fe1ac1"}, 0x28)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000001a00)=0x2, 0x4)
writev(r4, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x4000}], 0x1)
close(r3)
memfd_create(0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x68, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0)

1.600789702s ago: executing program 1 (id=4829):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x42, 0x0) (fail_nth: 1)

1.323232578s ago: executing program 1 (id=4830):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000000062fa51f657c13a1c8500000073000000850000007d000000953cd45ec2a587b772", @ANYRES32, @ANYRES16=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e5277b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000040), 0x0, 0x0, 0x0)

1.322625958s ago: executing program 3 (id=4831):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vxcan0\x00', <r3=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl2\x00', r3, 0x4, 0x95, 0x8, 0x3, 0x7d, @mcast2, @private2, 0x0, 0x7800, 0x2, 0xffffff71}})
sendmsg$NL80211_CMD_SET_MAC_ACL(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='~\x00\x00\n', @ANYRES16=0x0, @ANYBLOB="0000f33bdc97a8d29ebcae76e05f43000000", @ANYRES32=0x0, @ANYBLOB="0c00990000000000000000000800a500000000000400a6804000a6800a00060008021100000100000a00060008021100000100000a00060008021100000000000a00060008021100000100000a00060008021100000000000800a50001"], 0x7c}}, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @tracing, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
setsockopt$inet_buf(r4, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003be8c5ee17688a2003308030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba000840024f0298e9e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0x11a)

1.289003931s ago: executing program 1 (id=4832):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000063019a00000000009500000000000000310d4c0402e47660fd91e4fe30ab3fcf0c53548e2b0da7dc4e8d41ccb2c32b0833a3a969f757526d29771cfd934900acda7bb96df434347253ab7e198dc101a9f181436b6f77718d1a07ad8f66a8d1382bd1a85fb1b5430bded95afe8fce9aeaec1edab520b986e0e6f9c98fe29d8b85ecf6209f19ede72e13dfa504bf213794f97f183654b086aafd39e78bda10ffffffff00000000264e02f937e0195e425b03531ff6c47c9f8dfbf0e8abc92901cb8ddd8b39d6e3c464d128adb175cbe47acc6e58f3d9e9126157467b25d300035600d826588028b3e1e9411d8fc44aed3ec488037dee1ec13d7779f983c6da"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYBLOB='9'])
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)

1.178746972s ago: executing program 3 (id=4833):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000940)=0x707987cd)
recvmsg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0)

1.168768442s ago: executing program 1 (id=4834):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
symlink(0x0, &(0x7f0000000140)='./file0\x00')

1.144296034s ago: executing program 1 (id=4835):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x20, &(0x7f0000000200)={&(0x7f00000004c0)=""/146, 0x92, <r0=>0x0, &(0x7f0000000600)=""/247, 0xf7}}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff, 0xc, 0x0, @val=@target_btf_id=r0}, 0x14)
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7ffff000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000030000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'/25], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = open_tree(r2, &(0x7f0000000000)='./bus\x00', 0x1000)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
sendfile(r5, r5, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f00000000c0)=0x100000, 0x4)
fsopen(&(0x7f0000000040)='sockfs\x00', 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x80, 0x32020, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @value=r4}, 0x50)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, 0x3, 0x3, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0xa3}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000020}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

387.630054ms ago: executing program 2 (id=4836):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8014)
socket$netlink(0x10, 0x3, 0x4)
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00'}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000400)={0x0, 0x9}, 0x8)

387.054844ms ago: executing program 4 (id=4837):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x20, &(0x7f0000000200)={&(0x7f00000004c0)=""/146, 0x92, <r1=>0x0, &(0x7f0000000600)=""/247, 0xf7}}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000400)={0xffffffffffffffff, r0, 0xc, 0x0, @val=@target_btf_id=r1}, 0x14)
creat(&(0x7f0000000240)='./bus\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = open_tree(r3, &(0x7f0000000000)='./bus\x00', 0x1000)
r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
sendfile(r6, r6, 0x0, 0x0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f00000000c0)=0x100000, 0x4)
r7 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000004, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x80, 0x32020, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @value=r5}, 0x50)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x2c, 0x3, 0x3, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0xa3}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000020}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

339.913998ms ago: executing program 2 (id=4838):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfef, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
preadv2(r2, 0x0, 0x0, 0x0, 0x0, 0x3f) (fail_nth: 1)

65.779273ms ago: executing program 2 (id=4839):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
ioperm(0x0, 0x4, 0x3ff)

65.063974ms ago: executing program 1 (id=4840):
socket$nl_route(0x10, 0x3, 0x0)
ioperm(0x0, 0x10e, 0x8000000000004)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0xc)
unshare(0x2c060000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYBLOB="01ff00e1c2ed00001c0012000c00010062"], 0x3c}}, 0x0)
r4 = perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x1d, 0x1, 0x0, 0xfc, 0x0, 0x0, 0x10124, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x26be5321, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x9)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500), 0x1, 0x487, &(0x7f00000010c0)="$eJzs3M1vVFUbAPDn3n5A+Wrf9+VFQdAqGokfLS2oLNxoNHGhiYkucFnbgshADa2JECLVGFwaEvfGpYl/gTs3Rl0YE3dGE5eGhCgxAV2NuV8wHWZKgWkHmN8vucw5957pOc/ce+49cw93AuhZo9k/ScSmiPglIoaL7NICo8XL5Yunp/++eHo6iXr9tT+SvNyli6enq6LV+zZGxPokYk8akX6UlJUsNX/y1NGpWm32RJkfX6ifGZ8/eerJI8emDs8enj0+eeDA/n0Tzzw9+VRH4sziurTj/bmd219649wr0wfPvfndl1l7t+0qtjfG0SmjWeB/1nPN2x7pdGVdtrkhnfR3sSHckL6IyHbXQN7/h6Mvru684Xjxw642DlhV2bVpXfvNi3XgLpZEt1sAdEd1oc++/1bLGg09bgsXnouY/rmI/3K5FFv6Iy3LDKxi/aMRcXDxn8+yJVbpPgQAQKN8bPNEq/FfGtvy12JWZ0s5hzISEf+JiP9GxP8iYmtE/D8iL3tPRNxbvLk+vML6m6eGrh3/pOdvKcDryMZ/z5ZzW9WyWNRbVh8jfWVucx7/QHLoSG12b/mZ7ImBdVl+Ypk6vn7hp0+a1w2Vr43jv2zJ6q/GgqXz/U036GamFqY6NSi98EHEjv6l8RdbkiszAdkRsD0idtzYn95SJY489sXOdoVWEH97HZhnqn8e8Wix/xejKf5Kks9PHnunzfzk+Pqoze4dr46Ka33/49lX29V/S/F3QLb/Nyw9/ptKDP+VFPO1A1GrzZ6Yv/E6zv76cdvvNNePP215/A8mr+dz1j+8Vax7b2ph4cRExGDycp4fjIb1k1ffW+Wr8ln8e3a3Ov7T/BwX5f6/LyKyg3hXRNwfEQ+UbX8wIh6KiN3LxP/t8w+/ffPxr64s/plo3f9LI0njfP38yVPVZ3t1zfKJvqPffJW0qX9l+39/LObn2kJ+/ruOlbTr5o5mAAAAuPOkEbEpknTsSjpNx8aK/8O/NTaktbn5hccPzb17fKZ4RmAkBtLqTtdww/3QiWSx/ItFfrK8V1xt31feN/60byjPj03P1Wa6HDv0uo1t+n/m975utw5YdZ7Xgt7V3P/TLrUDWHuu/9C7WvT/oW60A1h7rv/Qu1r1/zNNeXMBcHe6tv//1uIn6yqDq90cYA0Z/0Pv0v+hd+n/0JOWPBJ/fPNKH5uX6PlEpLdFMzqbGFrxj1rc+Ynssr9MmW6fmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj3wAAAP//YyLvrA==")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setresgid(0x0, 0x0, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x44, 0x1, 0x1, 0x3, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev}, {0x14, 0x4, @loopback}}}]}]}, 0x44}}, 0x0)
ioctl$EVIOCSKEYCODE_V2(r5, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, "00207d2000000000c7754a13d700d35796640000017700000000000000002000"})
ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x80044501, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, 0xffffffffffffffff)
rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x800})
unshare(0x24020400)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000), 0x4)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f00000002c0), 0xfe, 0x477, &(0x7f00000004c0)="$eJzs3M1vlMUfAPDvs90ulJdf+SG+gKBVNBKjLS0vcvCi0cSDRhM9YDzVbSHIQg2tiRCi4AFjPBgS78ajiX+BJ70Y9WTiFe+GxBguoKc1s/s80C67taVbtmU/n+SBmWee7cx3Z2c7O7NPA+hbI+mfLGJLRFyJiOGIKLdeMNL878a189W/r52vZlGvv/lXlh4W16+dr+Y/onEkm5sn6vWYd7LFpXciJmu16TN5fmzu1Ptjs2fPPXviVMpOn544cuTggT2VwxOHuhJniuv6ro9mdu985e3Lr1WPXn73529T07bk5UUc3TTSfHbberLblfXY1nnprNzDhrAsqd8G8+NKDMdADN0sG46XP+lp44BVVa/X6xs6F1+oA/ewLDqXXVykDFjvil/06fNvcdylqcea8OcLzQWPFPeN/GiWlKOUXzPY8vm2mzZGxNEL/3yVjiIPALCavk/zn2fazf9K8cC86/6X76Fsi4j/R8T2iLgvInZExP0RjWsfjIiHlll/6w7J7fPP0tU7CmyJ0vzv+Xxva+H8r5j9xbaBPLe1Ef9gduxEbXp//pzsi8ENKT++4CEL/fDSb1+0nvs8X2YfmTf/S0eqv5gL5u24Wm5ZoJuanJvsSvAp/osRu8rt4s9u7gNmEbEzInbdYR0nnv5md6ey/45/EV3YZ6p/HfFUs/8vREv8hWzh/uTk8enj+f7k+HOHJw6NbYza9P6x4lVxu19+vfRGp/pXFH8XpP7f1Pb134w/fUbMNkbMnj13srFfO7v8Oi79/mm1wzZw4/3jTl7/leytRrqSn/twcm7uzHhEJXs1ZYcWnJ+49dgiX1yf4t+3t/34355/HEttfzgi0ot4T0Q8EhGP5n33WEQ8HhF7F4n/pxefeK9TWef+X2RVvotS/FOL9H96y0upW/2//MTAyR+/61R/fUn9f7CR2pefWcr731IbuJLnDgAAANaLUuM78Flp9Ga6VBodbX6Hf0dsKtVmZitxbOaD01PN78pvi8FSsdI1PG89dDxfGy7yEy35A/m68ZcDQ438aHWmNtXr4KHPbe4w/pM/BnrdOmDVuV8L+pfxD/3L+If+ZfxD/zL+oU9V2p/++G63A+iJ5f/+d5s63CvM/6F/Gf/Qv4x/6Esd740vreiW//WaKK+NZrRNDK2NZhSJKK2JZnQv8fpnzSGxVtpTJMpt/phF8cdBulLFhrZFvXxXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6J5/AwAA//9sodye")

