last executing test programs:

4.403023314s ago: executing program 4 (id=3429):
r0 = gettid()
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000740)={0x335})
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000000940))
tkill(r0, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="54010000100013070000000000000000ac1414aa000000000100000000000000fe80000000000000ff0300000000000000000000000000000000000000d00000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c001c0044"], 0x154}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
lremovexattr(0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
move_pages(r0, 0x6, &(0x7f0000000080)=[&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f00000000c0)=[0x6], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

4.373880437s ago: executing program 4 (id=3430):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790789005e107538e486dd6317ce22000000fffe800000000000"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc1b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x50)

4.201845662s ago: executing program 4 (id=3431):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
acct(0x0)

4.171225454s ago: executing program 4 (id=3432):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = socket$inet(0x2, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="f7", 0x1}], 0x1}, 0x20004001)
r6 = io_uring_setup(0x4b40, &(0x7f00000000c0)={0x0, 0x32f3, 0x40, 0x2, 0xd2})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000480)=""/225, 0xe1}, {&(0x7f0000000140)=""/22, 0x16}, {&(0x7f0000000e80)=""/13, 0xd}, {&(0x7f0000000e40)=""/34, 0x22}, {&(0x7f00000003c0)=""/106, 0x6a}, {&(0x7f0000000680)=""/111, 0x6f}, {&(0x7f0000000700)=""/220, 0xdc}, {&(0x7f0000000800)=""/131, 0x83}, {&(0x7f0000000340)=""/19, 0x13}, {0x0}], 0xa)
recvmsg$unix(r5, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$unix(r4, &(0x7f00000001c0)={0x0, 0x1a, &(0x7f0000000000)=[{&(0x7f0000000080)="1c", 0x1}], 0x1, &(0x7f0000001080)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x41)
r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
ioctl$USBDEVFS_DROP_PRIVILEGES(r7, 0x4004551e, &(0x7f0000000000)=0x1000e7)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f00000003c0)={[{@init_itable}, {@bh}, {@grpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}]}, 0x1, 0x551, &(0x7f0000000740)="$eJzs3c+PG1cdAPDvzP7wNk27CfQAFZAAhYCi2Fmnjape2lxAqKqEqDggDumy66yW2HGIvaW7RGJ74g8ACSRO8CdwQOKA1BMHbhyROCCkckAKEIGyiB8ymvHsxt21iam9drP+fKTJ/Hie+X5fNuP3/GbjF8DMOh8RuxGxGBFvRMRycTwplnilu2Sve3D/7tre/btrSXQ6r/8lycuzY9FzTubJ4ppLEfGVL0Z8Izkat7W9c3O1Xq/dKfYr7cbtSmt759JmY3WjtlG7Va1eXbl6+cUrL1THVtdzjZ/d+8Lmq1/95S8+/u5vdj//nSyt00VZbz3GqVv1hYM4mfmIePU4gk3BXLFenHIevD9pRHwoIj6V3//LMZf/6wQATrJOZzk6y737AMBJl+ZjYElajog0LToB5e4Y3jNxKq03W+2LN5pbt9a7Y2VnYiG9sVmvXT5b+t238hcvJNn+Sl6Wl+f71UP7VyLibET8oPREvl9ea9bXp9PlAYCZ9+R++7/8vfxZwN9LaVouD3Vqn6d6AMBjY2naCQAAE6f9B4DZo/0HgNkzRPtfPOzfPfZcAIDJ8PkfAGbPgPa/NOk8AIDJ8fkfAGbKl197LVs6e8X3X6+/ub11s/nmpfVa62a5sbVWXmveuV3eaDY38u/saTzqevVm8/bK87H1VqVda7Urre2d643m1q329fx7va/XFiZSKwDgfzl77p3fJhGx+9IT+RI9czloq+FkS6edADA1c6OcrIMAjzWzfcHsGqoJzzsJvz72XIDpSOKfRw8u9d18rx/9H0H8nhF8oFz4aD7+/59hxv/N8Qwni/F/mF3vb/z/5bHnAUye8X+YXZ1OcnjO/8WDIgDgRBrhV/g63x1XJwSYqkdN5j2W5/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwwpyOiG9GkpbzucDT7M+0XI54KiLOxEJyY7NeuxwRT8e5iFgoZfsr004aABhR+qekmP/rwvJzpw+XLib/KOXriPj2j1//4Vur7fadlez4Xw+Ol/anD6s+PG+EeQUBgDHL2+9qse75IP/g/t21/WWS+dy7Fv8upiJe27t/N1+6JfORHYxYyvsSp/6WxHxxzlJEPBsRc2OIv/t2RHykX/2TfGzkTDHzaW/8KGI/NdH46Xvip3lZd511vj48hlxg1rxzLSJe6Xf/pXE+X/e//5fyd6jR3bvWvdj+e99eT/z5ItJcn/jZPX9+2BjP/+pLRw52lrtlb0c8O98vfnIQPxkQ/7kh4//+Y5/4/ssDyjo/ibgQ/eP3xqq0G7crre2dS5uN1Y3aRu1WtXp15erlF6+8UK3kY9SV/ZHqo/780sWnB+WW1f/UgPhLfeu/eHDuZ4as/0//9cbXP/lwt3Q4/uc+3f/n/0zf+F1Zm/jZIeOvnvr5wOm7s/jrA+r/qJ//xSHjv/vHnfUhXwoATEBre+fmar1euzPSRvYpdBzXObKRpTjci/e7i6MF/UOMMfnFoZPvv7FwXH+rx74xf9BXHO+Vv5ZdccLVScdei5E2Hkwq1vTek4DJeHjTTzsTAAAAAAAAAAAAAABgkEn816Vp1xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICT678BAAD//6SBzcw=")
creat(&(0x7f0000000180)='./file0\x00', 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0xc020662a, &(0x7f0000000240)={0x0, 0xffffffff004})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$USBDEVFS_CONNECTINFO(r7, 0x80085504, &(0x7f0000002a40))
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000b80)=@raw={'raw\x00', 0x8, 0x3, 0x250, 0x0, 0x8, 0xfa04, 0x100, 0x6c02, 0x1b8, 0x194, 0x194, 0x1b8, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0x100, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @multicast}}}, {{@ip={@local, @dev, 0x0, 0x0, 'bond0\x00', 'vlan0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2b0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r9}, 0x10)
socket$kcm(0x2, 0xa, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x1868f, &(0x7f00000003c0), 0xfe, 0x529, &(0x7f0000000e00)="$eJzs3V9rZGcZAPDnnGR2s93UpOhFLbQWq+wuujNJY9voRbuieFdQ6v0akkkImWRCZtJuQpEsfgBBRAteeeWN4AcQpB9BCgV7LyqK6FYvvFCPnJkz2ezkjEkwMxOT3w/emfe858x5njfZnDn/9j0BXFkvRsS9iJiIiDsRMVO0p0WJg27Jl/v40bvLecnnvPWXJJKirX+dN4uPTXXfSrX29jeWGo36TjFda29u11p7+3fXN5fW6mv1rYWF+VcXX1t8ZXHu7J2aPd6U9+v1r//hR9//2Tde/9UX3/nt/T/d/m6e/9d6Cxwc78d5+KjzWsl/FocmI2JnGMHGYKLoT2XciQAAcCr5Pv5ni3InZmKiszfX0b9LNzX67AAAAIDzkL0xHf9MIjIAAADg0nojIqYjSavFvQDTkabVavce3k/FU2mj2Wp/YbW5u7WSz4uYjUq6ut6ozxX31M5GJcmn54vbbnvTL/dNL3w54pmI+OHMjc50dbnZWBn3yQ8AAAC4Im72Hf//faZ7/A8AAABcMiXjZQEAAACXzKDj/2TEeQAAAADDM+j4//qI8wAAAACG4ptvvpmXrPcc75W393Y3mm/fXam3Nqqbu8vV5ebOdnWt2VzrjNm3edL6Gs3m9pdia/dBrV1vtWutvf37m83drfb9dc8PBAAAgHF55jPvf5RExMFXbnRK7lr+MjHgA8YKgEsjPcvCvx9eHsDoDfqaBy6/ySem7o0tD2AMDsadADBuTwz1MXl8/tGbd9KjC/96iEkBAADn6tany6//54cAlXEnBwzVma7/A5eK6/9wdZWc6j/u8cn/D4aZCzBaFXsAcOWd9KiPgYN3lF3/v1a2YJaduC4AAGCopjuvSVotrgVOR5pWqxFPd/6rfyVZXW/U5yLiExHxm5nK9Xx6vvsZjwcEAAAAAAAAAAAAAAAAAAAAAAAAgFPKsiQyAAAA4FKLSP+YRMSNAecHriX/mInikV7v/OStHz9Yard35vP2vx62t98r2l8e6akLAAAAYIDecXrvOB4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAztPHj95dLsq1Ucb981cjYvaJ+MvdOZMx1XmfikpEPPW3JCaPfC6JiIlziH/wMCKeLYuf5GnFbJFFf/w0Im6MJv7zWZaVxr95DvHhKns/3/7cK/v7S+PFznv53/9kUf5Xg7d/6eH2b2LA9u/pU8Z47sNf1AbGfxjx3GT59qcXPxkQ/6WyFZb8UL7z7f39Y43dlUf204hbUR7/aKxae3O71trbv7u+ubRWX6tvLSzMv7r42uIri3O11fVGvXgt7eMPnv/lv/ua/pV1dfofA+LPntD/z+WVypHGrD9MEezDB48+2a1W+lbRiX/7pfLf/7P/JX7+b+LzxfdAPv9Wr37QrR/1ws8/eKE0sSL+yoD+n/T7vz1opX3ufOt7vzvlogDACLT29jeWGo36ztAr72VZNqpYp6ps37wQaVyUSm/vbmghpi5KT/8fK9cjYnRBz+PMFgAAcNE83ukfdyYAAAAAAAAAAAAAAAAAAABwdbX2Ij3bCGFZMez+YcvDkwaN6495MIZ+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc5D8BAAD//9+S1rw=")

3.153358583s ago: executing program 4 (id=3447):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000fd0000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x7, 0x1004, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r6, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
bind$tipc(r5, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r5, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)}, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000500)={{0x12, 0x1, 0x201, 0x48, 0x55, 0x6d, 0x20, 0x2405, 0x3, 0x71a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x80, 0xa7, 0x30, 0x3, [{{0x9, 0x4, 0x45, 0x7, 0x0, 0x11, 0xf8, 0xf3, 0x1}}]}}]}}, 0x0)

2.243819893s ago: executing program 1 (id=3459):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x0, @loopback}}}, 0x108)
getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000140)=0xe1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000064e775274cb8aa34000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r1, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet6_sctp(0xa, 0x1, 0x84)
fsetxattr$security_selinux(r1, &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:systemd_logind_var_run_t:s0\x00', 0x2e, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r2}, 0x10)
shmdt(0x0)

2.243161793s ago: executing program 1 (id=3461):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

2.202687837s ago: executing program 1 (id=3462):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0xd0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000f3ffffff0400ffff"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000300)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)='|', 0x1}], 0x1, 0x0)

1.926597121s ago: executing program 3 (id=3466):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a1281)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])

1.905415843s ago: executing program 3 (id=3467):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x21802, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffc, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
dup(0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r5, 0x1}, 0x14}}, 0x0)
r6 = memfd_secret(0x80000)
sendto$inet_nvme_icreq_pdu(r6, &(0x7f0000000340)={{0x0, 0x9}, 0x0, 0x0, 0x1, 0x8001}, 0x80, 0x0, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
close(r9)

1.82086402s ago: executing program 3 (id=3468):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f00000001c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_create(r1, &(0x7f00000005c0)=@objname={'system_u:object_r:hald_exec_t:s0', 0x20, 'system_u:system_r:kernel_t:s0', 0x20, 0x0, 0x20, './mnt\x00'}, 0x5a)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x0, 0x0)
ioctl$BLKBSZSET(r2, 0x40081271, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)="a6", 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000140)={'ip6_vti0\x00', <r5=>0x0, 0x29, 0x2, 0x7, 0xd, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @remote}, 0x8, 0x20, 0xc26a, 0xe294}})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000f40)=@bpf_tracing={0x1a, 0x9, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000020646c2500000000002020207b1af8ff00000000bfa1000000000042d9f3da3b8b3ddcc000070100669b6826a940a1db6e5519b300f8ffffffb702000008000000b70300"], &(0x7f0000000100)='GPL\x00', 0xfffffff8, 0xf2, &(0x7f0000000d80)=""/242, 0x41000, 0x10, '\x00', r5, 0x19, r6, 0x8, &(0x7f0000000300)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x16318, r3, 0x0, &(0x7f0000000e80)=[r2], &(0x7f0000000ec0), 0x10, 0x9, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0xffff0000, 0xe, 0x0, &(0x7f0000000000)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d40)={{r7}, &(0x7f0000000cc0), &(0x7f0000000d00)='%-5lx  \x00'}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r9}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000001000), r6)

1.422506065s ago: executing program 0 (id=3471):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0xb)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0xb)
ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={0x0, @ethernet={0x6, @broadcast}, @phonet={0x23, 0x9, 0x2, 0xb}, @sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x100, 0x0, 0x0, 0x0, 0x400, 0x0, 0x2, 0x8000, 0x6})

1.375304459s ago: executing program 0 (id=3472):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

1.374644539s ago: executing program 0 (id=3473):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = dup2(r0, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
futimesat(0xffffffffffffffff, 0x0, 0x0) (fail_nth: 6)

1.113421472s ago: executing program 1 (id=3474):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000240)=""/214, 0xd6}, {&(0x7f0000002a00)=""/4059, 0xfdb}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f00000007c0)=""/185, 0xb9}, {&(0x7f0000000040)=""/20, 0x14}, {&(0x7f00000000c0)=""/42, 0x2a}, {&(0x7f0000000b00)=""/210, 0xd2}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000c00)=""/130, 0x82}, {&(0x7f0000000180)=""/59, 0x3b}, {&(0x7f00000008c0)=""/54, 0x36}], 0xb}, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r1, 0x0)
close(r1)

1.046263508s ago: executing program 0 (id=3475):
r0 = gettid()
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000740)={0x335})
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000000940))
tkill(r0, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="54010000100013070000000000000000ac1414aa000000000100000000000000fe80000000000000ff0300000000000000000000000000000000000000d00000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c001c0044"], 0x154}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
lremovexattr(0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
move_pages(r0, 0x6, &(0x7f0000000080)=[&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f00000000c0)=[0x800], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.045896838s ago: executing program 0 (id=3476):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000480)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
read$rfkill(r2, &(0x7f0000000080), 0xffffff1c)

934.749738ms ago: executing program 1 (id=3477):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a1281)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])

934.103958ms ago: executing program 3 (id=3478):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r1 = io_uring_setup(0x30d5, &(0x7f00000001c0)) (async)
close(0x3)
r2 = socket(0x28, 0x5, 0x0)
r3 = socket(0x28, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x2, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000240)='./file1\x00', 0x3200010, &(0x7f0000000c00)=ANY=[], 0x3, 0x7b9, &(0x7f0000002dc0)="$eJzs3U1sHFcdAPD/uHbjulJUFVSiKE0nSZESEdzddeti9VC267E9rb1rdtcoOaC2apwqivuhVhU0B0IuLSAQ4sSx9Fr1wg3EAYkDcEKiBy4ckCr1hIoEEgIhJKPZj/gju3acxEk/fj8r+96+efPmP+PJ/HfXOzMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAERSmy2Vykks5vWVM+lwtdlmY2mH6f3xfrOl2GG5EUnxL8bH41C36dAXNyY/UDwcjyPdZ0divCjG49K9D9z3xBdGR/rz7xDQjTp2nf2SiO8VQV18fm1t9bV9COQ2+uGv9zzLf9aLx/msnrca+VJ1PkvzViOdmZ4uPbIw10rn8sWsdbbVzpbSWjOrthvN9GTtVFqemZlKs8mzjZX6/Gx1Mes3Pv7VSqk0nT49uZxVm61G/ZGnJ1u1hXxxMa/Pd/pUSt+Oos/jxY74TN5O21n1rkjPX1hbndot1KJTeUvLgS07zpGH7/vojQ//eWG12CGHDZL0dsxKuVyplKcfm3ns8VJptFKqbG0obRNXe8RIRNFjX3ZaPkVu3cEbbtJIL//HYuRRj5U4E2mkMdJ53PgZi/GYjWY0Yql4/uexbdOvyf9ffuTvf9xpuZvzfz/LH9qYfDg6+f9o99nRIfm/OChvj2P/furvd6PZ3PZ6vBmX4mI8H2uxFqvx2m2M54Z+Rm7tePORRT3yOBAReSxFtdOSRh6taEQaMzEd01GKZ2Mh5qIVacxFHouRRSvORivakXX2qFo0I4tqtKMRzUjjZNTiVKRRjpmYialII4vJOBuNWIl6zMdsVDujnI8Lne0+tS2uB7773K9e/NNH7xT1q53KO6xIUryYKzr9Y4dOvWT+UNxA/u/3kP8/a8Z7x6wBk+4a1HwrD99wU9Y7+X/0TocBAAAA7KOk8+l7EhFj8WCnNpd/404HBQAAANxSne81HymKsaL2YCRz+WJWGtDzg9seGwAAAHBrJJ1z7JKImIiHurX+6VKDPgQAAAAAPoU6f/8/WhQTEZc7Dd7/AwAAwGfM94ddY//Du3vX6G0tH0ju6vVePvNw8lK1qFVf6rX1im9eHbE9dzg52BukU0yPXro3iYjRWnYk6V/98n8HuuXHncfDGxcgHHat/6TZHEuuDA8gdg6g8yx+FMe6fY6d65bn+lO6S5mYyxezyVpj8Yly0vtwpP3Gyxe+E1Es/Qf1pYNJnL+wtjr5witr5zqxXClGufJS7/LwyR5iWe9tgXhw8BqPdU7E6C13orvc0ub1H+nOPrLzMpPNy3wrjnf7HJ/olhNb13+8WGZ58olyVKsHR9rZmfYb65vWvhdF+SbX/K040e1z4uSJbjEgisqWKF6+NorK5iiub1tcdxTvHLt85l+/ayTZ1G5RTN1kFAB3yvnOVX82stA9nSz03/WuIv9vy7v39Ofcy1Hu/MarjP78m3LdaOwpu/eTzYAj+slun5Pd1xOjhwfkldKAI/qrF179fe+I/uh7P/v5t47+4Rc3nt3ei1PdPr0i7v/tkBxbrPOPt2TV8Xi3mOPdIcstnlaSGOveO2Fj8uqLqy9XKlPTpUdLpccqMdZ5qdAr5B4ABtj1HjvXcReeRwe/q45+xrv/6lcKJuOFeCXW4lyc7pxtEBEPDR51YtPXEE7v8q51YtMdXk7v/N7y0MbpDZXtfQ+cSGLIuFObttiXftop/r1/vxMA2G/Hd8nD15P/T+/yvntrLj/VvXFu/91xDM/lg3xtvzcIAHwOZM2Pk4n220mzmS8/W56ZKVfbC1nabNSeSZv57HyW5vV21qwtVOvzWbrcbLQbtf4Hx7NZK22tLC83mu10rtFMlxut/Eznzu9p79bvrWypWm/ntdbyYlZtZWmtUW9Xa+10Nm/V0uWVpxbz1kLW7MzcWs5q+Vxeq7bzRj1tNVaatWwyTVtZtqljPpvV2/lcXlTr6XIzX6o2r0TE4spSls5mrVozX243ugP2l5XX5xrNpc6wk9eu/t9u9/YGgE+C19+8dPH5tbXV17ZW1pPtLYMrf3nz0sX+n+iHdo5Yv8NrCQBstjlLAwAAAAAAAAAAAAAAn0zXnq5XtO522t+WyljsofO2yoHhZw1+Litfeb/7a7kVA97MOPds+Z3e3dtZ7vz22XPluSefvDisz1OXDy38NYvYfZzB/1MGner69sGIu3/5k27L12/Xmn4Q3bWI0T3Nvp7s0OeOHZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKj/BwAA//9roEsa") (async)
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) (async)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r3, 0x0) (async, rerun: 64)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10) (async, rerun: 64)
recvmsg$unix(r2, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000004c0)=""/132, 0x84}], 0x1, 0x0, 0x108}, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0) (async)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000001780)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='target_sequencer_start\x00', r6, 0x0, 0x8000000000000000}, 0x18) (async, rerun: 64)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f00000000c0)={0x80, 0x1, 0x9, 0xfb}) (rerun: 64)

888.468222ms ago: executing program 3 (id=3479):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6c000000100003042cbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c00128009000100766c616e000000002c00028006000100000000001c0003800c00010000010000800000000c00010000000000ffffff7f0400048008000a00", @ANYRES32=r4, @ANYBLOB="08000500", @ANYRES32=r4], 0x6c}, 0x1, 0xba01}, 0x0)

887.878912ms ago: executing program 1 (id=3480):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000005000000000400000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000ff0000000000000000000000ca5dde27d7a57b2f270c7a00"/39], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r1, 0x1, 0x49, &(0x7f0000000300)=r4, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f00000004c0), 0x4)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TIOCSBRK(r5, 0x5409)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
dup2(r6, r6)
getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000340)={{{@in=@local, @in6=@mcast2}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000000)=0xe8)

861.576364ms ago: executing program 0 (id=3481):
socket(0x10, 0x3, 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000ca005583550000000000000000000002000000"], 0x48)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mremap(&(0x7f0000a4c000/0xf000)=nil, 0xf000, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x62841, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e628f"], 0x58)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)

803.676629ms ago: executing program 2 (id=3483):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x21802, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffc, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
dup(0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r5, 0x1}, 0x14}}, 0x0)
r6 = memfd_secret(0x80000)
sendto$inet_nvme_icreq_pdu(r6, &(0x7f0000000340)={{0x0, 0x9}, 0x0, 0x0, 0x1, 0x8001}, 0x80, 0x0, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r9}, 0x10)
close(0xffffffffffffffff)

802.386889ms ago: executing program 3 (id=3484):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0xd0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000f3ffffff0400ffff"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000300)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)='|', 0x1}], 0x1, 0x0)

686.16366ms ago: executing program 2 (id=3485):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x418484, &(0x7f0000000440), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3)

665.886791ms ago: executing program 2 (id=3486):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
socket(0x11, 0x800000003, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x0)