40.077396ms ago: executing program 2 (id=4841):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}], 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
shutdown(r0, 0x1)

0s ago: executing program 2 (id=4842):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
io_setup(0x3, &(0x7f00000000c0)=<r1=>0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r2}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
io_submit(r1, 0x1, &(0x7f0000000200)=[&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000700)='9', 0x1}])
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)=0x3)

kernel console output (not intermixed with test programs):

z.3.4307: couldn't read orphan inode 15 (err -117)
[  365.149371][T25938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.208620][T24825] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.299647][T25962] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  366.162609][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  366.195234][T26068] lo speed is unknown, defaulting to 1000
[  366.205189][T26066] loop3: detected capacity change from 0 to 512
[  366.226593][T26066] EXT4-fs: Ignoring removed nobh option
[  366.232205][T26066] EXT4-fs: Ignoring removed nobh option
[  366.283732][T26066] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  366.318748][T26066] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4317: invalid indirect mapped block 2683928664 (level 1)
[  366.363787][T26089] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  366.376770][T26066] EXT4-fs (loop3): 1 truncate cleaned up
[  366.401820][T26066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  366.422917][T26067] lo speed is unknown, defaulting to 1000
[  366.552301][  T131] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.609129][T24825] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.710488][  T131] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.728416][T26067] chnl_net:caif_netlink_parms(): no params data found
[  366.846525][  T131] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.863277][T26067] bridge0: port 1(bridge_slave_0) entered blocking state
[  366.870456][T26067] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.878526][T26067] bridge_slave_0: entered allmulticast mode
[  366.885104][T26067] bridge_slave_0: entered promiscuous mode
[  366.894614][T26138] lo speed is unknown, defaulting to 1000
[  366.937259][  T131] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.956562][T26067] bridge0: port 2(bridge_slave_1) entered blocking state
[  366.963632][T26067] bridge0: port 2(bridge_slave_1) entered disabled state
[  366.971916][T26067] bridge_slave_1: entered allmulticast mode
[  366.979781][T26067] bridge_slave_1: entered promiscuous mode
[  367.021108][T26067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.033637][T26067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  367.049401][  T131] bridge_slave_1: left allmulticast mode
[  367.055219][  T131] bridge_slave_1: left promiscuous mode
[  367.060867][  T131] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.069138][  T131] bridge_slave_0: left allmulticast mode
[  367.074847][  T131] bridge_slave_0: left promiscuous mode
[  367.080766][  T131] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.307177][  T131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  367.345269][  T131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  367.365884][  T131] bond0 (unregistering): Released all slaves
[  367.461661][T26067] team0: Port device team_slave_0 added
[  367.467599][   T29] kauditd_printk_skb: 349 callbacks suppressed
[  367.467615][   T29] audit: type=1400 audit(1727050978.325:19167): avc:  denied  { write } for  pid=26175 comm="syz.3.4342" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  367.493161][   T29] audit: type=1400 audit(1727050978.335:19168): avc:  denied  { mount } for  pid=26175 comm="syz.3.4342" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  367.576140][T26067] team0: Port device team_slave_1 added
[  367.618219][  T131] hsr_slave_0: left promiscuous mode
[  367.632371][  T131] hsr_slave_1: left promiscuous mode
[  367.668364][  T131] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  367.675904][  T131] batman_adv: batadv0: Removing interface: batadv_slave_0
[  367.723474][   T29] audit: type=1326 audit(1727050978.435:19169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26189 comm="syz.4.4344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  367.747223][   T29] audit: type=1326 audit(1727050978.435:19170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26189 comm="syz.4.4344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  367.762952][T26196] loop4: detected capacity change from 0 to 2048
[  367.770837][   T29] audit: type=1326 audit(1727050978.435:19171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26189 comm="syz.4.4344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  367.800869][   T29] audit: type=1326 audit(1727050978.435:19172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26189 comm="syz.4.4344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  367.824614][   T29] audit: type=1326 audit(1727050978.435:19173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26189 comm="syz.4.4344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  367.848691][  T131] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  367.856202][  T131] batman_adv: batadv0: Removing interface: batadv_slave_1
[  367.867376][T26196] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  367.886270][  T131] veth1_macvtap: left promiscuous mode
[  367.891846][  T131] veth0_macvtap: left promiscuous mode
[  367.897477][  T131] veth1_vlan: left promiscuous mode
[  367.902887][  T131] veth0_vlan: left promiscuous mode
[  367.924586][T25283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.059193][  T131] team0 (unregistering): Port device team_slave_1 removed
[  368.130600][  T131] team0 (unregistering): Port device team_slave_0 removed
[  368.142017][   T29] audit: type=1326 audit(1727050979.015:19174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26219 comm="syz.3.4348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  368.165720][   T29] audit: type=1326 audit(1727050979.015:19175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26219 comm="syz.3.4348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  368.189243][   T29] audit: type=1326 audit(1727050979.015:19176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26219 comm="syz.3.4348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  368.232874][T26184] lo speed is unknown, defaulting to 1000
[  368.266354][T26067] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.273375][T26067] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.287923][T26229] siw: device registration error -23
[  368.299397][T26067] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.323487][T26067] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.330571][T26067] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.356694][T26067] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.407681][T26067] hsr_slave_0: entered promiscuous mode
[  368.413925][T26067] hsr_slave_1: entered promiscuous mode
[  368.422072][T26067] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  368.429833][T26067] Cannot create hsr debugfs directory
[  368.833966][T26067] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  368.846123][T26067] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  368.855325][T26067] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  368.866030][T26067] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  368.933333][T26067] 8021q: adding VLAN 0 to HW filter on device bond0
[  368.971443][T26067] 8021q: adding VLAN 0 to HW filter on device team0
[  368.999032][  T131] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.006345][  T131] bridge0: port 1(bridge_slave_0) entered forwarding state
[  369.032547][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.039630][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[  369.153887][T26067] 8021q: adding VLAN 0 to HW filter on device batadv0
[  369.228560][T26329] syz.3.4360[26329] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.228618][T26329] syz.3.4360[26329] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.269548][T26329] syz.3.4360[26329] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.313361][T26067] veth0_vlan: entered promiscuous mode
[  369.346592][T26067] veth1_vlan: entered promiscuous mode
[  369.397228][T26067] veth0_macvtap: entered promiscuous mode
[  369.417867][T26067] veth1_macvtap: entered promiscuous mode
[  369.439236][T26357] siw: device registration error -23
[  369.440145][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.455063][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.465041][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.475567][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.485397][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.495889][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.505750][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.516290][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.526212][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.536728][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.547017][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.557676][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.567584][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.578104][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.595797][T26067] batman_adv: batadv0: Interface activated: batadv_slave_0
[  369.607233][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.617718][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.627685][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.638256][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.648094][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.658579][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.668407][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.678844][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.688666][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.699129][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.708954][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.719473][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.729295][T26067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.739754][T26067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.752855][T26067] batman_adv: batadv0: Interface activated: batadv_slave_1
[  369.762967][T26067] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.771768][T26067] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  369.780483][T26067] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  369.789351][T26067] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  369.889899][T26380] syz.1.4373[26380] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.890079][T26380] syz.1.4373[26380] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.906961][T26380] syz.1.4373[26380] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.955522][T26388] IPv4: Oversized IP packet from 172.20.20.24
[  369.973071][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  369.979193][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  370.000198][T26388] loop1: detected capacity change from 0 to 512
[  370.014931][T26388] EXT4-fs: Ignoring removed nobh option
[  370.020564][T26388] EXT4-fs: Ignoring removed nobh option
[  370.046725][T26388] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  370.061796][T26388] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4377: invalid indirect mapped block 2683928664 (level 1)
[  370.077726][T26388] EXT4-fs (loop1): 1 truncate cleaned up
[  370.084035][T26388] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.123330][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.161103][T26413] loop1: detected capacity change from 0 to 1024
[  370.171866][T26413] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  370.187174][T26413] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.545184][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  370.571870][T26477] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4387'.
[  370.580915][T26477] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4387'.
[  370.644531][T26486] IPv4: Oversized IP packet from 172.20.20.24
[  370.650824][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  370.656962][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  370.722637][T26486] loop3: detected capacity change from 0 to 512
[  370.742692][T26486] EXT4-fs: Ignoring removed nobh option
[  370.748464][T26486] EXT4-fs: Ignoring removed nobh option
[  370.785361][T26486] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  370.817286][T26503] siw: device registration error -23
[  370.832001][T26486] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4389: invalid indirect mapped block 2683928664 (level 1)
[  370.877570][T26486] EXT4-fs (loop3): 1 truncate cleaned up
[  370.887786][T26486] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.941310][T24825] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.025007][T26518] siw: device registration error -23
[  371.033820][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.423352][T26586] IPv4: Oversized IP packet from 172.20.20.24
[  371.429636][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  371.435781][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  371.448276][T26586] loop4: detected capacity change from 0 to 512
[  371.455016][T26586] EXT4-fs: Ignoring removed nobh option
[  371.460800][T26586] EXT4-fs: Ignoring removed nobh option
[  371.470323][T26586] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  371.480443][T26586] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.4402: invalid indirect mapped block 2683928664 (level 1)
[  371.500205][T26589] loop1: detected capacity change from 0 to 1024
[  371.507440][T26589] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  371.516331][T26586] EXT4-fs (loop4): 1 truncate cleaned up
[  371.522359][T26586] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  371.547046][T26589] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  371.562003][T25283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.931514][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  371.944429][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  371.954919][T26623] IPv4: Oversized IP packet from 172.20.20.24