627.348845ms ago: executing program 2 (id=3487):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x701, 0x3, 0x258, 0x108, 0xb, 0x108, 0x1c0, 0x0, 0x1c0, 0x1c8, 0x1c8, 0x1c0, 0x1c8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'veth1_to_batadv\x00', '\x00', {}, {}, 0x32}, 0x0, 0xa0, 0x108, 0x0, {}, [@common=@inet=@esp={{0x30}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2b8)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
pipe(&(0x7f0000000100))
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100"], 0x64}}, 0x0) (fail_nth: 2)

338.099711ms ago: executing program 2 (id=3488):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
iopl(0x3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x2})
wait4(0x0, 0x0, 0x80000000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
r2 = socket(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000b00)={&(0x7f0000000a00), 0xc, &(0x7f0000000ac0)={&(0x7f0000000400)={0x1c}, 0xdb}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setreuid(0x0, 0x0)

185.118044ms ago: executing program 2 (id=3489):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f00000001c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_create(r1, &(0x7f00000005c0)=@objname={'system_u:object_r:hald_exec_t:s0', 0x20, 'system_u:system_r:kernel_t:s0', 0x20, 0x0, 0x20, './mnt\x00'}, 0x5a)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x0, 0x0)
ioctl$BLKBSZSET(r2, 0x40081271, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)="a6", 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000140)={'ip6_vti0\x00', <r5=>0x0, 0x29, 0x2, 0x7, 0xd, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @remote}, 0x8, 0x20, 0xc26a, 0xe294}})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000f40)=@bpf_tracing={0x1a, 0x9, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000020646c2500000000002020207b1af8ff00000000bfa1000000000042d9f3da3b8b3ddcc000070100669b6826a940a1db6e5519b300f8ffffffb702000008000000b70300"], &(0x7f0000000100)='GPL\x00', 0xfffffff8, 0xf2, &(0x7f0000000d80)=""/242, 0x41000, 0x10, '\x00', r5, 0x19, r6, 0x8, &(0x7f0000000300)={0x5, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x16318, r3, 0x0, &(0x7f0000000e80)=[r2], &(0x7f0000000ec0), 0x10, 0x9, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0xffff0000, 0xe, 0x0, &(0x7f0000000000)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d40)={{r7}, &(0x7f0000000cc0), &(0x7f0000000d00)='%-5lx  \x00'}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r9}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={<r10=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r10, 0x1, 0x1d, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000001000), r6)

0s ago: executing program 4 (id=3490):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a1281)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])

kernel console output (not intermixed with test programs):

ped to illegal pblock 18 (length 1)
[  224.536752][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.650959][T11737] syz.4.2923[11737] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.651030][T11737] syz.4.2923[11737] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.691380][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  224.856190][T11741] FAULT_INJECTION: forcing a failure.
[  224.856190][T11741] name failslab, interval 1, probability 0, space 0, times 0
[  224.868937][T11741] CPU: 1 UID: 0 PID: 11741 Comm: syz.4.2925 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  224.879708][T11741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  224.889782][T11741] Call Trace:
[  224.893071][T11741]  <TASK>
[  224.896033][T11741]  dump_stack_lvl+0xf2/0x150
[  224.900634][T11741]  dump_stack+0x15/0x20
[  224.904864][T11741]  should_fail_ex+0x229/0x230
[  224.909623][T11741]  ? getname_flags+0x81/0x3b0
[  224.914391][T11741]  should_failslab+0x8f/0xb0
[  224.919054][T11741]  kmem_cache_alloc_noprof+0x4c/0x290
[  224.924448][T11741]  getname_flags+0x81/0x3b0
[  224.929027][T11741]  getname+0x17/0x20
[  224.933030][T11741]  do_mq_open+0xd4/0x4b0
[  224.937349][T11741]  __x64_sys_mq_open+0xcc/0x100
[  224.942237][T11741]  x64_sys_call+0x29d1/0x2d60
[  224.946928][T11741]  do_syscall_64+0xc9/0x1c0
[  224.951459][T11741]  ? clear_bhb_loop+0x55/0xb0
[  224.956143][T11741]  ? clear_bhb_loop+0x55/0xb0
[  224.960940][T11741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.966882][T11741] RIP: 0033:0x7f59058cdef9
[  224.971351][T11741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.990967][T11741] RSP: 002b:00007f5904541038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  224.999463][T11741] RAX: ffffffffffffffda RBX: 00007f5905a85f80 RCX: 00007f59058cdef9
[  225.007474][T11741] RDX: 0000000000000000 RSI: 0000000000000042 RDI: 0000000000000000
[  225.015454][T11741] RBP: 00007f5904541090 R08: 0000000000000000 R09: 0000000000000000
[  225.023435][T11741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.031470][T11741] R13: 0000000000000001 R14: 00007f5905a85f80 R15: 00007ffe9bcf3958
[  225.039529][T11741]  </TASK>
[  225.255032][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.398029][T11757] loop2: detected capacity change from 0 to 512
[  225.405047][T11757] EXT4-fs: inline encryption not supported
[  225.426347][T11757] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  225.434658][T11757] System zones: 0-2, 18-18, 34-35
[  225.492533][T11762] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  225.687141][T11757] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.724244][T11757] ext4 filesystem being mounted at /583/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.741343][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  225.763652][   T29] kauditd_printk_skb: 550 callbacks suppressed
[  225.763693][   T29] audit: type=1326 audit(1726265301.580:24275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.771601][T11757] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.2932: lblock 23 mapped to illegal pblock 18 (length 1)
[  225.793491][   T29] audit: type=1326 audit(1726265301.580:24276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.794837][   T29] audit: type=1326 audit(1726265301.580:24277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.854965][   T29] audit: type=1326 audit(1726265301.580:24278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.874726][T11770] loop0: detected capacity change from 0 to 512
[  225.878607][   T29] audit: type=1326 audit(1726265301.580:24279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.908849][   T29] audit: type=1326 audit(1726265301.580:24280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.932561][   T29] audit: type=1326 audit(1726265301.580:24281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.956478][   T29] audit: type=1326 audit(1726265301.580:24282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  225.980255][   T29] audit: type=1326 audit(1726265301.580:24283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  226.003942][   T29] audit: type=1326 audit(1726265301.580:24284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11763 comm="syz.4.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59058cdef9 code=0x7ffc0000
[  226.006148][T11768] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.2932: lblock 23 mapped to illegal pblock 18 (length 1)
[  226.083042][T11770] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2936: corrupted in-inode xattr: invalid ea_ino
[  226.102158][T11770] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2936: couldn't read orphan inode 15 (err -117)
[  226.119018][T11771] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.2932: lblock 23 mapped to illegal pblock 18 (length 1)
[  226.173140][T11770] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.241436][T11757] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.2932: lblock 23 mapped to illegal pblock 18 (length 1)
[  226.282626][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.324535][ T4261] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.420903][T11792] bridge0: port 3(vlan0) entered blocking state
[  226.427251][T11792] bridge0: port 3(vlan0) entered disabled state
[  226.445424][T11792] vlan0: entered allmulticast mode
[  226.460649][T11792] vlan0: left allmulticast mode
[  226.478254][T11794] bridge0: port 3(vlan0) entered blocking state
[  226.484577][T11794] bridge0: port 3(vlan0) entered disabled state
[  226.559268][T11794] vlan0: entered allmulticast mode
[  226.570822][T11794] vlan0: left allmulticast mode
[  226.771825][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  227.054517][T11814] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  227.065181][T11814] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.072390][T11814] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.079804][T11814] bridge0: entered allmulticast mode
[  227.253207][T11819] loop4: detected capacity change from 0 to 512
[  227.263560][T11820] loop0: detected capacity change from 0 to 512
[  227.273525][T11820] EXT4-fs: inline encryption not supported
[  227.280166][T11819] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2953: corrupted in-inode xattr: invalid ea_ino
[  227.297848][T11819] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2953: couldn't read orphan inode 15 (err -117)
[  227.313115][T11820] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  227.321205][T11820] System zones: 0-2, 18-18, 34-35
[  227.327091][T11819] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.341910][T11820] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.361763][T11820] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.385744][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.401005][T11820] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.2952: lblock 23 mapped to illegal pblock 18 (length 1)
[  227.423836][T11820] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.2952: lblock 23 mapped to illegal pblock 18 (length 1)
[  227.431044][T11827] loop1: detected capacity change from 0 to 1024
[  227.445887][ T3328] hid-generic 0005:2F53:7FFFFFFF.0005: unknown main item tag 0x2
[  227.455157][ T3328] hid-generic 0005:2F53:7FFFFFFF.0005: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  227.455220][T11820] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.2952: lblock 23 mapped to illegal pblock 18 (length 1)
[  227.473100][T11827] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.512955][T11831] bridge0: port 3(vlan0) entered blocking state
[  227.519317][T11831] bridge0: port 3(vlan0) entered disabled state
[  227.527052][T11831] vlan0: entered allmulticast mode
[  227.533780][T11831] vlan0: left allmulticast mode
[  227.552905][T11820] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.2952: lblock 23 mapped to illegal pblock 18 (length 1)
[  227.569403][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.607818][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.640237][T11837] bridge0: port 3(vlan2) entered blocking state
[  227.645960][T11840] loop0: detected capacity change from 0 to 512
[  227.646581][T11837] bridge0: port 3(vlan2) entered disabled state
[  227.659393][T11837] vlan2: entered allmulticast mode
[  227.660527][T11840] EXT4-fs: Ignoring removed i_version option
[  227.675160][T11842] netlink: 'syz.3.2961': attribute type 2 has an invalid length.
[  227.683352][T11837] vlan2: left allmulticast mode
[  227.685839][T11840] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  227.703768][T11840] EXT4-fs (loop0): 1 truncate cleaned up
[  227.713113][T11840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.756855][T11849] loop4: detected capacity change from 0 to 512
[  227.811318][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  227.820274][T11849] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2964: corrupted in-inode xattr: invalid ea_ino
[  227.861600][T11849] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2964: couldn't read orphan inode 15 (err -117)
[  227.899599][T11849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.915537][   T24] hid-generic 0005:2F53:7FFFFFFF.0006: unknown main item tag 0x2
[  227.952400][   T24] hid-generic 0005:2F53:7FFFFFFF.0006: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  228.012617][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.032158][T11867] loop4: detected capacity change from 0 to 512
[  228.038670][T11867] EXT4-fs: inline encryption not supported
[  228.045882][T11864] bridge0: port 3(vlan2) entered blocking state
[  228.052303][T11864] bridge0: port 3(vlan2) entered disabled state
[  228.103956][T11864] vlan2: entered allmulticast mode
[  228.123434][T11867] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  228.149433][T11864] vlan2: left allmulticast mode
[  228.156074][T11867] System zones: 0-2, 18-18, 34-35
[  228.172456][T11867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.188449][T11869] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  228.200653][T11867] ext4 filesystem being mounted at /570/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.230096][T11867] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.2969: lblock 23 mapped to illegal pblock 18 (length 1)
[  228.273427][T11867] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.2969: lblock 23 mapped to illegal pblock 18 (length 1)
[  228.306221][T11867] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.2969: lblock 23 mapped to illegal pblock 18 (length 1)
[  228.439086][T11867] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.2969: lblock 23 mapped to illegal pblock 18 (length 1)
[  228.469273][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.563754][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.654577][T11893] loop0: detected capacity change from 0 to 512
[  228.663057][T11893] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2980: corrupted in-inode xattr: invalid ea_ino
[  228.678503][T11893] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2980: couldn't read orphan inode 15 (err -117)
[  228.691178][T11893] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.711739][ T3328] hid-generic 0005:2F53:7FFFFFFF.0007: unknown main item tag 0x2
[  228.719965][ T3328] hid-generic 0005:2F53:7FFFFFFF.0007: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  228.720390][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.787398][T11905] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2985'.
[  228.851333][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  228.933246][T11920] loop4: detected capacity change from 0 to 512
[  228.943582][ T3339] hid-generic 0005:2F53:7FFFFFFF.0008: unknown main item tag 0x2
[  228.953699][T11920] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2992: corrupted in-inode xattr: invalid ea_ino
[  228.967359][T11920] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2992: couldn't read orphan inode 15 (err -117)
[  228.971725][ T3339] hid-generic 0005:2F53:7FFFFFFF.0008: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  228.991641][T11920] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.024792][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.037708][T11934] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2997'.
[  229.219401][T11957] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  229.370051][T11964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.423407][T11964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.804460][T11977] syzkaller1: entered promiscuous mode
[  229.804930][   T24] hid-generic 0005:2F53:7FFFFFFF.0009: unknown main item tag 0x2
[  229.809955][T11977] syzkaller1: entered allmulticast mode
[  229.831611][   T24] hid-generic 0005:2F53:7FFFFFFF.0009: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  229.891321][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  229.977381][T11989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3020'.
[  230.036614][T11995] loop4: detected capacity change from 0 to 512
[  230.055073][T11995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.068036][T11995] ext4 filesystem being mounted at /589/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.317861][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.370925][   T24] hid-generic 0005:2F53:7FFFFFFF.000A: unknown main item tag 0x2
[  230.380215][   T24] hid-generic 0005:2F53:7FFFFFFF.000A: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  230.478306][T12024] loop4: detected capacity change from 0 to 512
[  230.487152][T12024] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.3031: corrupted in-inode xattr: invalid ea_ino
[  230.502725][T12024] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3031: couldn't read orphan inode 15 (err -117)
[  230.516249][T12024] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.546489][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.590981][T12028] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  230.772985][   T29] kauditd_printk_skb: 751 callbacks suppressed
[  230.772999][   T29] audit: type=1326 audit(1726265306.590:25036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11987 comm="syz.2.3019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f76b9254ea7 code=0x7ffc0000
[  230.840682][   T29] audit: type=1326 audit(1726265306.620:25037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11987 comm="syz.2.3019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f76b91f9869 code=0x7ffc0000
[  230.864273][   T29] audit: type=1326 audit(1726265306.620:25038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11987 comm="syz.2.3019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f76b9254ea7 code=0x7ffc0000
[  230.888106][   T29] audit: type=1326 audit(1726265306.620:25039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11987 comm="syz.2.3019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f76b91f9869 code=0x7ffc0000
[  230.911708][   T29] audit: type=1326 audit(1726265306.620:25040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11987 comm="syz.2.3019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f76b925def9 code=0x7ffc0000
[  230.935415][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  231.077457][T12054] SELinux:  policydb version 0 does not match my version range 15-33
[  231.086361][T12054] SELinux: failed to load policy
[  231.093783][T12054] team0: Device gtp0 is of different type
[  231.161846][T12058] syz.0.3042[12058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  231.161933][T12058] syz.0.3042[12058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  231.177199][   T29] audit: type=1326 audit(1726265306.990:25041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12057 comm="syz.0.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  231.212411][   T29] audit: type=1326 audit(1726265306.990:25042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12057 comm="syz.0.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  231.236137][   T29] audit: type=1326 audit(1726265306.990:25043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12057 comm="syz.0.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  231.259946][   T29] audit: type=1326 audit(1726265306.990:25044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12057 comm="syz.0.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  231.283635][   T29] audit: type=1326 audit(1726265306.990:25045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12057 comm="syz.0.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  231.350732][T12060] bridge0: port 3(vlan0) entered blocking state
[  231.357100][T12060] bridge0: port 3(vlan0) entered disabled state
[  231.371857][T12060] vlan0: entered allmulticast mode
[  231.379238][T12060] vlan0: left allmulticast mode
[  231.526977][T12074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3050'.
[  231.656799][T12093] syz.0.3053[12093] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  231.656869][T12093] syz.0.3053[12093] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  231.676744][T12093] FAULT_INJECTION: forcing a failure.