[  371.961119][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  371.967255][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  371.973971][T26626] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4413'.
[  371.983048][T26626] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4413'.
[  372.008232][T26623] loop3: detected capacity change from 0 to 512
[  372.014755][T26627] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4412'.
[  372.023738][T26627] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4412'.
[  372.025062][T26623] EXT4-fs: Ignoring removed nobh option
[  372.038271][T26623] EXT4-fs: Ignoring removed nobh option
[  372.047637][T26623] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  372.055856][T26623] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4414: invalid indirect mapped block 2683928664 (level 1)
[  372.072322][T26623] EXT4-fs (loop3): 1 truncate cleaned up
[  372.078857][T26623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.105740][T24825] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.297759][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.324658][T26644] siw: device registration error -23
[  372.386430][T26655] IPv4: Oversized IP packet from 172.20.20.24
[  372.392700][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  372.407777][T26655] loop3: detected capacity change from 0 to 512
[  372.416196][T26655] EXT4-fs: Ignoring removed nobh option
[  372.421842][T26655] EXT4-fs: Ignoring removed nobh option
[  372.429506][T26655] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  372.437886][T26655] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4425: invalid indirect mapped block 2683928664 (level 1)
[  372.452597][T26655] EXT4-fs (loop3): 1 truncate cleaned up
[  372.460258][T26655] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.475964][   T29] kauditd_printk_skb: 588 callbacks suppressed
[  372.475978][   T29] audit: type=1326 audit(1727050983.365:19765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.505863][   T29] audit: type=1326 audit(1727050983.365:19766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.530859][   T29] audit: type=1326 audit(1727050983.365:19767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.554369][   T29] audit: type=1326 audit(1727050983.365:19768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.578024][   T29] audit: type=1326 audit(1727050983.365:19769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.601628][   T29] audit: type=1326 audit(1727050983.365:19770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.625068][   T29] audit: type=1326 audit(1727050983.365:19771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.648646][   T29] audit: type=1326 audit(1727050983.365:19772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.672307][   T29] audit: type=1326 audit(1727050983.365:19773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.695874][   T29] audit: type=1326 audit(1727050983.365:19774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26654 comm="syz.3.4425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d856def9 code=0x7ffc0000
[  372.732811][T24825] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.873958][T26679] loop4: detected capacity change from 0 to 1024
[  372.889594][T26679] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  372.917235][T26679] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.278190][T26728] loop1: detected capacity change from 0 to 512
[  373.286838][T26728] EXT4-fs: Ignoring removed nobh option
[  373.292494][T26728] EXT4-fs: Ignoring removed nobh option
[  373.309409][T26728] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  373.331391][T26728] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4439: invalid indirect mapped block 2683928664 (level 1)
[  373.351936][T26728] EXT4-fs (loop1): 1 truncate cleaned up
[  373.364845][T26728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.409973][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.430085][T26745] syz.2.4442[26745] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  373.430207][T26745] syz.2.4442[26745] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  373.511832][T26745] syz.2.4442[26745] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  373.669529][T26769] FAULT_INJECTION: forcing a failure.
[  373.669529][T26769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.694224][T26769] CPU: 1 UID: 0 PID: 26769 Comm: syz.1.4446 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  373.704654][T26769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  373.714767][T26769] Call Trace:
[  373.718051][T26769]  <TASK>
[  373.720990][T26769]  dump_stack_lvl+0xf2/0x150
[  373.725618][T26769]  dump_stack+0x15/0x20
[  373.729849][T26769]  should_fail_ex+0x223/0x230
[  373.734593][T26769]  should_fail+0xb/0x10
[  373.738768][T26769]  should_fail_usercopy+0x1a/0x20
[  373.743885][T26769]  strncpy_from_user+0x25/0x270
[  373.748751][T26769]  ? kmem_cache_alloc_noprof+0x10c/0x290
[  373.754398][T26769]  getname_flags+0xb0/0x3b0
[  373.758921][T26769]  user_path_at+0x26/0x110
[  373.763438][T26769]  path_getxattr+0x5d/0x230
[  373.767942][T26769]  ? 0xffffffff81000000
[  373.772151][T26769]  ? __rcu_read_unlock+0x4e/0x70
[  373.776964][T26773] siw: device registration error -23
[  373.777101][T26769]  ? proc_fail_nth_write+0x12a/0x150
[  373.787671][T26769]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  373.793341][T26769]  ? vfs_write+0x580/0x910
[  373.797845][T26769]  ? __fget_files+0x1d4/0x210
[  373.802616][T26769]  ? fput+0x14e/0x190
[  373.806616][T26769]  ? ksys_write+0x178/0x1b0
[  373.811134][T26769]  __x64_sys_lgetxattr+0x58/0x70
[  373.816081][T26769]  x64_sys_call+0xae7/0x2d60
[  373.820695][T26769]  do_syscall_64+0xc9/0x1c0
[  373.825215][T26769]  ? clear_bhb_loop+0x55/0xb0
[  373.829954][T26769]  ? clear_bhb_loop+0x55/0xb0
[  373.834669][T26769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.840570][T26769] RIP: 0033:0x7fc15742def9
[  373.844992][T26769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.864614][T26769] RSP: 002b:00007fc1560a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  373.873189][T26769] RAX: ffffffffffffffda RBX: 00007fc1575e5f80 RCX: 00007fc15742def9
[  373.881257][T26769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180
[  373.889325][T26769] RBP: 00007fc1560a7090 R08: 0000000000000000 R09: 0000000000000000
[  373.897376][T26769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.905375][T26769] R13: 0000000000000000 R14: 00007fc1575e5f80 R15: 00007ffdf8909448
[  373.913392][T26769]  </TASK>
[  373.917830][T25283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.986506][T26791] loop1: detected capacity change from 0 to 512
[  373.998244][T26791] EXT4-fs: Ignoring removed nobh option
[  374.003897][T26791] EXT4-fs: Ignoring removed nobh option
[  374.011643][T26791] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  374.020179][T26791] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4450: invalid indirect mapped block 2683928664 (level 1)
[  374.038975][T26791] EXT4-fs (loop1): 1 truncate cleaned up
[  374.049519][T26791] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.077793][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.158424][T26806] loop1: detected capacity change from 0 to 2048
[  374.178027][T26806] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  374.238841][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.322272][T26817] loop1: detected capacity change from 0 to 512
[  374.338341][T26817] EXT4-fs: Ignoring removed nobh option
[  374.343969][T26817] EXT4-fs: Ignoring removed nobh option
[  374.365926][T26817] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  374.383941][T26817] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4453: invalid indirect mapped block 2683928664 (level 1)
[  374.417406][T26817] EXT4-fs (loop1): 1 truncate cleaned up
[  374.426642][T26817] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.483924][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.568029][T26844] syz.1.4455[26844] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  374.568099][T26844] syz.1.4455[26844] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  374.596554][T26844] syz.1.4455[26844] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.595168][T26902] xt_bpf: check failed: parse error
[  375.620696][T26898] loop0: detected capacity change from 0 to 512
[  375.635187][T26898] EXT4-fs: Ignoring removed nobh option
[  375.640890][T26898] EXT4-fs: Ignoring removed nobh option
[  375.666558][T26907] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4466'.
[  375.675595][T26907] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4466'.
[  375.684656][T26898] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  375.694960][T26898] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.4462: invalid indirect mapped block 2683928664 (level 1)
[  375.720970][T26898] EXT4-fs (loop0): 1 truncate cleaned up
[  375.732430][T26898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.770761][T26911] syz.4.4467[26911] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.770889][T26911] syz.4.4467[26911] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.799924][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.837280][T26914] siw: device registration error -23
[  375.842671][T26911] syz.4.4467[26911] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  375.863013][T26920] loop3: detected capacity change from 0 to 128
[  375.905648][T26930] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  376.094545][T26952] lo speed is unknown, defaulting to 1000
[  376.235975][T26976] loop3: detected capacity change from 0 to 512
[  376.250906][T26976] EXT4-fs: Ignoring removed nobh option
[  376.256509][T26976] EXT4-fs: Ignoring removed nobh option
[  376.276774][T26976] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  376.287011][T26976] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4480: invalid indirect mapped block 2683928664 (level 1)
[  376.326954][T26976] EXT4-fs (loop3): 1 truncate cleaned up
[  376.345195][T26976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.400031][T24825] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.537367][T26995] FAULT_INJECTION: forcing a failure.
[  376.537367][T26995] name failslab, interval 1, probability 0, space 0, times 0
[  376.550095][T26995] CPU: 0 UID: 0 PID: 26995 Comm: syz.3.4481 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  376.560556][T26995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  376.570660][T26995] Call Trace:
[  376.573945][T26995]  <TASK>
[  376.576909][T26995]  dump_stack_lvl+0xf2/0x150
[  376.581533][T26995]  dump_stack+0x15/0x20
[  376.585771][T26995]  should_fail_ex+0x223/0x230
[  376.590474][T26995]  ? __alloc_skb+0x10b/0x310
[  376.595101][T26995]  should_failslab+0x8f/0xb0
[  376.599756][T26995]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[  376.605599][T26995]  __alloc_skb+0x10b/0x310
[  376.610126][T26995]  audit_log_start+0x368/0x6b0
[  376.615076][T26995]  audit_seccomp+0x4b/0x130
[  376.619586][T26995]  __seccomp_filter+0x6fa/0x1180
[  376.624570][T26995]  ? proc_fail_nth_write+0x12a/0x150
[  376.629935][T26995]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  376.635605][T26995]  ? vfs_write+0x580/0x910
[  376.640050][T26995]  ? __fget_files+0x1d4/0x210
[  376.644789][T26995]  __secure_computing+0x9f/0x1c0
[  376.649756][T26995]  syscall_trace_enter+0xd1/0x1f0
[  376.654901][T26995]  ? fpregs_assert_state_consistent+0x83/0xa0
[  376.661113][T26995]  do_syscall_64+0xaa/0x1c0
[  376.665644][T26995]  ? clear_bhb_loop+0x55/0xb0
[  376.670337][T26995]  ? clear_bhb_loop+0x55/0xb0
[  376.675041][T26995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.680995][T26995] RIP: 0033:0x7f03d856def9
[  376.685420][T26995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.705044][T26995] RSP: 002b:00007f03d71e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[  376.713477][T26995] RAX: ffffffffffffffda RBX: 00007f03d8725f80 RCX: 00007f03d856def9
[  376.721461][T26995] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  376.729473][T26995] RBP: 00007f03d71e1090 R08: 0000000000000000 R09: 0000000000000000
[  376.737448][T26995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.745481][T26995] R13: 0000000000000000 R14: 00007f03d8725f80 R15: 00007ffea8916468
[  376.753530][T26995]  </TASK>
[  376.781891][T27005] syz.1.4483[27005] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.781948][T27005] syz.1.4483[27005] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.804400][T27005] syz.1.4483[27005] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.836074][T27009] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=30768 sclass=netlink_route_socket pid=27009 comm=syz.2.4484
[  376.955277][T27024] FAULT_INJECTION: forcing a failure.
[  376.955277][T27024] name failslab, interval 1, probability 0, space 0, times 0
[  376.968064][T27024] CPU: 0 UID: 0 PID: 27024 Comm: syz.2.4484 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  376.978495][T27024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  376.988697][T27024] Call Trace:
[  376.991979][T27024]  <TASK>
[  376.994912][T27024]  dump_stack_lvl+0xf2/0x150
[  376.999515][T27024]  dump_stack+0x15/0x20
[  377.003696][T27024]  should_fail_ex+0x223/0x230
[  377.008401][T27024]  ? skb_clone+0x154/0x1f0
[  377.012826][T27024]  should_failslab+0x8f/0xb0
[  377.017434][T27024]  kmem_cache_alloc_noprof+0x4c/0x290
[  377.022905][T27024]  skb_clone+0x154/0x1f0
[  377.027241][T27024]  __netlink_deliver_tap+0x2bd/0x4c0
[  377.032566][T27024]  netlink_unicast+0x64a/0x670
[  377.037374][T27024]  netlink_sendmsg+0x5cc/0x6e0
[  377.042155][T27024]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.047516][T27024]  __sock_sendmsg+0x140/0x180
[  377.052240][T27024]  sock_write_iter+0x15e/0x1a0
[  377.057017][T27024]  vfs_write+0x76a/0x910
[  377.061286][T27024]  ? __pfx_sock_write_iter+0x10/0x10
[  377.066574][T27024]  ksys_write+0xeb/0x1b0
[  377.070841][T27024]  __x64_sys_write+0x42/0x50
[  377.075500][T27024]  x64_sys_call+0x27dd/0x2d60
[  377.080262][T27024]  do_syscall_64+0xc9/0x1c0
[  377.084795][T27024]  ? clear_bhb_loop+0x55/0xb0
[  377.089483][T27024]  ? clear_bhb_loop+0x55/0xb0