[  231.676744][T12093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.701275][T12093] CPU: 0 UID: 0 PID: 12093 Comm: syz.0.3053 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  231.712044][T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  231.722136][T12093] Call Trace:
[  231.725411][T12093]  <TASK>
[  231.728337][T12093]  dump_stack_lvl+0xf2/0x150
[  231.733064][T12093]  dump_stack+0x15/0x20
[  231.737219][T12093]  should_fail_ex+0x229/0x230
[  231.741930][T12093]  should_fail+0xb/0x10
[  231.746088][T12093]  should_fail_usercopy+0x1a/0x20
[  231.751116][T12093]  copy_to_user_nofault+0x7a/0x110
[  231.756261][T12093]  bpf_probe_write_user+0x80/0xc0
[  231.761325][T12093]  bpf_prog_853ff409725e1ea5+0x43/0x47
[  231.766778][T12093]  bpf_trace_run2+0x104/0x1d0
[  231.771536][T12093]  ? cn_release+0x61/0x80
[  231.775907][T12093]  ? cn_release+0x61/0x80
[  231.780388][T12093]  kfree+0x20d/0x290
[  231.784335][T12093]  cn_release+0x61/0x80
[  231.788503][T12093]  ? __pfx_cn_release+0x10/0x10
[  231.793367][T12093]  netlink_release+0x8a4/0xf20
[  231.798168][T12093]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  231.803882][T12093]  sock_close+0x68/0x150
[  231.808137][T12093]  ? __pfx_sock_close+0x10/0x10
[  231.813034][T12093]  __fput+0x192/0x6f0
[  231.817077][T12093]  __fput_sync+0x44/0x60
[  231.821390][T12093]  __se_sys_close+0x101/0x1b0
[  231.826069][T12093]  __x64_sys_close+0x1f/0x30
[  231.830706][T12093]  x64_sys_call+0x25cb/0x2d60
[  231.835392][T12093]  do_syscall_64+0xc9/0x1c0
[  231.839900][T12093]  ? clear_bhb_loop+0x55/0xb0
[  231.844578][T12093]  ? clear_bhb_loop+0x55/0xb0
[  231.849312][T12093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.855286][T12093] RIP: 0033:0x7f94b755def9
[  231.859745][T12093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.879414][T12093] RSP: 002b:00007f94b61d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  231.887822][T12093] RAX: ffffffffffffffda RBX: 00007f94b7715f80 RCX: 00007f94b755def9
[  231.895812][T12093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  231.903783][T12093] RBP: 00007f94b61d1090 R08: 0000000000000000 R09: 0000000000000000
[  231.911769][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.919764][T12093] R13: 0000000000000000 R14: 00007f94b7715f80 R15: 00007ffcb4048838
[  231.927799][T12093]  </TASK>
[  231.949263][   T40] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.981431][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  231.993480][   T40] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.038816][T12075] chnl_net:caif_netlink_parms(): no params data found
[  232.050994][   T40] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.073805][T12107] loop4: detected capacity change from 0 to 1024
[  232.080478][T12107] EXT4-fs: dax option not supported
[  232.101977][   T40] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.130878][T12114] syz.1.3058[12114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.131034][T12114] syz.1.3058[12114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.145769][T12075] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.164416][T12075] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.171919][T12075] bridge_slave_0: entered allmulticast mode
[  232.178506][T12075] bridge_slave_0: entered promiscuous mode
[  232.186875][T12075] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.193948][T12075] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.202882][T12075] bridge_slave_1: entered allmulticast mode
[  232.209396][T12075] bridge_slave_1: entered promiscuous mode
[  232.241645][T12075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.257499][T12075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.294914][T12075] team0: Port device team_slave_0 added
[  232.314105][T12075] team0: Port device team_slave_1 added
[  232.330293][T12127] syz.0.3063[12127] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.330352][T12127] syz.0.3063[12127] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.353033][   T40] bridge_slave_1: left allmulticast mode
[  232.370217][   T40] bridge_slave_1: left promiscuous mode
[  232.376147][   T40] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.410366][    T8] hid-generic 0005:2F53:7FFFFFFF.000B: unknown main item tag 0x2
[  232.422937][   T40] bridge_slave_0: left allmulticast mode
[  232.428588][   T40] bridge_slave_0: left promiscuous mode
[  232.434303][   T40] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.446371][    T8] hid-generic 0005:2F53:7FFFFFFF.000B: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  232.595137][   T40] @ (unregistering): (slave bond_slave_0): Releasing backup interface
[  232.615002][   T40] @ (unregistering): (slave bond_slave_1): Releasing backup interface
[  232.625326][   T40] @ (unregistering): Released all slaves
[  232.634280][T12075] batman_adv: batadv0: Adding interface: batadv_slave_0
[  232.641307][T12075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.667305][T12075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  232.681243][T12075] batman_adv: batadv0: Adding interface: batadv_slave_1
[  232.688249][T12075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.706866][T12141] loop0: detected capacity change from 0 to 512
[  232.714205][T12075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  232.723049][T12141] EXT4-fs: Ignoring removed i_version option
[  232.741145][T12141] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  232.752664][T12141] EXT4-fs (loop0): 1 truncate cleaned up
[  232.758920][T12141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.773896][T12075] hsr_slave_0: entered promiscuous mode
[  232.794224][T12075] hsr_slave_1: entered promiscuous mode
[  232.801919][T12075] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  232.809538][T12075] Cannot create hsr debugfs directory
[  232.838480][T12148] syz.3.3069[12148] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.838595][T12148] syz.3.3069[12148] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.841170][   T40] hsr_slave_0: left promiscuous mode
[  232.872689][   T40] hsr_slave_1: left promiscuous mode
[  232.878524][   T40] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.886289][   T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  232.893800][   T40] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.918708][   T40] veth1_macvtap: left promiscuous mode
[  232.924430][   T40] veth0_macvtap: left promiscuous mode
[  232.930021][   T40] veth1_vlan: left promiscuous mode
[  232.935339][   T40] veth0_vlan: left promiscuous mode
[  233.011386][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  233.061648][   T40] team0 (unregistering): Port device team_slave_1 removed
[  233.076679][   T40] team0 (unregistering): Port device team_slave_0 removed
[  233.255743][T12161] FAULT_INJECTION: forcing a failure.
[  233.255743][T12161] name failslab, interval 1, probability 0, space 0, times 0
[  233.268687][T12161] CPU: 1 UID: 0 PID: 12161 Comm: syz.1.3073 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  233.279458][T12161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  233.289513][T12161] Call Trace:
[  233.292790][T12161]  <TASK>
[  233.295726][T12161]  dump_stack_lvl+0xf2/0x150
[  233.300345][T12161]  dump_stack+0x15/0x20
[  233.304587][T12161]  should_fail_ex+0x229/0x230
[  233.309388][T12161]  ? getname_flags+0x81/0x3b0
[  233.314086][T12161]  should_failslab+0x8f/0xb0
[  233.318786][T12161]  kmem_cache_alloc_noprof+0x4c/0x290
[  233.324186][T12161]  getname_flags+0x81/0x3b0
[  233.328820][T12161]  user_path_at+0x26/0x110
[  233.333273][T12161]  __se_sys_quotactl+0xb2/0x660
[  233.338405][T12161]  ? fput+0x13b/0x180
[  233.342492][T12161]  __x64_sys_quotactl+0x55/0x70
[  233.347370][T12161]  x64_sys_call+0x2b7f/0x2d60
[  233.352165][T12161]  do_syscall_64+0xc9/0x1c0
[  233.356699][T12161]  ? clear_bhb_loop+0x55/0xb0
[  233.361391][T12161]  ? clear_bhb_loop+0x55/0xb0
[  233.366086][T12161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.372074][T12161] RIP: 0033:0x7f6948c3def9
[  233.376491][T12161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.396157][T12161] RSP: 002b:00007f69478b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  233.404604][T12161] RAX: ffffffffffffffda RBX: 00007f6948df5f80 RCX: 00007f6948c3def9
[  233.412589][T12161] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffffffff80000201
[  233.420621][T12161] RBP: 00007f69478b7090 R08: 0000000000000000 R09: 0000000000000000
[  233.428602][T12161] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[  233.436670][T12161] R13: 0000000000000000 R14: 00007f6948df5f80 R15: 00007ffd324e7b58
[  233.444701][T12161]  </TASK>
[  233.541614][ T3328] hid-generic 0005:2F53:7FFFFFFF.000C: unknown main item tag 0x2
[  233.555282][ T3328] hid-generic 0005:2F53:7FFFFFFF.000C: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  233.643392][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.826101][T12075] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  233.848216][T12075] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  233.857720][T12187] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  233.871427][T12075] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  233.886779][T12075] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  233.975953][T12075] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.015895][T12075] 8021q: adding VLAN 0 to HW filter on device team0
[  234.026478][ T3268] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.033590][ T3268] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.044931][ T3889] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.052062][ T3889] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.061325][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  234.146688][ T3328] hid-generic 0005:2F53:7FFFFFFF.000D: unknown main item tag 0x2
[  234.153448][T12075] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.167232][ T3328] hid-generic 0005:2F53:7FFFFFFF.000D: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  234.265045][T12075] veth0_vlan: entered promiscuous mode
[  234.275351][T12075] veth1_vlan: entered promiscuous mode
[  234.295613][T12075] veth0_macvtap: entered promiscuous mode
[  234.303268][T12075] veth1_macvtap: entered promiscuous mode
[  234.316648][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.327147][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.337047][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.347557][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.357551][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.368022][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.377838][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.388421][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.398429][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.409002][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.418923][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.429482][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.442823][T12075] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.454596][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.465092][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.474934][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.485456][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.495277][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.505759][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.515783][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.518635][T12216] loop4: detected capacity change from 0 to 512
[  234.526264][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.542407][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.544127][T12216] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.3091: corrupted in-inode xattr: invalid ea_ino
[  234.552824][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.552881][T12075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.568339][T12216] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3091: couldn't read orphan inode 15 (err -117)
[  234.575912][T12075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.586573][T12075] batman_adv: batadv0: Interface activated: batadv_slave_1
[  234.604569][T12216] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.613866][T12075] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.636590][T12075] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.645384][T12075] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.654097][T12075] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.670655][ T4268] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.029920][T12247] loop1: detected capacity change from 0 to 164
[  235.049630][T12247] iso9660: Unknown parameter '0x0000000000000004��01777777777777777777777'
[  235.091314][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  235.214432][T12236] chnl_net:caif_netlink_parms(): no params data found
[  235.221984][T12259] loop0: detected capacity change from 0 to 512
[  235.232385][T12259] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.3102: corrupted in-inode xattr: invalid ea_ino
[  235.254656][T12259] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3102: couldn't read orphan inode 15 (err -117)
[  235.280483][T12259] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.326451][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.352722][T12265] loop0: detected capacity change from 0 to 512
[  235.361421][T12236] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.368520][T12236] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.381517][T12265] EXT4-fs: Ignoring removed i_version option
[  235.390213][T12236] bridge_slave_0: entered allmulticast mode
[  235.396833][T12265] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  235.411323][T12236] bridge_slave_0: entered promiscuous mode
[  235.424137][ T3889] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.444441][T12265] EXT4-fs (loop0): 1 truncate cleaned up
[  235.450795][T12265] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.468798][T12236] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.475922][T12236] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.492075][ T3328] hid-generic 0005:2F53:7FFFFFFF.000E: unknown main item tag 0x2
[  235.511551][T12236] bridge_slave_1: entered allmulticast mode
[  235.518181][T12236] bridge_slave_1: entered promiscuous mode
[  235.529794][ T3328] hid-generic 0005:2F53:7FFFFFFF.000E: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  235.541183][ T3889] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.569256][T12236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.590265][T12236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.603420][ T3889] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.632420][T12236] team0: Port device team_slave_0 added
[  235.639631][T12236] team0: Port device team_slave_1 added
[  235.658238][ T3889] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.723835][T12236] batman_adv: batadv0: Adding interface: batadv_slave_0
[  235.730784][T12236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  235.756754][T12236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  235.773846][T12236] batman_adv: batadv0: Adding interface: batadv_slave_1
[  235.780820][T12236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  235.806870][T12236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  235.812500][   T29] kauditd_printk_skb: 571 callbacks suppressed
[  235.812515][   T29] audit: type=1326 audit(1726265311.620:25617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b8b064ea7 code=0x7ffc0000
[  235.847197][   T29] audit: type=1326 audit(1726265311.620:25618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4b8b009869 code=0x7ffc0000
[  235.870815][   T29] audit: type=1326 audit(1726265311.620:25619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  235.894520][   T29] audit: type=1326 audit(1726265311.650:25620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b8b064ea7 code=0x7ffc0000
[  235.918115][   T29] audit: type=1326 audit(1726265311.650:25621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4b8b009869 code=0x7ffc0000
[  235.941588][   T29] audit: type=1326 audit(1726265311.650:25622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  235.965366][   T29] audit: type=1326 audit(1726265311.650:25623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b8b064ea7 code=0x7ffc0000
[  235.988963][   T29] audit: type=1326 audit(1726265311.650:25624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4b8b009869 code=0x7ffc0000
[  236.012528][   T29] audit: type=1326 audit(1726265311.650:25625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  236.036198][   T29] audit: type=1326 audit(1726265311.660:25626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12252 comm="syz.3.3100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b8b064ea7 code=0x7ffc0000
[  236.093412][T12236] hsr_slave_0: entered promiscuous mode
[  236.105044][T12236] hsr_slave_1: entered promiscuous mode
[  236.121392][T12236] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  236.128967][T12236] Cannot create hsr debugfs directory
[  236.141342][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  236.144438][ T3339] hid-generic 0005:2F53:7FFFFFFF.000F: unknown main item tag 0x2
[  236.165659][ T3339] hid-generic 0005:2F53:7FFFFFFF.000F: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  236.229087][ T3889] bridge_slave_1: left allmulticast mode
[  236.234999][ T3889] bridge_slave_1: left promiscuous mode
[  236.240687][ T3889] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.254154][ T3889] bridge_slave_0: left allmulticast mode
[  236.259875][ T3889] bridge_slave_0: left promiscuous mode
[  236.265685][ T3889] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.274650][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.382842][T12297] loop3: detected capacity change from 0 to 512
[  236.390675][T12297] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.3115: corrupted in-inode xattr: invalid ea_ino
[  236.407668][T12297] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3115: couldn't read orphan inode 15 (err -117)
[  236.420155][T12297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.443537][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.483925][ T3889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  236.513738][ T3889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  236.552343][ T3889] bond0 (unregistering): Released all slaves
[  236.562271][ T3889] bond1 (unregistering): Released all slaves
[  236.585094][T12304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.659108][T12304] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.718127][T12302] bridge0: port 3(vlan0) entered blocking state
[  236.724640][T12302] bridge0: port 3(vlan0) entered disabled state
[  236.758325][T12302] vlan0: entered allmulticast mode
[  236.792627][T12302] vlan0: left allmulticast mode
[  236.839453][ T3889] hsr_slave_0: left promiscuous mode
[  236.848857][ T3889] hsr_slave_1: left promiscuous mode
[  236.861156][ T3889] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  236.868664][ T3889] batman_adv: batadv0: Removing interface: batadv_slave_0
[  236.876406][ T3889] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  236.883849][ T3889] batman_adv: batadv0: Removing interface: batadv_slave_1
[  236.893344][ T3889] veth1_macvtap: left promiscuous mode
[  236.898830][ T3889] veth0_macvtap: left promiscuous mode
[  236.904391][ T3889] veth1_vlan: left promiscuous mode
[  236.909590][ T3889] veth0_vlan: left promiscuous mode
[  236.925491][T12312] syz.3.3119[12312] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  236.925562][T12312] syz.3.3119[12312] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  237.009444][ T3889] team0 (unregistering): Port device team_slave_1 removed
[  237.036736][ T3889] team0 (unregistering): Port device team_slave_0 removed
[  237.150496][T12317] syz.3.3121[12317] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  237.150566][T12317] syz.3.3121[12317] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  237.171357][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  237.198672][T12319] pim6reg1: entered promiscuous mode
[  237.204102][T12319] pim6reg1: entered allmulticast mode
[  237.227064][T12319] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  237.454664][T12236] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  237.463003][T12236] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  237.471147][T12236] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  237.511882][T12236] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  237.561566][T12236] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.573478][T12236] 8021q: adding VLAN 0 to HW filter on device team0
[  237.586976][  T168] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.594064][  T168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.626444][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.633531][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.708994][T12334] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  237.729657][T12334] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.736932][T12334] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.744219][T12334] bridge0: entered allmulticast mode
[  237.957724][T12236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  238.151020][T12236] veth0_vlan: entered promiscuous mode
[  238.165664][T12236] veth1_vlan: entered promiscuous mode
[  238.190372][T12236] veth0_macvtap: entered promiscuous mode
[  238.200945][T12362] syz.0.3131[12362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.201093][T12362] syz.0.3131[12362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.203419][T12236] veth1_macvtap: entered promiscuous mode
[  238.212573][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  238.248381][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  238.258867][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.268802][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  238.279259][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.289189][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  238.299767][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.309578][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  238.320100][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.329924][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  238.340576][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.350404][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  238.360889][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.374877][T12236] batman_adv: batadv0: Interface activated: batadv_slave_0
[  238.386708][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  238.397213][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.407066][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  238.417534][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.427487][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  238.437965][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.447789][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  238.458346][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.468193][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  238.478647][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.488460][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  238.498960][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  238.533584][T12236] batman_adv: batadv0: Interface activated: batadv_slave_1
[  238.559575][T12236] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  238.568415][T12236] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  238.577215][T12236] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  238.585942][T12236] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.598880][T12369] bridge0: port 3(vlan2) entered blocking state
[  238.605359][T12369] bridge0: port 3(vlan2) entered disabled state
[  238.612223][T12369] vlan2: entered allmulticast mode
[  238.618109][T12369] vlan2: left allmulticast mode
[  238.705256][T12375] loop3: detected capacity change from 0 to 512
[  238.724979][T12375] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.3135: corrupted in-inode xattr: invalid ea_ino
[  238.752839][T12375] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3135: couldn't read orphan inode 15 (err -117)
[  238.794677][T12375] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.868418][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.030968][T12394] loop2: detected capacity change from 0 to 512
[  239.060502][T12394] EXT4-fs: inline encryption not supported
[  239.094556][T12394] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  239.116192][T12394] System zones: 0-2, 18-18, 34-35
[  239.134858][T12394] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.175362][T12394] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.214845][T12394] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3141: lblock 23 mapped to illegal pblock 18 (length 1)
[  239.247084][T12394] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3141: lblock 23 mapped to illegal pblock 18 (length 1)
[  239.261314][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  239.276461][T12394] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3141: lblock 23 mapped to illegal pblock 18 (length 1)
[  239.362864][T12394] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3141: lblock 23 mapped to illegal pblock 18 (length 1)
[  239.470478][T12409] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  239.492768][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.514295][T12414] bridge0: port 3(vlan2) entered blocking state
[  239.520658][T12414] bridge0: port 3(vlan2) entered disabled state
[  239.549189][T12414] vlan2: entered allmulticast mode
[  239.562730][T12414] vlan2: left allmulticast mode
[  239.859986][T12425] pim6reg1: entered promiscuous mode
[  239.865369][T12425] pim6reg1: entered allmulticast mode
[  239.873541][T12431] loop3: detected capacity change from 0 to 512
[  239.892996][T12431] EXT4-fs: Ignoring removed i_version option
[  239.900928][T12425] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  239.926674][T12431] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  239.943340][T12431] EXT4-fs (loop3): 1 truncate cleaned up
[  239.953200][T12431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.291583][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  240.457398][T12442] FAULT_INJECTION: forcing a failure.
[  240.457398][T12442] name failslab, interval 1, probability 0, space 0, times 0
[  240.470078][T12442] CPU: 1 UID: 0 PID: 12442 Comm: syz.1.3158 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  240.480954][T12442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  240.491015][T12442] Call Trace:
[  240.494355][T12442]  <TASK>
[  240.497298][T12442]  dump_stack_lvl+0xf2/0x150
[  240.501911][T12442]  dump_stack+0x15/0x20
[  240.506137][T12442]  should_fail_ex+0x229/0x230
[  240.510851][T12442]  ? tun_device_event+0x40b/0x9e0
[  240.515971][T12442]  should_failslab+0x8f/0xb0
[  240.520589][T12442]  __kmalloc_noprof+0xa5/0x370
[  240.525430][T12442]  tun_device_event+0x40b/0x9e0
[  240.530354][T12442]  ? inetdev_event+0x456/0xb10
[  240.535143][T12442]  ? macvtap_device_event+0x70/0x320
[  240.540442][T12442]  ? team_device_event+0xf3/0x600
[  240.545485][T12442]  ? __pfx_tun_device_event+0x10/0x10
[  240.550956][T12442]  raw_notifier_call_chain+0x6f/0x1d0
[  240.556338][T12442]  call_netdevice_notifiers_info+0xae/0x100
[  240.562271][T12442]  dev_change_tx_queue_len+0xbb/0x170
[  240.567663][T12442]  dev_ifsioc+0x63e/0xa10
[  240.571999][T12442]  dev_ioctl+0x7fa/0xab0
[  240.576261][T12442]  sock_do_ioctl+0x11c/0x260
[  240.580924][T12442]  sock_ioctl+0x470/0x640
[  240.585279][T12442]  ? __pfx_sock_ioctl+0x10/0x10
[  240.590157][T12442]  __se_sys_ioctl+0xd3/0x150
[  240.594754][T12442]  __x64_sys_ioctl+0x43/0x50
[  240.599384][T12442]  x64_sys_call+0x15cc/0x2d60
[  240.604084][T12442]  do_syscall_64+0xc9/0x1c0
[  240.608602][T12442]  ? clear_bhb_loop+0x55/0xb0
[  240.613341][T12442]  ? clear_bhb_loop+0x55/0xb0
[  240.618099][T12442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.624009][T12442] RIP: 0033:0x7f6948c3def9
[  240.628424][T12442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.648031][T12442] RSP: 002b:00007f69478b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  240.656488][T12442] RAX: ffffffffffffffda RBX: 00007f6948df5f80 RCX: 00007f6948c3def9
[  240.664506][T12442] RDX: 0000000020000080 RSI: 0000000000008943 RDI: 0000000000000008
[  240.672487][T12442] RBP: 00007f69478b7090 R08: 0000000000000000 R09: 0000000000000000
[  240.680464][T12442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.688470][T12442] R13: 0000000000000000 R14: 00007f6948df5f80 R15: 00007ffd324e7b58
[  240.690324][T12445] loop2: detected capacity change from 0 to 512
[  240.696437][T12442]  </TASK>
[  240.697397][T12442] syzkaller0: refused to change device tx_queue_len
[  240.726639][T12445] EXT4-fs: inline encryption not supported
[  240.756329][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.769111][T12445] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  240.779046][T12445] System zones: 0-2, 18-18, 34-35
[  240.790107][T12445] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  240.811105][T12444] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3159: lblock 23 mapped to illegal pblock 18 (length 1)
[  240.830724][ T3340] hid-generic 0005:2F53:7FFFFFFF.0010: unknown main item tag 0x2
[  240.839033][ T3340] hid-generic 0005:2F53:7FFFFFFF.0010: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  240.879726][T12445] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3159: lblock 23 mapped to illegal pblock 18 (length 1)
[  240.920179][T12458] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  240.933690][T12444] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3159: lblock 23 mapped to illegal pblock 18 (length 1)
[  240.968562][   T29] kauditd_printk_skb: 664 callbacks suppressed
[  240.968575][   T29] audit: type=1326 audit(1726265316.780:26291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12462 comm="syz.3.3167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  241.014576][   T29] audit: type=1326 audit(1726265316.820:26292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12462 comm="syz.3.3167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  241.038233][   T29] audit: type=1326 audit(1726265316.820:26293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12462 comm="syz.3.3167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  241.040923][T12468] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  241.061911][   T29] audit: type=1326 audit(1726265316.820:26294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12462 comm="syz.3.3167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b8b06def9 code=0x7ffc0000
[  241.092824][   T29] audit: type=1326 audit(1726265316.820:26295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12461 comm="syz.1.3166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6948c3def9 code=0x7ffc0000
[  241.116488][   T29] audit: type=1326 audit(1726265316.820:26296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12461 comm="syz.1.3166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6948c3def9 code=0x7ffc0000
[  241.140232][   T29] audit: type=1326 audit(1726265316.820:26297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12461 comm="syz.1.3166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6948c3def9 code=0x7ffc0000
[  241.158349][T12444] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3159: lblock 23 mapped to illegal pblock 18 (length 1)
[  241.163821][   T29] audit: type=1326 audit(1726265316.820:26298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12461 comm="syz.1.3166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6948c3def9 code=0x7ffc0000
[  241.201541][   T29] audit: type=1326 audit(1726265316.820:26299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12461 comm="syz.1.3166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6948c3def9 code=0x7ffc0000
[  241.225185][   T29] audit: type=1326 audit(1726265316.820:26300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12461 comm="syz.1.3166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6948c3def9 code=0x7ffc0000
[  241.306420][T12473] syz.4.3170[12473] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.306475][T12473] syz.4.3170[12473] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.325564][T12473] pim6reg1: entered promiscuous mode
[  241.341331][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  241.342527][T12473] pim6reg1: entered allmulticast mode
[  241.454795][ T3340] hid-generic 0005:2F53:7FFFFFFF.0011: unknown main item tag 0x2
[  241.486353][ T3340] hid-generic 0005:2F53:7FFFFFFF.0011: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  241.548990][T12494] loop1: detected capacity change from 0 to 512
[  241.555574][T12494] EXT4-fs: Ignoring removed i_version option
[  241.561818][T12494] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  241.573226][T12494] EXT4-fs (loop1): 1 truncate cleaned up
[  241.626609][T12499] loop2: detected capacity change from 0 to 512
[  241.640534][T12499] EXT4-fs: Ignoring removed i_version option
[  241.648262][T12499] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  241.660482][T12499] EXT4-fs (loop2): 1 truncate cleaned up
[  242.219223][T12510] loop3: detected capacity change from 0 to 512
[  242.228650][T12510] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.3182: corrupted in-inode xattr: invalid ea_ino
[  242.242278][T12510] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3182: couldn't read orphan inode 15 (err -117)
[  242.319626][T12513] loop3: detected capacity change from 0 to 512