[  377.094187][T27024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.100197][T27024] RIP: 0033:0x7ff1bd56def9
[  377.104642][T27024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.124247][T27024] RSP: 002b:00007ff1bc1c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  377.132676][T27024] RAX: ffffffffffffffda RBX: 00007ff1bd726058 RCX: 00007ff1bd56def9
[  377.140652][T27024] RDX: 0000000000000014 RSI: 0000000020000100 RDI: 0000000000000003
[  377.148624][T27024] RBP: 00007ff1bc1c0090 R08: 0000000000000000 R09: 0000000000000000
[  377.156613][T27024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.164589][T27024] R13: 0000000000000000 R14: 00007ff1bd726058 R15: 00007ffc47bfb6b8
[  377.172567][T27024]  </TASK>
[  377.177971][T27032] ref_ctr_offset mismatch. inode: 0x24e offset: 0x0 ref_ctr_offset(old): 0x4 ref_ctr_offset(new): 0x0
[  377.223631][T27044] xt_bpf: check failed: parse error
[  377.318855][T27055] loop0: detected capacity change from 0 to 2048
[  377.377497][T27055] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  377.427528][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.486838][T27089] can0: slcan on ttyS3.
[  377.524556][T27089] can0 (unregistered): slcan off ttyS3.
[  377.532603][T27089] Falling back ldisc for ttyS3.
[  377.563277][   T29] kauditd_printk_skb: 427 callbacks suppressed
[  377.563292][   T29] audit: type=1400 audit(1727050988.445:20200): avc:  denied  { tracepoint } for  pid=27098 comm="syz.1.4505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  377.605627][T27099] loop1: detected capacity change from 0 to 1024
[  377.622374][T27099] EXT4-fs: Ignoring removed bh option
[  377.627815][T27099] EXT4-fs: Ignoring removed mblk_io_submit option
[  377.666412][   T29] audit: type=1326 audit(1727050988.545:20201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.689998][   T29] audit: type=1326 audit(1727050988.545:20202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.713675][   T29] audit: type=1326 audit(1727050988.555:20203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.777128][T27099] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.797845][   T29] audit: type=1326 audit(1727050988.585:20204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.821605][   T29] audit: type=1326 audit(1727050988.585:20205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.845196][   T29] audit: type=1326 audit(1727050988.595:20206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.869344][   T29] audit: type=1326 audit(1727050988.595:20207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.893363][   T29] audit: type=1326 audit(1727050988.595:20208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.916963][   T29] audit: type=1326 audit(1727050988.595:20209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27107 comm="syz.0.4506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  377.961375][T27114] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4505'.
[  377.970507][T27114] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4505'.
[  378.082533][T27126] loop0: detected capacity change from 0 to 128
[  378.091031][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.224851][T27126] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  378.245157][T27126] ext4 filesystem being mounted at /101/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  378.273046][T27126] FAULT_INJECTION: forcing a failure.
[  378.273046][T27126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.286169][T27126] CPU: 1 UID: 0 PID: 27126 Comm: syz.0.4509 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  378.296675][T27126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  378.306855][T27126] Call Trace:
[  378.310146][T27126]  <TASK>
[  378.313086][T27126]  dump_stack_lvl+0xf2/0x150
[  378.317762][T27126]  dump_stack+0x15/0x20
[  378.322073][T27126]  should_fail_ex+0x223/0x230
[  378.326776][T27126]  should_fail+0xb/0x10
[  378.331063][T27126]  should_fail_usercopy+0x1a/0x20
[  378.336192][T27126]  _copy_to_user+0x1e/0xa0
[  378.340626][T27126]  simple_read_from_buffer+0xa0/0x110
[  378.346020][T27126]  proc_fail_nth_read+0xf9/0x140
[  378.350977][T27126]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.356601][T27126]  vfs_read+0x195/0x720
[  378.360862][T27126]  ? __rcu_read_unlock+0x4e/0x70
[  378.365978][T27126]  ? __fget_files+0x1d4/0x210
[  378.370769][T27126]  ksys_read+0xeb/0x1b0
[  378.374967][T27126]  __x64_sys_read+0x42/0x50
[  378.379544][T27126]  x64_sys_call+0x27d3/0x2d60
[  378.384265][T27126]  do_syscall_64+0xc9/0x1c0
[  378.388788][T27126]  ? clear_bhb_loop+0x55/0xb0
[  378.393537][T27126]  ? clear_bhb_loop+0x55/0xb0
[  378.398245][T27126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.404160][T27126] RIP: 0033:0x7f6298ffc93c
[  378.408582][T27126] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  378.409416][T27150] lo speed is unknown, defaulting to 1000
[  378.428237][T27126] RSP: 002b:00007f6297c77030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  378.428265][T27126] RAX: ffffffffffffffda RBX: 00007f62991b5f80 RCX: 00007f6298ffc93c
[  378.428280][T27126] RDX: 000000000000000f RSI: 00007f6297c770a0 RDI: 0000000000000005
[  378.428319][T27126] RBP: 00007f6297c77090 R08: 0000000000000000 R09: 0000000000000000
[  378.428335][T27126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.474481][T27126] R13: 0000000000000000 R14: 00007f62991b5f80 R15: 00007fff27cddae8
[  378.482459][T27126]  </TASK>
[  378.494640][T24884] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  378.600172][T27172] xt_bpf: check failed: parse error
[  378.642652][T27176] loop1: detected capacity change from 0 to 256
[  378.907040][T27204] loop1: detected capacity change from 0 to 512
[  378.940000][T27204] EXT4-fs: Ignoring removed nobh option
[  378.945662][T27204] EXT4-fs: Ignoring removed nobh option
[  378.961556][T27204] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  379.007623][T27204] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4526: invalid indirect mapped block 2683928664 (level 1)
[  379.061475][T27204] EXT4-fs (loop1): 1 truncate cleaned up
[  379.086892][T27204] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  379.132367][T27220] loop4: detected capacity change from 0 to 512
[  379.156735][T27220] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  379.179081][T25751] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.192827][T27220] EXT4-fs (loop4): 1 truncate cleaned up
[  379.208721][T27220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  379.231182][T27222] sg_write: process 70 (syz.2.4531) changed security contexts after opening file descriptor, this is not allowed.
[  379.270248][T27220] netlink: 19 bytes leftover after parsing attributes in process `syz.4.4530'.
[  379.291340][T27225] lo speed is unknown, defaulting to 1000
[  379.306230][T27222] program syz.2.4531 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  379.412298][T25283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.415235][    C1] net_ratelimit: 11 callbacks suppressed
[  379.415251][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  379.483286][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  379.505862][T27237] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4533'.
[  379.514944][T27237] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4533'.
[  379.543111][T27236] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4534'.
[  379.552127][T27236] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4534'.
[  379.663131][T27249] loop0: detected capacity change from 0 to 512
[  379.673737][T27249] EXT4-fs: Ignoring removed nobh option
[  379.679448][T27249] EXT4-fs: Ignoring removed nobh option
[  379.688234][T27249] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  379.694459][T27257] xt_bpf: check failed: parse error
[  379.696492][T27249] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.4542: invalid indirect mapped block 2683928664 (level 1)
[  379.717268][T27249] EXT4-fs (loop0): 1 truncate cleaned up
[  379.723339][T27249] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  379.748542][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.794918][T27262] lo speed is unknown, defaulting to 1000
[  380.715443][T27393] lo speed is unknown, defaulting to 1000
[  380.877170][T27421] siw: device registration error -23
[  381.269463][T27451] xt_bpf: check failed: parse error
[  381.610501][T27454] IPv4: Oversized IP packet from 172.20.20.24
[  381.616727][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  381.622850][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  381.637004][T27454] loop0: detected capacity change from 0 to 512
[  381.643983][T27454] EXT4-fs: Ignoring removed nobh option
[  381.649678][T27454] EXT4-fs: Ignoring removed nobh option
[  381.659820][T27454] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  381.668224][T27454] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.4568: invalid indirect mapped block 2683928664 (level 1)
[  381.684026][T27454] EXT4-fs (loop0): 1 truncate cleaned up
[  381.690143][T27454] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.725248][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.770989][T27462] loop0: detected capacity change from 0 to 1024
[  381.779999][T27462] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  381.806847][T27462] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.333229][T27483] IPv4: Oversized IP packet from 172.20.20.24
[  382.339457][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  382.345604][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  382.364431][T27483] loop4: detected capacity change from 0 to 512
[  382.383287][T27483] EXT4-fs: Ignoring removed nobh option
[  382.389194][T27483] EXT4-fs: Ignoring removed nobh option
[  382.429006][T27483] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  382.464785][T27483] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.4579: invalid indirect mapped block 2683928664 (level 1)
[  382.526278][T27483] EXT4-fs (loop4): 1 truncate cleaned up
[  382.549590][T27483] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.595402][   T29] kauditd_printk_skb: 485 callbacks suppressed
[  382.595416][   T29] audit: type=1326 audit(1727050993.485:20695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8fb641c890 code=0x7ffc0000
[  382.630986][   T29] audit: type=1326 audit(1727050993.485:20696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f8fb641cc77 code=0x7ffc0000
[  382.654604][   T29] audit: type=1326 audit(1727050993.485:20697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8fb641c890 code=0x7ffc0000
[  382.678189][   T29] audit: type=1326 audit(1727050993.485:20698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.701777][   T29] audit: type=1326 audit(1727050993.485:20699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.725352][   T29] audit: type=1326 audit(1727050993.485:20700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.748938][   T29] audit: type=1326 audit(1727050993.485:20701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.772570][   T29] audit: type=1326 audit(1727050993.485:20702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.780954][T27486] siw: device registration error -23
[  382.796081][   T29] audit: type=1326 audit(1727050993.485:20703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.825038][   T29] audit: type=1326 audit(1727050993.485:20704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27482 comm="syz.4.4579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  382.849593][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.860562][T25283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.943808][T27499] xt_bpf: check failed: parse error
[  383.805684][T27520] IPv4: Oversized IP packet from 172.20.20.24
[  383.811939][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  383.849025][T27520] loop4: detected capacity change from 0 to 512
[  383.858902][T27520] EXT4-fs: Ignoring removed nobh option
[  383.864512][T27520] EXT4-fs: Ignoring removed nobh option
[  383.894829][T27520] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  383.902993][T27520] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.4593: invalid indirect mapped block 2683928664 (level 1)
[  383.938185][T27520] EXT4-fs (loop4): 1 truncate cleaned up
[  383.944486][T27520] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  383.981319][T25283] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.041846][   T29] kauditd_printk_skb: 151 callbacks suppressed
[  388.041862][   T29] audit: type=1326 audit(1727050998.915:20856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.044444][    C0] net_ratelimit: 1 callbacks suppressed
[  388.044458][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  388.048185][   T29] audit: type=1326 audit(1727050998.915:20857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.110376][   T29] audit: type=1326 audit(1727050998.915:20858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.114519][T27538] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4600'.
[  388.134001][   T29] audit: type=1326 audit(1727050998.915:20859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.142971][T27538] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4600'.
[  388.175467][   T29] audit: type=1326 audit(1727050998.915:20860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.199204][   T29] audit: type=1326 audit(1727050998.915:20861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.222770][   T29] audit: type=1326 audit(1727050998.915:20862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.246446][   T29] audit: type=1326 audit(1727050998.915:20863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.270036][   T29] audit: type=1326 audit(1727050998.915:20864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27532 comm="syz.0.4599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6298ffdef9 code=0x7ffc0000
[  388.271077][T27543] loop4: detected capacity change from 0 to 2048
[  388.294703][   T29] audit: type=1326 audit(1727050999.135:20865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27539 comm="syz.4.4601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fb641def9 code=0x7ffc0000
[  388.395849][T27541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  388.413801][T25480] rtc_cmos 00:00: Alarms can be up to one day in the future