[  242.341572][T12513] EXT4-fs: inline encryption not supported
[  242.362098][T12513] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  242.370849][T12513] System zones: 0-2, 18-18, 34-35
[  242.381338][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  242.384455][T12513] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.428118][T12513] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3183: lblock 23 mapped to illegal pblock 18 (length 1)
[  242.450675][T12513] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3183: lblock 23 mapped to illegal pblock 18 (length 1)
[  242.482356][T12513] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3183: lblock 23 mapped to illegal pblock 18 (length 1)
[  242.539083][T12519] loop0: detected capacity change from 0 to 1024
[  242.573024][T12513] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3183: lblock 23 mapped to illegal pblock 18 (length 1)
[  242.672863][ T3401] hid-generic 0005:2F53:7FFFFFFF.0012: unknown main item tag 0x2
[  242.693214][ T3401] hid-generic 0005:2F53:7FFFFFFF.0012: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  242.763624][T12536] loop3: detected capacity change from 0 to 512
[  242.778860][T12536] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.3191: corrupted in-inode xattr: invalid ea_ino
[  242.792586][T12536] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3191: couldn't read orphan inode 15 (err -117)
[  242.792793][T12538] loop1: detected capacity change from 0 to 1024
[  242.829732][T12538] EXT4-fs: dax option not supported
[  242.874199][T12544] bridge0: port 3(vlan0) entered blocking state
[  242.880555][T12544] bridge0: port 3(vlan0) entered disabled state
[  242.887050][T12544] vlan0: entered allmulticast mode
[  242.894473][T12544] vlan0: left allmulticast mode
[  242.958955][T12552] loop3: detected capacity change from 0 to 512
[  242.965648][T12552] EXT4-fs: Ignoring removed i_version option
[  242.972449][T12552] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  242.985200][T12552] EXT4-fs (loop3): 1 truncate cleaned up
[  243.411328][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  243.526491][T12560] loop0: detected capacity change from 0 to 512
[  243.533189][T12560] EXT4-fs: Ignoring removed i_version option
[  243.541335][T12560] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  243.572079][T12560] EXT4-fs (loop0): 1 truncate cleaned up
[  243.762810][T12567] loop1: detected capacity change from 0 to 512
[  243.770748][T12567] EXT4-fs: inline encryption not supported
[  243.793677][T12567] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  243.805046][T12567] System zones: 0-2, 18-18, 34-35
[  243.810700][T12567] ext4 filesystem being mounted at /227/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.843817][T12567] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3199: lblock 23 mapped to illegal pblock 18 (length 1)
[  243.892445][T12567] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3199: lblock 23 mapped to illegal pblock 18 (length 1)
[  243.929622][T12567] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3199: lblock 23 mapped to illegal pblock 18 (length 1)
[  244.047282][T12567] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3199: lblock 23 mapped to illegal pblock 18 (length 1)
[  244.451315][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  244.474898][T12602] loop0: detected capacity change from 0 to 512
[  244.497707][T12602] EXT4-fs: Ignoring removed i_version option
[  244.507120][T12602] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  244.521800][T12602] EXT4-fs (loop0): 1 truncate cleaned up
[  245.211976][T12614] loop2: detected capacity change from 0 to 512
[  245.225618][T12614] EXT4-fs: inline encryption not supported
[  245.250549][T12614] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  245.259146][T12614] System zones: 0-2, 18-18, 34-35
[  245.268037][T12614] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.307734][T12614] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3214: lblock 23 mapped to illegal pblock 18 (length 1)
[  245.339961][T12614] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3214: lblock 23 mapped to illegal pblock 18 (length 1)
[  245.358328][T12614] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3214: lblock 23 mapped to illegal pblock 18 (length 1)
[  245.493029][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  245.501977][T12614] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3214: lblock 23 mapped to illegal pblock 18 (length 1)
[  245.642474][T12636] 9pnet_fd: Insufficient options for proto=fd
[  245.971426][   T29] kauditd_printk_skb: 762 callbacks suppressed
[  245.971442][   T29] audit: type=1326 audit(1726265321.790:27063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff9c8d54ea7 code=0x7ffc0000
[  246.028337][   T29] audit: type=1326 audit(1726265321.790:27064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9c8cf9869 code=0x7ffc0000
[  246.042033][T12649] loop1: detected capacity change from 0 to 512
[  246.052041][   T29] audit: type=1326 audit(1726265321.790:27065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7ff9c8d5def9 code=0x7ffc0000
[  246.061711][T12649] EXT4-fs: Ignoring removed i_version option
[  246.081744][   T29] audit: type=1326 audit(1726265321.820:27067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12642 comm="syz.0.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  246.110669][T12649] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  246.111267][   T29] audit: type=1326 audit(1726265321.820:27068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12642 comm="syz.0.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  246.144799][   T29] audit: type=1326 audit(1726265321.820:27066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff9c8d54ea7 code=0x7ffc0000
[  246.168344][   T29] audit: type=1326 audit(1726265321.820:27069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9c8cf9869 code=0x7ffc0000
[  246.191821][   T29] audit: type=1326 audit(1726265321.820:27070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7ff9c8d5def9 code=0x7ffc0000
[  246.193715][T12649] EXT4-fs (loop1): 1 truncate cleaned up
[  246.215420][   T29] audit: type=1326 audit(1726265321.820:27071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff9c8d54ea7 code=0x7ffc0000
[  246.215461][   T29] audit: type=1326 audit(1726265321.820:27072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12637 comm="syz.2.3224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9c8cf9869 code=0x7ffc0000
[  246.541361][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  246.549086][T12663] loop2: detected capacity change from 0 to 1024
[  246.557767][T12663] EXT4-fs: dax option not supported
[  246.691164][T12675] loop3: detected capacity change from 0 to 512
[  246.699615][T12675] EXT4-fs: inline encryption not supported
[  246.714424][T12675] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  246.762455][T12675] System zones: 0-2, 18-18, 34-35
[  246.762930][T12679] bridge0: port 3(vlan2) entered blocking state
[  246.773949][T12679] bridge0: port 3(vlan2) entered disabled state
[  246.791382][T12679] vlan2: entered allmulticast mode
[  246.794046][T12675] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  246.807588][T12679] vlan2: left allmulticast mode
[  246.814707][T12675] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3234: lblock 23 mapped to illegal pblock 18 (length 1)
[  246.833737][T12675] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3234: lblock 23 mapped to illegal pblock 18 (length 1)
[  246.850086][T12675] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3234: lblock 23 mapped to illegal pblock 18 (length 1)
[  247.047301][T12675] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3234: lblock 23 mapped to illegal pblock 18 (length 1)
[  247.125172][T12686] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  247.211797][T12690] loop0: detected capacity change from 0 to 2048
[  247.581362][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  247.659492][ T3340] hid-generic 0005:2F53:7FFFFFFF.0013: unknown main item tag 0x2
[  247.675708][T12711] loop2: detected capacity change from 0 to 512
[  247.691705][ T3340] hid-generic 0005:2F53:7FFFFFFF.0013: hidraw0: BLUETOOTH HID v0.07 Device [syz0] on syz0
[  247.712748][T12711] EXT4-fs: Ignoring removed i_version option
[  247.741214][T12711] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  247.775215][T12711] EXT4-fs (loop2): 1 truncate cleaned up
[  248.275049][T12724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.294533][T12724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.304431][T12723] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  248.458035][T12727] loop1: detected capacity change from 0 to 2048
[  248.525856][T12729] loop0: detected capacity change from 0 to 512
[  248.562753][T12727] EXT4-fs mount: 31 callbacks suppressed
[  248.562765][T12727] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  248.587083][T12729] EXT4-fs: inline encryption not supported
[  248.611681][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  248.619630][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.630612][T12729] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  248.644819][T12729] System zones: 0-2, 18-18, 34-35
[  248.654920][T12729] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.694593][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.699145][T12729] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.719850][T12729] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3254: lblock 23 mapped to illegal pblock 18 (length 1)
[  248.736257][T12729] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3254: lblock 23 mapped to illegal pblock 18 (length 1)
[  248.751002][T12729] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3254: lblock 23 mapped to illegal pblock 18 (length 1)
[  248.876357][T12729] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3254: lblock 23 mapped to illegal pblock 18 (length 1)
[  248.898086][T12743] loop2: detected capacity change from 0 to 2048
[  248.918781][T12743] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  248.949250][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.988286][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.015088][T12754] syz.1.3263[12754] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  249.015172][T12754] syz.1.3263[12754] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  249.057674][T12760] loop2: detected capacity change from 0 to 512
[  249.076050][T12760] EXT4-fs: Ignoring removed i_version option
[  249.082872][T12760] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  249.094414][T12760] EXT4-fs (loop2): 1 truncate cleaned up
[  249.102114][T12760] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.214336][T12768] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  249.293456][T12775] loop0: detected capacity change from 0 to 512
[  249.300649][T12775] EXT4-fs: inline encryption not supported
[  249.323087][T12775] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  249.333882][T12775] System zones: 0-2, 18-18, 34-35
[  249.339667][T12775] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.355220][T12775] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  249.369395][T12775] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3271: lblock 23 mapped to illegal pblock 18 (length 1)
[  249.385749][T12775] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3271: lblock 23 mapped to illegal pblock 18 (length 1)
[  249.423169][T12775] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3271: lblock 23 mapped to illegal pblock 18 (length 1)
[  249.523722][T12775] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3271: lblock 23 mapped to illegal pblock 18 (length 1)
[  249.557477][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.612137][T12780] loop0: detected capacity change from 0 to 128
[  249.619054][T12780] ext4: Unknown parameter 'obj_user'
[  249.637800][T12780] can: request_module (can-proto-0) failed.
[  249.651322][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  249.808911][T12788] bridge0: port 3(vlan0) entered blocking state
[  249.815316][T12788] bridge0: port 3(vlan0) entered disabled state
[  249.831504][T12788] vlan0: entered allmulticast mode
[  249.837501][T12788] vlan0: left allmulticast mode
[  250.045329][T12801] loop0: detected capacity change from 0 to 512
[  250.052938][T12801] EXT4-fs: Ignoring removed i_version option
[  250.059501][T12801] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  250.074633][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.075105][T12801] EXT4-fs (loop0): 1 truncate cleaned up
[  250.089692][T12801] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.104409][T12804] loop2: detected capacity change from 0 to 512
[  250.110912][T12804] EXT4-fs: inline encryption not supported
[  250.123004][T12804] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  250.131059][T12804] System zones: 0-2, 18-18, 34-35
[  250.136882][T12804] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.149533][T12804] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  250.164474][T12804] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3282: lblock 23 mapped to illegal pblock 18 (length 1)
[  250.183851][T12804] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3282: lblock 23 mapped to illegal pblock 18 (length 1)
[  250.199847][T12804] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3282: lblock 23 mapped to illegal pblock 18 (length 1)
[  250.319506][T12804] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3282: lblock 23 mapped to illegal pblock 18 (length 1)
[  250.347633][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.444805][T12883] loop1: detected capacity change from 0 to 1024
[  250.452647][T12883] EXT4-fs: Ignoring removed nobh option
[  250.459320][T12885] loop4: detected capacity change from 0 to 512
[  250.467641][T12885] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.3289: corrupted in-inode xattr: invalid ea_ino
[  250.472953][T12883] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  250.494332][T12883] FAULT_INJECTION: forcing a failure.
[  250.494332][T12883] name failslab, interval 1, probability 0, space 0, times 0
[  250.495037][T12885] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3289: couldn't read orphan inode 15 (err -117)
[  250.507004][T12883] CPU: 0 UID: 0 PID: 12883 Comm: syz.1.3288 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  250.507035][T12883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  250.507060][T12883] Call Trace:
[  250.507068][T12883]  <TASK>
[  250.525270][T12885] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.529572][T12883]  dump_stack_lvl+0xf2/0x150
[  250.562978][T12883]  dump_stack+0x15/0x20
[  250.567149][T12883]  should_fail_ex+0x229/0x230
[  250.571857][T12883]  ? __iomap_dio_rw+0x14e/0x1090
[  250.576793][T12883]  should_failslab+0x8f/0xb0
[  250.581409][T12883]  __kmalloc_cache_noprof+0x4b/0x2a0
[  250.586755][T12883]  __iomap_dio_rw+0x14e/0x1090
[  250.591538][T12883]  ? __rcu_read_unlock+0x4e/0x70
[  250.596530][T12883]  iomap_dio_rw+0x40/0x90
[  250.600871][T12883]  ext4_file_read_iter+0x220/0x2a0
[  250.606048][T12883]  copy_splice_read+0x3a4/0x5d0
[  250.610903][T12883]  ? __pfx_ext4_file_splice_read+0x10/0x10
[  250.616704][T12883]  splice_direct_to_actor+0x28e/0x670
[  250.622109][T12883]  ? __pfx_direct_splice_actor+0x10/0x10
[  250.627758][T12883]  do_splice_direct+0xd7/0x150
[  250.632635][T12883]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  250.638586][T12883]  do_sendfile+0x3ab/0x950
[  250.643004][T12883]  __x64_sys_sendfile64+0x110/0x150
[  250.648222][T12883]  x64_sys_call+0xed5/0x2d60
[  250.652820][T12883]  do_syscall_64+0xc9/0x1c0
[  250.657396][T12883]  ? clear_bhb_loop+0x55/0xb0
[  250.662143][T12883]  ? clear_bhb_loop+0x55/0xb0
[  250.666846][T12883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.672849][T12883] RIP: 0033:0x7f6948c3def9
[  250.677271][T12883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.696936][T12883] RSP: 002b:00007f69478b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  250.705379][T12883] RAX: ffffffffffffffda RBX: 00007f6948df5f80 RCX: 00007f6948c3def9
[  250.711385][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  250.713339][T12883] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  250.713359][T12883] RBP: 00007f69478b7090 R08: 0000000000000000 R09: 0000000000000000
[  250.736257][T12883] R10: 0000000100000008 R11: 0000000000000246 R12: 0000000000000001
[  250.744306][T12883] R13: 0000000000000000 R14: 00007f6948df5f80 R15: 00007ffd324e7b58
[  250.752303][T12883]  </TASK>
[  250.758504][T12236] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.779374][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.953895][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.983531][   T29] kauditd_printk_skb: 996 callbacks suppressed