[  388.421428][T25480] rtc_cmos 00:00: Alarms can be up to one day in the future
[  388.429006][T25480] rtc_cmos 00:00: Alarms can be up to one day in the future
[  388.436560][T25480] rtc_cmos 00:00: Alarms can be up to one day in the future
[  388.443848][T25480] rtc rtc0: __rtc_set_alarm: err=-22
[  388.547061][T27547] xt_bpf: check failed: parse error
[  388.905792][T27550] syz.2.4604[27550] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.905844][T27550] syz.2.4604[27550] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.927613][T27550] syz.2.4604[27550] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.431824][T27614] lo speed is unknown, defaulting to 1000
[  389.670113][T27648] loop4: detected capacity change from 0 to 2048
[  389.739704][T27648] rtc_cmos 00:00: Alarms can be up to one day in the future
[  389.756318][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  389.763903][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  389.771462][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  389.779058][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  389.786455][ T3415] rtc rtc0: __rtc_set_alarm: err=-22
[  389.931895][T27688] syz.4.4616[27688] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.932111][T27688] syz.4.4616[27688] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  389.969611][T27688] syz.4.4616[27688] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  390.067756][T27712] xt_bpf: check failed: parse error
[  390.110278][T12489] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.136012][T27687] lo speed is unknown, defaulting to 1000
[  390.189154][T12489] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.248408][T12489] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.279915][T27687] chnl_net:caif_netlink_parms(): no params data found
[  390.317426][T12489] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.392264][T27687] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.399353][T27687] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.409134][T27687] bridge_slave_0: entered allmulticast mode
[  390.417658][T27687] bridge_slave_0: entered promiscuous mode
[  390.424742][T27687] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.431801][T27687] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.439187][T27687] bridge_slave_1: entered allmulticast mode
[  390.445853][T27687] bridge_slave_1: entered promiscuous mode
[  390.466247][T27687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.497457][T27687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.507228][T12489] bridge_slave_1: left allmulticast mode
[  390.512892][T12489] bridge_slave_1: left promiscuous mode
[  390.518659][T12489] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.543444][T12489] bridge_slave_0: left allmulticast mode
[  390.549126][T12489] bridge_slave_0: left promiscuous mode
[  390.554853][T12489] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.657191][T12489] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  390.670306][T12489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  390.686811][T12489] bond0 (unregistering): Released all slaves
[  390.712480][T27687] team0: Port device team_slave_0 added
[  390.720481][T27687] team0: Port device team_slave_1 added
[  390.751205][T27687] batman_adv: batadv0: Adding interface: batadv_slave_0
[  390.758219][T27687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.784212][T27687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.799747][T12489] hsr_slave_0: left promiscuous mode
[  390.807039][T12489] hsr_slave_1: left promiscuous mode
[  390.812624][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  390.820100][T12489] batman_adv: batadv0: Removing interface: batadv_slave_0
[  390.832009][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  390.839432][T12489] batman_adv: batadv0: Removing interface: batadv_slave_1
[  390.855434][T12489] veth1_macvtap: left promiscuous mode
[  390.860964][T12489] veth0_macvtap: left promiscuous mode
[  390.866565][T12489] veth1_vlan: left promiscuous mode
[  390.871810][T12489] veth0_vlan: left promiscuous mode
[  390.978296][T27752] loop0: detected capacity change from 0 to 2048
[  391.048151][T27752] rtc_cmos 00:00: Alarms can be up to one day in the future
[  391.058178][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  391.065746][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  391.073262][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  391.080861][ T3415] rtc_cmos 00:00: Alarms can be up to one day in the future
[  391.088164][ T3415] rtc rtc0: __rtc_set_alarm: err=-22
[  391.094081][T12489] team0 (unregistering): Port device team_slave_1 removed
[  391.113350][T12489] team0 (unregistering): Port device team_slave_0 removed
[  391.170499][T27687] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.177511][T27687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.203669][T27687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.259268][T27753] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  391.278430][T27687] hsr_slave_0: entered promiscuous mode
[  391.287178][T27687] hsr_slave_1: entered promiscuous mode
[  391.294480][T27753] x_tables: unsorted underflow at hook 2
[  391.300218][T27687] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  391.318064][T27687] Cannot create hsr debugfs directory
[  391.370846][T27774] loop0: detected capacity change from 0 to 2048
[  391.415002][T27774] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  391.451452][T27754] lo speed is unknown, defaulting to 1000
[  391.465644][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.526677][T27786] xt_bpf: check failed: parse error
[  391.546692][T27754] chnl_net:caif_netlink_parms(): no params data found
[  391.571916][T12489] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.600183][T27754] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.607416][T27754] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.615236][T27754] bridge_slave_0: entered allmulticast mode
[  391.621595][T27754] bridge_slave_0: entered promiscuous mode
[  391.628697][T27754] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.635793][T27754] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.643498][T27754] bridge_slave_1: entered allmulticast mode
[  391.650057][T27754] bridge_slave_1: entered promiscuous mode
[  391.659282][T12489] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.696161][T27754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.710806][T12489] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.726989][T27687] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  391.737021][T27754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.748346][T27687] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  391.760387][T12489] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.783648][T27687] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  391.798236][T27754] team0: Port device team_slave_0 added
[  391.804955][T27754] team0: Port device team_slave_1 added
[  391.810670][T27687] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  391.829823][T27754] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.836843][T27754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.862748][T27754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.901294][T12489] bridge_slave_1: left allmulticast mode
[  391.907010][T12489] bridge_slave_1: left promiscuous mode
[  391.912686][T12489] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.922662][T12489] bridge_slave_0: left allmulticast mode
[  391.928495][T12489] bridge_slave_0: left promiscuous mode
[  391.934178][T12489] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.047344][T12489] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  392.058020][T12489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  392.069878][T12489] bond0 (unregistering): Released all slaves
[  392.080410][T27754] batman_adv: batadv0: Adding interface: batadv_slave_1
[  392.087414][T27754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  392.113387][T27754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  392.143941][T12489] hsr_slave_0: left promiscuous mode
[  392.149796][T12489] hsr_slave_1: left promiscuous mode
[  392.155606][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  392.163006][T12489] batman_adv: batadv0: Removing interface: batadv_slave_0
[  392.170579][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  392.178036][T12489] batman_adv: batadv0: Removing interface: batadv_slave_1
[  392.187863][T12489] veth1_macvtap: left promiscuous mode
[  392.193422][T12489] veth0_macvtap: left promiscuous mode
[  392.199013][T12489] veth1_vlan: left promiscuous mode
[  392.204238][T12489] veth0_vlan: left promiscuous mode
[  392.328638][T12489] team0 (unregistering): Port device team_slave_1 removed
[  392.347730][T12489] team0 (unregistering): Port device team_slave_0 removed
[  392.431057][T27754] hsr_slave_0: entered promiscuous mode
[  392.442715][T27754] hsr_slave_1: entered promiscuous mode
[  392.454065][T27754] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  392.467156][T27754] Cannot create hsr debugfs directory
[  392.473950][T27801] lo speed is unknown, defaulting to 1000
[  392.479860][T27687] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.540177][T27687] 8021q: adding VLAN 0 to HW filter on device team0
[  392.570576][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.577692][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.606367][T12493] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.613485][T12493] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.732351][T27687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.862602][T27811] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  392.892982][T27687] veth0_vlan: entered promiscuous mode
[  392.904850][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  392.917171][T27687] veth1_vlan: entered promiscuous mode
[  392.949922][T27824] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4642'.
[  392.958930][T27824] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4642'.
[  392.997456][T27826] xt_bpf: check failed: parse error
[  393.011003][T27687] veth0_macvtap: entered promiscuous mode
[  393.018407][T27687] veth1_macvtap: entered promiscuous mode
[  393.028247][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.038743][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.048751][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.059219][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.069145][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.079627][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.089454][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.099970][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.110004][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.120539][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.130409][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.140895][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.153093][   T29] kauditd_printk_skb: 245 callbacks suppressed
[  393.153105][   T29] audit: type=1326 audit(1727051004.035:21111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27823 comm="syz.2.4642" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x0
[  393.178043][T27687] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.197968][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.208567][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.218454][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.228938][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.238831][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.249328][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.259138][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.269626][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.279491][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.289971][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.299910][T27687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.310391][T27687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.322530][T27687] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.347456][T27754] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  393.357977][T27754] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  393.366904][T27754] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  393.375370][T27754] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  393.384123][T27687] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  393.393090][T27687] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.401830][T27687] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.410595][T27687] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  393.463048][T27754] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.479613][T27754] 8021q: adding VLAN 0 to HW filter on device team0
[  393.497484][T27754] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  393.508012][T27754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  393.529578][T12489] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.536709][T12489] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.552805][T12489] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.559866][T12489] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.591266][   T29] audit: type=1326 audit(1727051004.475:21112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27835 comm="syz.3.4644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.642366][T27754] 8021q: adding VLAN 0 to HW filter on device batadv0
[  393.654516][   T29] audit: type=1326 audit(1727051004.505:21113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27835 comm="syz.3.4644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.678355][   T29] audit: type=1326 audit(1727051004.505:21114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27835 comm="syz.3.4644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.702115][   T29] audit: type=1326 audit(1727051004.505:21115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27835 comm="syz.3.4644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.752954][   T29] audit: type=1326 audit(1727051004.635:21116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27848 comm="syz.3.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.784888][   T29] audit: type=1326 audit(1727051004.665:21117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27848 comm="syz.3.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.808572][   T29] audit: type=1326 audit(1727051004.665:21118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27848 comm="syz.3.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.832627][   T29] audit: type=1326 audit(1727051004.665:21119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27848 comm="syz.3.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.850754][T27754] veth0_vlan: entered promiscuous mode
[  393.856207][   T29] audit: type=1326 audit(1727051004.665:21120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27848 comm="syz.3.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe294bbdef9 code=0x7ffc0000
[  393.877508][T27859] loop3: detected capacity change from 0 to 256
[  393.902432][T27847] lo speed is unknown, defaulting to 1000
[  393.911571][T27754] veth1_vlan: entered promiscuous mode
[  393.939173][T27861] loop0: detected capacity change from 0 to 1024
[  393.953108][T27754] veth0_macvtap: entered promiscuous mode
[  393.959577][T27861] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  393.973758][T27754] veth1_macvtap: entered promiscuous mode
[  393.987036][T27861] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.007396][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.017839][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.027696][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.038226][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.048073][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.058559][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.068390][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.078855][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.088687][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.099128][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.108966][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.119404][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.129386][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.139866][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.150824][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.151788][T27754] batman_adv: batadv0: Interface activated: batadv_slave_0
[  394.172608][T27859] tipc: Started in network mode
[  394.177586][T27859] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  394.184738][T27859] tipc: Enabled bearer <eth:ipvlan0>, priority 0
[  394.202900][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.213533][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.223465][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.233958][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.243898][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.254388][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.264277][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.274922][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.284793][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.295231][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.305046][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.315461][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.325274][T27754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.335711][T27754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.348142][T27754] batman_adv: batadv0: Interface activated: batadv_slave_1
[  394.360145][T27864] tipc: Enabled bearer <ib:caif0>, priority 0
[  394.366569][T27862] lo speed is unknown, defaulting to 1000
[  394.382076][T27754] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.391007][T27754] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.399820][T27754] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.408555][T27754] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.525959][T27882] FAULT_INJECTION: forcing a failure.
[  394.525959][T27882] name failslab, interval 1, probability 0, space 0, times 0
[  394.538622][T27882] CPU: 1 UID: 0 PID: 27882 Comm: syz.0.4657 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  394.549064][T27882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  394.559119][T27882] Call Trace:
[  394.562395][T27882]  <TASK>
[  394.565328][T27882]  dump_stack_lvl+0xf2/0x150
[  394.566223][T27687] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  394.570111][T27882]  dump_stack+0x15/0x20
[  394.570145][T27882]  should_fail_ex+0x223/0x230
[  394.570184][T27882]  ? getname_flags+0x81/0x3b0
[  394.577759][T27687] FAT-fs (loop3): Filesystem has been set read-only
[  394.581835][T27882]  should_failslab+0x8f/0xb0
[  394.602454][T27882]  kmem_cache_alloc_noprof+0x4c/0x290
[  394.606170][T27687] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  394.607877][T27882]  getname_flags+0x81/0x3b0
[  394.619918][T27882]  user_path_at+0x26/0x110
[  394.624353][T27882]  __se_sys_mount_setattr+0x49c/0x12f0
[  394.629861][T27882]  ? fput+0x14e/0x190
[  394.633960][T27882]  __x64_sys_mount_setattr+0x67/0x80
[  394.635023][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  394.639249][T27882]  x64_sys_call+0x2a7b/0x2d60
[  394.653282][T27882]  do_syscall_64+0xc9/0x1c0
[  394.657825][T27882]  ? clear_bhb_loop+0x55/0xb0
[  394.659266][T27878] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4656'.
[  394.662595][T27882]  ? clear_bhb_loop+0x55/0xb0
[  394.662623][T27882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.662650][T27882] RIP: 0033:0x7f6298ffdef9
[  394.662664][T27882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.671665][T27878] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4656'.
[  394.676227][T27882] RSP: 002b:00007f6297c77038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[  394.676254][T27882] RAX: ffffffffffffffda RBX: 00007f62991b5f80 RCX: 00007f6298ffdef9
[  394.676271][T27882] RDX: 0000000000000000 RSI: 0000000020000240 RDI: ffffffffffffff9c
[  394.739506][T27882] RBP: 00007f6297c77090 R08: 0000000000000020 R09: 0000000000000000
[  394.747480][T27882] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[  394.755505][T27882] R13: 0000000000000000 R14: 00007f62991b5f80 R15: 00007fff27cddae8
[  394.763509][T27882]  </TASK>
[  394.829339][T27887] loop0: detected capacity change from 0 to 1024
[  394.836818][T27887] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  394.852690][T27887] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.879298][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.962235][T27907] syz.1.4669[27907] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  394.962344][T27907] syz.1.4669[27907] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  394.974013][T27907] syz.1.4669[27907] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  395.004327][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  395.021595][T27910] loop1: detected capacity change from 0 to 1024
[  395.035429][T27910] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  395.044986][T27908] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4670'.
[  395.053968][T27908] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4670'.
[  395.064634][T27910] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  395.418603][T27918] FAULT_INJECTION: forcing a failure.
[  395.418603][T27918] name failslab, interval 1, probability 0, space 0, times 0
[  395.431297][T27918] CPU: 1 UID: 0 PID: 27918 Comm: syz.2.4673 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  395.441711][T27918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  395.444376][    T8] tipc: Node number set to 10136234
[  395.451748][T27918] Call Trace:
[  395.451756][T27918]  <TASK>
[  395.463237][T27918]  dump_stack_lvl+0xf2/0x150
[  395.467906][T27918]  dump_stack+0x15/0x20
[  395.472133][T27918]  should_fail_ex+0x223/0x230
[  395.476882][T27918]  ? sock_alloc_inode+0x34/0xa0
[  395.481750][T27918]  should_failslab+0x8f/0xb0
[  395.486342][T27918]  kmem_cache_alloc_lru_noprof+0x51/0x2a0
[  395.492076][T27918]  ? avc_xperms_populate+0x2a5/0x310
[  395.497377][T27918]  sock_alloc_inode+0x34/0xa0
[  395.502122][T27918]  ? __pfx_sock_alloc_inode+0x10/0x10
[  395.507502][T27918]  alloc_inode+0x3c/0x160
[  395.511912][T27918]  new_inode_pseudo+0x15/0x20
[  395.516590][T27918]  __sock_create+0x12b/0x4f0
[  395.521241][T27918]  sock_create_kern+0x38/0x50
[  395.525934][T27918]  mptcp_subflow_create_socket+0x84/0x710
[  395.531715][T27918]  ? avc_has_perm_noaudit+0x16a/0x210
[  395.537106][T27918]  __mptcp_nmpc_sk+0xb4/0x3c0
[  395.541806][T27918]  mptcp_connect+0x59/0x760
[  395.546559][T27918]  __inet_stream_connect+0x162/0x790
[  395.552292][T27918]  ? _raw_spin_unlock_bh+0x36/0x40
[  395.557481][T27918]  ? release_sock+0x117/0x150
[  395.562224][T27918]  ? _raw_spin_unlock_bh+0x36/0x40
[  395.567400][T27918]  ? lock_sock_nested+0x10f/0x140
[  395.572440][T27918]  ? selinux_netlbl_socket_connect+0x113/0x130
[  395.578686][T27918]  inet_stream_connect+0x48/0x70
[  395.583668][T27918]  ? __pfx_inet_stream_connect+0x10/0x10
[  395.589391][T27918]  __sys_connect+0x19d/0x1b0
[  395.594050][T27918]  __x64_sys_connect+0x41/0x50
[  395.598830][T27918]  x64_sys_call+0x2220/0x2d60
[  395.603520][T27918]  do_syscall_64+0xc9/0x1c0
[  395.608058][T27918]  ? clear_bhb_loop+0x55/0xb0
[  395.612738][T27918]  ? clear_bhb_loop+0x55/0xb0
[  395.617453][T27918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.623426][T27918] RIP: 0033:0x7ff1bd56def9
[  395.627841][T27918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.647520][T27918] RSP: 002b:00007ff1bc1e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  395.655939][T27918] RAX: ffffffffffffffda RBX: 00007ff1bd725f80 RCX: 00007ff1bd56def9
[  395.664090][T27918] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003
[  395.672138][T27918] RBP: 00007ff1bc1e1090 R08: 0000000000000000 R09: 0000000000000000
[  395.680192][T27918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.688252][T27918] R13: 0000000000000000 R14: 00007ff1bd725f80 R15: 00007ffc47bfb6b8
[  395.696240][T27918]  </TASK>
[  395.699438][T27918] socket: no more sockets
[  395.840000][T27924] rtc_cmos 00:00: Alarms can be up to one day in the future
[  395.854439][ T3336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  395.861973][ T3336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  395.869632][ T3336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  395.877211][ T3336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  395.884497][ T3336] rtc rtc0: __rtc_set_alarm: err=-22
[  395.907136][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.994258][T27935] syz.0.4681[27935] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  395.994446][T27935] syz.0.4681[27935] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.008554][T27935] syz.0.4681[27935] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.058129][T27941] siw: device registration error -23
[  396.081862][T27943] loop1: detected capacity change from 0 to 128
[  396.090174][T27943] vfat: Unknown parameter 't�#�2��w'
[  396.389098][T27964] syz.1.4694[27964] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.389167][T27964] syz.1.4694[27964] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.410769][T27964] syz.1.4694[27964] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.529325][T27972] loop1: detected capacity change from 0 to 1024
[  396.556802][T27972] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  396.570710][T27972] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.599573][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.820272][T27977] siw: device registration error -23
[  396.957372][T12489] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.986718][T27983] lo speed is unknown, defaulting to 1000
[  397.141800][T27986] lo speed is unknown, defaulting to 1000
[  397.209766][T12489] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.220899][T27986] chnl_net:caif_netlink_parms(): no params data found
[  397.267883][T12489] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.286933][T27986] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.294042][T27986] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.303315][T27986] bridge_slave_0: entered allmulticast mode
[  397.310389][T27986] bridge_slave_0: entered promiscuous mode
[  397.319157][T27986] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.326249][T27986] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.333664][T27986] bridge_slave_1: entered allmulticast mode
[  397.341823][T27986] bridge_slave_1: entered promiscuous mode
[  397.351109][T12489] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.375211][T27986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  397.388816][T27986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  397.416520][T12489] bridge_slave_1: left allmulticast mode
[  397.422231][T12489] bridge_slave_1: left promiscuous mode
[  397.427848][T12489] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.437540][T12489] bridge_slave_0: left allmulticast mode
[  397.443252][T12489] bridge_slave_0: left promiscuous mode
[  397.448945][T12489] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.566909][T12489] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  397.577869][T12489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  397.588188][T12489] bond0 (unregistering): Released all slaves
[  397.603387][T27986] team0: Port device team_slave_0 added
[  397.613048][T27986] team0: Port device team_slave_1 added
[  397.629746][T27986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  397.636719][T27986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  397.662723][T27986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  397.679985][T27986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  397.686983][T27986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  397.713176][T27986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  397.729636][T12489] tipc: Disabling bearer <eth:ipvlan0>
[  397.741369][T12489] tipc: Disabling bearer <ib:caif0>
[  397.754282][T12489] tipc: Left network mode
[  397.786424][T27986] hsr_slave_0: entered promiscuous mode
[  397.800877][T27986] hsr_slave_1: entered promiscuous mode
[  397.806941][T27986] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  397.819888][T28006] syz.0.4706[28006] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  397.824809][T27986] Cannot create hsr debugfs directory
[  397.836766][T28012] loop1: detected capacity change from 0 to 1024
[  397.863681][T28012] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  397.895582][T12489] hsr_slave_0: left promiscuous mode
[  397.901340][T12489] hsr_slave_1: left promiscuous mode
[  397.909709][T28019] siw: device registration error -23
[  397.909807][T28012] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  397.935349][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.942767][T12489] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.972536][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.992044][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.999494][T12489] batman_adv: batadv0: Removing interface: batadv_slave_1
[  398.031494][T12489] veth1_macvtap: left promiscuous mode
[  398.035284][T28029] FAULT_INJECTION: forcing a failure.
[  398.035284][T28029] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.037103][T12489] veth0_macvtap: left promiscuous mode
[  398.050004][T28029] CPU: 1 UID: 0 PID: 28029 Comm: syz.0.4715 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  398.055476][T12489] veth1_vlan: left promiscuous mode
[  398.065781][T28029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  398.070984][T12489] veth0_vlan: left promiscuous mode
[  398.080996][T28029] Call Trace:
[  398.081003][T28029]  <TASK>
[  398.081010][T28029]  dump_stack_lvl+0xf2/0x150
[  398.097043][T28029]  dump_stack+0x15/0x20
[  398.101220][T28029]  should_fail_ex+0x223/0x230
[  398.105938][T28029]  should_fail+0xb/0x10
[  398.110208][T28029]  should_fail_usercopy+0x1a/0x20
[  398.115251][T28029]  _copy_from_user+0x1e/0xd0
[  398.119916][T28029]  __se_sys_mount+0x119/0x2d0
[  398.124666][T28029]  ? ksys_write+0x178/0x1b0
[  398.129254][T28029]  __x64_sys_mount+0x67/0x80
[  398.133868][T28029]  x64_sys_call+0x203e/0x2d60
[  398.138605][T28029]  do_syscall_64+0xc9/0x1c0
[  398.143107][T28029]  ? clear_bhb_loop+0x55/0xb0
[  398.147785][T28029]  ? clear_bhb_loop+0x55/0xb0
[  398.152520][T28029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.158475][T28029] RIP: 0033:0x7f6298ffdef9
[  398.163012][T28029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.182618][T28029] RSP: 002b:00007f6297c77038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  398.191156][T28029] RAX: ffffffffffffffda RBX: 00007f62991b5f80 RCX: 00007f6298ffdef9
[  398.199136][T28029] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000
[  398.207105][T28029] RBP: 00007f6297c77090 R08: 0000000020000200 R09: 0000000000000000
[  398.215159][T28029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.223245][T28029] R13: 0000000000000000 R14: 00007f62991b5f80 R15: 00007fff27cddae8
[  398.231212][T28029]  </TASK>
[  398.237094][   T29] kauditd_printk_skb: 229 callbacks suppressed
[  398.237160][   T29] audit: type=1326 audit(1727051009.125:21350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.245032][T28032] IPv4: Oversized IP packet from 172.20.20.24
[  398.266890][   T29] audit: type=1326 audit(1727051009.125:21351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.272994][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  398.298368][   T29] audit: type=1326 audit(1727051009.135:21352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.302576][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  398.339864][   T29] audit: type=1326 audit(1727051009.225:21353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.363755][   T29] audit: type=1326 audit(1727051009.225:21354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.396243][T28032] loop1: detected capacity change from 0 to 512
[  398.419669][   T29] audit: type=1326 audit(1727051009.275:21355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.436982][T28032] EXT4-fs: Ignoring removed nobh option
[  398.443407][   T29] audit: type=1326 audit(1727051009.275:21356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.448853][T28032] EXT4-fs: Ignoring removed nobh option
[  398.478058][   T29] audit: type=1326 audit(1727051009.275:21357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.501809][   T29] audit: type=1326 audit(1727051009.275:21358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.525487][   T29] audit: type=1326 audit(1727051009.275:21359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28031 comm="syz.1.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f425def9 code=0x7ffc0000
[  398.553084][T28032] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  398.562782][T28032] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4716: invalid indirect mapped block 2683928664 (level 1)
[  398.588620][T28032] EXT4-fs (loop1): 1 truncate cleaned up
[  398.618181][T28032] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.657494][T12489] team0 (unregistering): Port device team_slave_1 removed
[  398.702900][T12489] team0 (unregistering): Port device team_slave_0 removed
[  398.768572][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.789631][T28048] loop0: detected capacity change from 0 to 1024
[  398.798944][T28048] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  398.818231][T28048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.833125][T28050] lo speed is unknown, defaulting to 1000
[  398.868248][T24884] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.017399][T28075] siw: device registration error -23
[  399.038615][T27986] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  399.054630][T28070] IPv4: Oversized IP packet from 172.20.20.24
[  399.060925][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  399.060994][T27986] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  399.067070][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  399.085896][T27986] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  399.094531][T27986] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  399.114274][T28070] loop0: detected capacity change from 0 to 512
[  399.121846][T28070] EXT4-fs: Ignoring removed nobh option
[  399.127500][T28070] EXT4-fs: Ignoring removed nobh option
[  399.147155][T28070] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  399.158662][T28070] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.4733: invalid indirect mapped block 2683928664 (level 1)
[  399.183956][T28070] EXT4-fs (loop0): 1 truncate cleaned up
[  399.200691][T27986] 8021q: adding VLAN 0 to HW filter on device bond0
[  399.213689][T27986] 8021q: adding VLAN 0 to HW filter on device team0
[  399.223338][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.230425][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.250651][T28085] xt_bpf: check failed: parse error
[  399.258871][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.265944][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.285380][T27986] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  399.295928][T27986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  399.374720][T27986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  399.442130][T27986] veth0_vlan: entered promiscuous mode
[  399.450374][T27986] veth1_vlan: entered promiscuous mode
[  399.462444][T27986] veth0_macvtap: entered promiscuous mode
[  399.470119][T27986] veth1_macvtap: entered promiscuous mode
[  399.480017][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.490501][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.500481][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.511034][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.520895][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.531360][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.541207][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.551909][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.561863][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.572454][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.582300][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.592746][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.602562][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.613045][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.623712][T27986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  399.632431][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.642895][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.652774][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.663216][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.673119][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.683614][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.693486][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.703913][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.713844][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.724488][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.734417][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.744947][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.754803][T27986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.765260][T27986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.775897][T27986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  399.796028][T27986] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  399.804929][T27986] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  399.813620][T27986] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  399.822478][T27986] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  399.999914][T28121] loop3: detected capacity change from 0 to 1024
[  400.007592][T28121] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  400.072161][T28130] loop3: detected capacity change from 0 to 512
[  400.079530][T28130] EXT4-fs: Ignoring removed nobh option
[  400.085185][T28130] EXT4-fs: Ignoring removed nobh option
[  400.123624][T28130] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  400.144099][T28130] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4748: invalid indirect mapped block 2683928664 (level 1)
[  400.161785][T28140] siw: device registration error -23
[  400.163751][T28130] EXT4-fs (loop3): 1 truncate cleaned up
[  400.173148][T28130] EXT4-fs mount: 4 callbacks suppressed
[  400.173158][T28130] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  400.227204][T27986] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.264029][T28149] loop3: detected capacity change from 0 to 1024
[  400.286393][T28149] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  400.307879][T28149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.126978][T27986] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.260993][T28244] xt_bpf: check failed: parse error
[  401.363788][T28258] loop3: detected capacity change from 0 to 512
[  401.372687][T28258] EXT4-fs: Ignoring removed nobh option
[  401.378370][T28258] EXT4-fs: Ignoring removed nobh option
[  401.386937][T28258] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  401.403191][T28258] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.4761: invalid indirect mapped block 2683928664 (level 1)
[  401.427569][T28258] EXT4-fs (loop3): 1 truncate cleaned up
[  401.433774][T28258] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.459437][T27986] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.641575][T28295] loop3: detected capacity change from 0 to 1024
[  401.657282][T28295] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  401.668315][T28295] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.671226][T28273] lo speed is unknown, defaulting to 1000
[  401.699501][T12489] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.764789][T12489] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.871346][T12489] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.910766][T12489] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.002225][T28273] chnl_net:caif_netlink_parms(): no params data found
[  402.029709][T12489] bridge_slave_1: left allmulticast mode
[  402.035472][T12489] bridge_slave_1: left promiscuous mode
[  402.041188][T12489] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.083806][T12489] bridge_slave_0: left allmulticast mode
[  402.089561][T12489] bridge_slave_0: left promiscuous mode
[  402.095268][T12489] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.277806][T12489] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  402.303268][T12489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  402.327207][T12489] bond0 (unregistering): Released all slaves
[  402.413607][T12489] hsr_slave_0: left promiscuous mode
[  402.429983][T12489] hsr_slave_1: left promiscuous mode
[  402.454147][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.461818][T12489] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.491094][T12489] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.499066][T12489] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.517000][T27986] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.543648][T12489] veth1_macvtap: left promiscuous mode
[  402.549241][T12489] veth0_macvtap: left promiscuous mode
[  402.554230][T28346] xt_bpf: check failed: parse error
[  402.554972][T12489] veth1_vlan: left promiscuous mode
[  402.565613][T12489] veth0_vlan: left promiscuous mode
[  402.575190][T28344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.609142][T28344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.641728][T28344] can: request_module (can-proto-5) failed.
[  402.754245][T12489] team0 (unregistering): Port device team_slave_1 removed
[  402.763901][T28361] loop1: detected capacity change from 0 to 512
[  402.774441][T12489] team0 (unregistering): Port device team_slave_0 removed
[  402.782195][T28361] EXT4-fs: Ignoring removed nobh option
[  402.787872][T28361] EXT4-fs: Ignoring removed nobh option
[  402.801277][T28361] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  402.815445][T28361] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.4785: invalid indirect mapped block 2683928664 (level 1)
[  402.835930][T28361] EXT4-fs (loop1): 1 truncate cleaned up
[  402.846379][T28273] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.853476][T28273] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.861682][T28361] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.876808][T28273] bridge_slave_0: entered allmulticast mode
[  402.883413][T28273] bridge_slave_0: entered promiscuous mode
[  402.901077][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.913923][T28273] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.921013][T28273] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.931243][T28273] bridge_slave_1: entered allmulticast mode
[  402.942989][T28273] bridge_slave_1: entered promiscuous mode
[  402.951759][ T3337] lo speed is unknown, defaulting to 1000
[  402.977840][T28366] loop1: detected capacity change from 0 to 1024
[  402.985282][T28366] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  403.001671][T28366] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.025565][T28273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  403.036712][T28273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  403.059914][T28273] team0: Port device team_slave_0 added
[  403.100006][T28273] team0: Port device team_slave_1 added
[  403.220748][T28273] batman_adv: batadv0: Adding interface: batadv_slave_0
[  403.227875][T28273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.253832][T28273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.269925][T28273] batman_adv: batadv0: Adding interface: batadv_slave_1
[  403.277137][T28273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.303104][T28273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  403.338095][T28273] hsr_slave_0: entered promiscuous mode
[  403.346430][T28273] hsr_slave_1: entered promiscuous mode
[  403.356068][T28273] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  403.356202][   T29] kauditd_printk_skb: 526 callbacks suppressed
[  403.356217][   T29] audit: type=1326 audit(1727051014.245:21886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.363704][T28273] Cannot create hsr debugfs directory
[  403.379533][   T29] audit: type=1326 audit(1727051014.255:21887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.422580][   T29] audit: type=1326 audit(1727051014.255:21888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.446258][   T29] audit: type=1326 audit(1727051014.255:21889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.470107][   T29] audit: type=1326 audit(1727051014.255:21890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.493978][   T29] audit: type=1326 audit(1727051014.255:21891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.517702][   T29] audit: type=1326 audit(1727051014.255:21892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.541335][   T29] audit: type=1326 audit(1727051014.255:21893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.565134][   T29] audit: type=1326 audit(1727051014.255:21894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.588635][   T29] audit: type=1326 audit(1727051014.255:21895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28376 comm="syz.2.4791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1bd56def9 code=0x7ffc0000
[  403.825924][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.847704][T28273] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  403.864174][T28273] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  403.875215][T28273] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  403.891758][T28273] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  403.946767][T28273] 8021q: adding VLAN 0 to HW filter on device bond0
[  403.963038][T28273] 8021q: adding VLAN 0 to HW filter on device team0
[  403.967761][T12489] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.976817][T12489] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.992713][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.018440][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.028341][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.035454][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.044323][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.058428][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.077015][T28273] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  404.089648][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.104854][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.121754][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.137540][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.153258][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.168503][T28404] netlink: 'syz.1.4802': attribute type 4 has an invalid length.
[  404.182725][T28273] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.271115][T28427] loop1: detected capacity change from 0 to 1024
[  404.287182][T28427] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  404.308338][T28427] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.410879][T28273] veth0_vlan: entered promiscuous mode
[  404.443648][T28273] veth1_vlan: entered promiscuous mode
[  404.502481][T28273] veth0_macvtap: entered promiscuous mode
[  404.526163][T28273] veth1_macvtap: entered promiscuous mode
[  404.536775][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.547276][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.557114][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.567557][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.577399][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.587869][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.597718][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.608173][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.618036][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.628481][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.638316][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.648890][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.658837][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  404.669326][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.703137][T28273] batman_adv: batadv0: Interface activated: batadv_slave_0
[  404.719477][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.730007][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.739867][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.750417][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.760305][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.770802][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.780635][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.791218][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.801060][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.811575][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.821447][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.832058][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.841920][T28273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.852412][T28273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.864361][T28273] batman_adv: batadv0: Interface activated: batadv_slave_1
[  404.876122][T28273] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  404.884868][T28273] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  404.893752][T28273] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  404.902621][T28273] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.178718][T27754] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.628197][T28533] loop3: detected capacity change from 0 to 1024
[  405.641902][T28533] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  405.663577][T28533] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.245633][T28599] FAULT_INJECTION: forcing a failure.
[  406.245633][T28599] name failslab, interval 1, probability 0, space 0, times 0
[  406.258409][T28599] CPU: 0 UID: 0 PID: 28599 Comm: syz.1.4829 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  406.268835][T28599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  406.278932][T28599] Call Trace:
[  406.282223][T28599]  <TASK>
[  406.285157][T28599]  dump_stack_lvl+0xf2/0x150
[  406.289830][T28599]  dump_stack+0x15/0x20
[  406.294061][T28599]  should_fail_ex+0x223/0x230
[  406.298771][T28599]  ? audit_log_start+0x34c/0x6b0
[  406.303722][T28599]  should_failslab+0x8f/0xb0
[  406.308333][T28599]  kmem_cache_alloc_noprof+0x4c/0x290
[  406.313920][T28599]  audit_log_start+0x34c/0x6b0
[  406.318744][T28599]  audit_seccomp+0x4b/0x130
[  406.323419][T28599]  __seccomp_filter+0x6fa/0x1180
[  406.328446][T28599]  ? proc_fail_nth_write+0x12a/0x150
[  406.333889][T28599]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  406.339553][T28599]  ? vfs_write+0x580/0x910
[  406.343993][T28599]  __secure_computing+0x9f/0x1c0
[  406.348993][T28599]  syscall_trace_enter+0xd1/0x1f0
[  406.354054][T28599]  do_syscall_64+0xaa/0x1c0
[  406.358604][T28599]  ? clear_bhb_loop+0x55/0xb0
[  406.363352][T28599]  ? clear_bhb_loop+0x55/0xb0
[  406.368075][T28599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.374072][T28599] RIP: 0033:0x7fd2f425def9
[  406.378497][T28599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.398166][T28599] RSP: 002b:00007fd2f2ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  406.406663][T28599] RAX: ffffffffffffffda RBX: 00007fd2f4415f80 RCX: 00007fd2f425def9
[  406.414675][T28599] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[  406.422705][T28599] RBP: 00007fd2f2ed7090 R08: 0000000000000000 R09: 0000000000000000
[  406.430700][T28599] R10: 0000000000000042 R11: 0000000000000246 R12: 0000000000000001
[  406.438755][T28599] R13: 0000000000000000 R14: 00007fd2f4415f80 R15: 00007ffe604ebf28
[  406.446778][T28599]  </TASK>
[  406.508849][T27986] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.450904][T28654] loop4: detected capacity change from 0 to 1024
[  407.479567][T28654] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  407.511014][T28654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.527514][T28659] FAULT_INJECTION: forcing a failure.
[  407.527514][T28659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.540614][T28659] CPU: 1 UID: 0 PID: 28659 Comm: syz.2.4838 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  407.551037][T28659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  407.561293][T28659] Call Trace:
[  407.564571][T28659]  <TASK>
[  407.567556][T28659]  dump_stack_lvl+0xf2/0x150
[  407.572215][T28659]  dump_stack+0x15/0x20
[  407.576462][T28659]  should_fail_ex+0x223/0x230
[  407.581190][T28659]  should_fail+0xb/0x10
[  407.585428][T28659]  should_fail_usercopy+0x1a/0x20
[  407.590492][T28659]  _copy_to_user+0x1e/0xa0
[  407.594959][T28659]  simple_read_from_buffer+0xa0/0x110
[  407.600373][T28659]  proc_fail_nth_read+0xf9/0x140
[  407.605337][T28659]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  407.611058][T28659]  vfs_read+0x195/0x720
[  407.615237][T28659]  ? __rcu_read_unlock+0x4e/0x70
[  407.620196][T28659]  ? __fget_files+0x1d4/0x210
[  407.624908][T28659]  ksys_read+0xeb/0x1b0
[  407.629082][T28659]  __x64_sys_read+0x42/0x50
[  407.633624][T28659]  x64_sys_call+0x27d3/0x2d60
[  407.638345][T28659]  do_syscall_64+0xc9/0x1c0
[  407.642938][T28659]  ? clear_bhb_loop+0x55/0xb0
[  407.647745][T28659]  ? clear_bhb_loop+0x55/0xb0
[  407.652487][T28659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.658426][T28659] RIP: 0033:0x7ff1bd56c93c
[  407.662865][T28659] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  407.682639][T28659] RSP: 002b:00007ff1bc1e1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  407.691068][T28659] RAX: ffffffffffffffda RBX: 00007ff1bd725f80 RCX: 00007ff1bd56c93c
[  407.699094][T28659] RDX: 000000000000000f RSI: 00007ff1bc1e10a0 RDI: 0000000000000007
[  407.707149][T28659] RBP: 00007ff1bc1e1090 R08: 0000000000000000 R09: 000000000000003f
[  407.715143][T28659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.723143][T28659] R13: 0000000000000000 R14: 00007ff1bd725f80 R15: 00007ffc47bfb6b8
[  407.731158][T28659]  </TASK>
[  407.814579][T28664] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4840'.
[  407.846818][T28654] ==================================================================
[  407.854956][T28654] BUG: KCSAN: data-race in __mark_inode_dirty / writeback_single_inode
[  407.863267][T28654] 
[  407.865612][T28654] write to 0xffff88810805d838 of 4 bytes by task 28663 on cpu 1:
[  407.873354][T28654]  writeback_single_inode+0x14f/0x3f0
[  407.878778][T28654]  sync_inode_metadata+0x5c/0x90
[  407.883752][T28654]  generic_buffers_fsync_noflush+0xd8/0x120
[  407.889662][T28654]  ext4_sync_file+0x1ff/0x6c0
[  407.894394][T28654]  vfs_fsync_range+0x116/0x130
[  407.899216][T28654]  ext4_buffered_write_iter+0x326/0x370
[  407.904794][T28654]  ext4_file_write_iter+0x293/0xe10
[  407.910014][T28654]  iter_file_splice_write+0x5f1/0x980
[  407.915427][T28654]  direct_splice_actor+0x160/0x2c0
[  407.920559][T28654]  splice_direct_to_actor+0x302/0x670
[  407.925964][T28654]  do_splice_direct+0xd7/0x150
[  407.930750][T28654]  do_sendfile+0x39b/0x970
[  407.935188][T28654]  __x64_sys_sendfile64+0x110/0x150
[  407.940419][T28654]  x64_sys_call+0xed5/0x2d60
[  407.945037][T28654]  do_syscall_64+0xc9/0x1c0
[  407.949577][T28654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.955491][T28654] 
[  407.957828][T28654] read to 0xffff88810805d838 of 4 bytes by task 28654 on cpu 0:
[  407.965556][T28654]  __mark_inode_dirty+0x58/0x7e0
[  407.970515][T28654]  ext4_write_inline_data_end+0x584/0x7b0
[  407.976268][T28654]  ext4_write_end+0x3a2/0x720
[  407.978350][T28664] loop1: detected capacity change from 0 to 512
[  407.980942][T28654]  generic_perform_write+0x33c/0x4a0
[  407.992491][T28654]  ext4_buffered_write_iter+0x1ea/0x370
[  407.993495][T28664] EXT4-fs (loop1): unsupported inode size: 264
[  407.998068][T28654]  ext4_file_write_iter+0x293/0xe10
[  407.998106][T28654]  iter_file_splice_write+0x5f1/0x980
[  408.004257][T28664] EXT4-fs (loop1): blocksize: 1024
[  408.009437][T28654]  direct_splice_actor+0x160/0x2c0
[  408.009470][T28654]  splice_direct_to_actor+0x302/0x670
[  408.009497][T28654]  do_splice_direct+0xd7/0x150
[  408.035224][T28654]  do_sendfile+0x39b/0x970
[  408.039650][T28654]  __x64_sys_sendfile64+0x110/0x150
[  408.044945][T28654]  x64_sys_call+0xed5/0x2d60
[  408.049548][T28654]  do_syscall_64+0xc9/0x1c0
[  408.054065][T28654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.059970][T28654] 
[  408.062296][T28654] value changed: 0x00000038 -> 0x00000002
[  408.068010][T28654] 
[  408.070342][T28654] Reported by Kernel Concurrency Sanitizer on:
[  408.076491][T28654] CPU: 0 UID: 0 PID: 28654 Comm: syz.4.4837 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
[  408.086904][T28654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  408.096957][T28654] ==================================================================
[  408.341768][T28273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.