[  250.983542][   T29] audit: type=1326 audit(1726265326.800:28069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12903 comm="syz.0.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  251.015445][   T29] audit: type=1326 audit(1726265326.800:28070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12879 comm="syz.2.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff9c8d54ea7 code=0x7ffc0000
[  251.018768][T12902] loop4: detected capacity change from 0 to 512
[  251.038979][   T29] audit: type=1326 audit(1726265326.800:28071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12879 comm="syz.2.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9c8cf9869 code=0x7ffc0000
[  251.068688][   T29] audit: type=1326 audit(1726265326.800:28072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12879 comm="syz.2.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7ff9c8d5def9 code=0x7ffc0000
[  251.069199][T12902] EXT4-fs: inline encryption not supported
[  251.092479][   T29] audit: type=1326 audit(1726265326.830:28073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12879 comm="syz.2.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff9c8d54ea7 code=0x7ffc0000
[  251.092514][   T29] audit: type=1326 audit(1726265326.830:28075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12879 comm="syz.2.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9c8cf9869 code=0x7ffc0000
[  251.145286][   T29] audit: type=1326 audit(1726265326.830:28074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12903 comm="syz.0.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  251.153582][T12902] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  251.168841][   T29] audit: type=1326 audit(1726265326.830:28076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12879 comm="syz.2.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7ff9c8d5def9 code=0x7ffc0000
[  251.178587][T12902] System zones: 0-2, 18-18, 34-35
[  251.201227][   T29] audit: type=1326 audit(1726265326.830:28077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12903 comm="syz.0.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  251.229591][   T29] audit: type=1326 audit(1726265326.830:28078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12903 comm="syz.0.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  251.229906][T12902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.268536][T12902] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.312268][T12913] netlink: 'syz.1.3297': attribute type 10 has an invalid length.
[  251.320273][T12902] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3295: lblock 23 mapped to illegal pblock 18 (length 1)
[  251.344357][T12913] team0: Port device netdevsim1 added
[  251.349205][T12917] loop2: detected capacity change from 0 to 1024
[  251.356618][T12917] EXT4-fs: Ignoring removed nobh option
[  251.366639][T12913] netlink: 'syz.1.3297': attribute type 10 has an invalid length.
[  251.381759][T12918] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3295: lblock 23 mapped to illegal pblock 18 (length 1)
[  251.396924][T12902] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3295: lblock 23 mapped to illegal pblock 18 (length 1)
[  251.398794][T12920] loop0: detected capacity change from 0 to 1024
[  251.418062][T12920] EXT4-fs: dax option not supported
[  251.419664][T12917] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.456444][T12913] pim6reg1: entered promiscuous mode
[  251.461871][T12913] pim6reg1: entered allmulticast mode
[  251.502339][T12902] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3295: lblock 23 mapped to illegal pblock 18 (length 1)
[  251.538614][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.596960][T12236] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.602795][T12935] bridge0: port 3(vlan0) entered blocking state
[  251.612253][T12935] bridge0: port 3(vlan0) entered disabled state
[  251.618665][T12935] vlan0: entered allmulticast mode
[  251.634931][T12935] vlan0: left allmulticast mode
[  251.637881][T12941] loop4: detected capacity change from 0 to 512
[  251.648723][T12941] EXT4-fs: Ignoring removed i_version option
[  251.655969][T12941] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  251.668146][T12941] EXT4-fs (loop4): 1 truncate cleaned up
[  251.691005][T12941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.731432][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  251.954021][T12956] loop1: detected capacity change from 0 to 2048
[  251.974578][T12956] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  252.066638][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.109686][T12964] loop1: detected capacity change from 0 to 512
[  252.120608][T12964] EXT4-fs: Ignoring removed i_version option
[  252.127393][T12964] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  252.147414][T12964] EXT4-fs (loop1): 1 truncate cleaned up
[  252.172868][T12967] loop2: detected capacity change from 0 to 512
[  252.179556][T12964] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.198700][T12967] EXT4-fs: inline encryption not supported
[  252.217652][T12967] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  252.229177][T12967] System zones: 0-2, 18-18, 34-35
[  252.237059][T12967] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.276576][T12967] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  252.339120][T12967] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3316: lblock 23 mapped to illegal pblock 18 (length 1)
[  252.360449][T12983] bridge0: port 3(vlan0) entered blocking state
[  252.366851][T12983] bridge0: port 3(vlan0) entered disabled state
[  252.374434][T12967] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3316: lblock 23 mapped to illegal pblock 18 (length 1)
[  252.390466][T12983] vlan0: entered allmulticast mode
[  252.397713][T12983] vlan0: left allmulticast mode
[  252.434348][T12967] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3316: lblock 23 mapped to illegal pblock 18 (length 1)
[  252.549078][T12236] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.613742][T12967] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3316: lblock 23 mapped to illegal pblock 18 (length 1)
[  252.685925][T12996] loop4: detected capacity change from 0 to 1024
[  252.693985][T12996] EXT4-fs: dax option not supported
[  252.699909][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.765236][T13000] loop3: detected capacity change from 0 to 512
[  252.771575][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  252.794609][T13000] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.3327: corrupted in-inode xattr: invalid ea_ino
[  252.809960][T13000] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3327: couldn't read orphan inode 15 (err -117)
[  252.823530][T13000] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.858976][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.926282][T13013] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  252.992968][T13019] loop3: detected capacity change from 0 to 512
[  252.999598][T13019] EXT4-fs: Ignoring removed i_version option
[  253.006843][T13019] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  253.022849][T13019] EXT4-fs (loop3): 1 truncate cleaned up
[  253.030004][T13019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.113776][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.187625][T13028] loop1: detected capacity change from 0 to 512
[  253.208555][T13028] EXT4-fs: inline encryption not supported
[  253.227195][T13028] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  253.242744][T13028] System zones: 0-2, 18-18, 34-35
[  253.254084][T13028] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.266621][T13028] ext4 filesystem being mounted at /255/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.285363][T13028] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3336: lblock 23 mapped to illegal pblock 18 (length 1)
[  253.300012][T13028] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3336: lblock 23 mapped to illegal pblock 18 (length 1)
[  253.317750][T13028] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3336: lblock 23 mapped to illegal pblock 18 (length 1)
[  253.389349][T13028] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3336: lblock 23 mapped to illegal pblock 18 (length 1)
[  253.438763][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.479848][T13044] syz.1.3340[13044] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.479949][T13044] syz.1.3340[13044] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.500563][T13046] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  253.537749][T13048] syz.4.3343[13048] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.537858][T13048] syz.4.3343[13048] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.629369][T13051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.650225][T13051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.714065][T13052] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3344'.
[  253.821325][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  253.875196][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.938531][T13070] loop4: detected capacity change from 0 to 512
[  253.945158][T13070] EXT4-fs: inline encryption not supported
[  253.964486][T13070] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  253.983096][T13070] System zones: 0-2, 18-18, 34-35
[  253.993118][T13070] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.007460][T13070] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.051475][T13070] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3350: lblock 23 mapped to illegal pblock 18 (length 1)
[  254.072716][T13076] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3350: lblock 23 mapped to illegal pblock 18 (length 1)
[  254.088815][T13070] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3350: lblock 23 mapped to illegal pblock 18 (length 1)
[  254.167538][T13070] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3350: lblock 23 mapped to illegal pblock 18 (length 1)
[  254.246542][T12236] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.311873][T13083] loop4: detected capacity change from 0 to 1024
[  254.318679][T13083] EXT4-fs: dax option not supported
[  254.334894][T13085] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  254.442766][T13093] syz.3.3356[13093] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.442826][T13093] syz.3.3356[13093] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.496493][T13099] loop3: detected capacity change from 0 to 512
[  254.514562][T13099] EXT4-fs: Ignoring removed i_version option
[  254.520954][T13099] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  254.533179][T13099] EXT4-fs (loop3): 1 truncate cleaned up
[  254.539152][T13099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.803083][T13111] loop1: detected capacity change from 0 to 512
[  254.814191][T13111] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[  254.824789][T13111] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002]
[  254.833027][T13111] System zones: 1-12
[  254.837198][T13111] EXT4-fs (loop1): orphan cleanup on readonly fs
[  254.843602][T13111] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.3362: Inode bitmap for bg 0 marked uninitialized
[  254.861308][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  254.869942][T13111] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  254.905446][T13111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.938266][T13111] loop1: detected capacity change from 0 to 512
[  254.946300][T13111] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  254.946303][T13114] loop0: detected capacity change from 0 to 512
[  254.946633][T13114] EXT4-fs: inline encryption not supported
[  254.971734][T13111] EXT4-fs (loop1): orphan cleanup on readonly fs
[  254.990971][T13114] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  255.000412][T13114] System zones: 0-2, 18-18, 34-35
[  255.005587][T13111] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3362: bg 0: block 248: padding at end of block bitmap is not set
[  255.021359][T13114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.031411][T13111] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.3362: Failed to acquire dquot type 1
[  255.034676][T13114] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  255.060453][T13114] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3363: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.061462][T13111] EXT4-fs (loop1): 1 truncate cleaned up
[  255.082285][T13114] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3363: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.088053][T13111] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  255.099098][T13114] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3363: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.109826][T13111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.216986][T13114] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3363: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.236887][T13121] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  255.249710][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.269118][T13123] loop1: detected capacity change from 0 to 1024
[  255.281182][T13123] EXT4-fs: dax option not supported
[  255.362694][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.368542][T13131] syzkaller0: entered promiscuous mode
[  255.377250][T13131] syzkaller0: entered allmulticast mode
[  255.385744][T13131] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  255.561856][T13145] loop4: detected capacity change from 0 to 1024
[  255.568495][T13145] EXT4-fs: dax option not supported
[  255.814401][T13154] loop0: detected capacity change from 0 to 512
[  255.821093][T13154] EXT4-fs: inline encryption not supported
[  255.849028][T13154] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  255.857126][T13154] System zones: 0-2, 18-18, 34-35
[  255.862790][T13154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.876848][T13154] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  255.889390][T13154] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3377: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.903644][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  255.911180][T13154] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3377: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.926183][T13154] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3377: lblock 23 mapped to illegal pblock 18 (length 1)
[  255.980214][T13154] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3377: lblock 23 mapped to illegal pblock 18 (length 1)
[  256.028764][T10601] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.047530][T13158] syz.0.3378[13158] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  256.047570][T13158] syz.0.3378[13158] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  256.060117][   T29] kauditd_printk_skb: 277 callbacks suppressed
[  256.060144][   T29] audit: type=1326 audit(1726265331.870:28354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.109511][   T29] audit: type=1326 audit(1726265331.870:28355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.133158][   T29] audit: type=1326 audit(1726265331.870:28356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.156801][   T29] audit: type=1326 audit(1726265331.870:28357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.180450][   T29] audit: type=1326 audit(1726265331.870:28358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.203939][   T29] audit: type=1326 audit(1726265331.870:28359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.227533][   T29] audit: type=1326 audit(1726265331.870:28360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.251114][   T29] audit: type=1326 audit(1726265331.870:28361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.274739][   T29] audit: type=1326 audit(1726265331.870:28362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.292762][T13167] loop3: detected capacity change from 0 to 512
[  256.298374][   T29] audit: type=1326 audit(1726265331.870:28363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13157 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  256.307850][T13167] EXT4-fs: Ignoring removed i_version option
[  256.335748][T13167] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  256.348279][T13167] EXT4-fs (loop3): 1 truncate cleaned up
[  256.354442][T13167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.380613][T13170] loop1: detected capacity change from 0 to 512
[  256.387473][T13170] EXT4-fs: Ignoring removed i_version option
[  256.409777][T13170] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  256.425276][T13170] EXT4-fs (loop1): 1 truncate cleaned up
[  256.431888][T13170] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.641106][T13185] loop2: detected capacity change from 0 to 512
[  256.659985][T13185] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.3387: corrupted in-inode xattr: invalid ea_ino
[  256.683066][T13185] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.3387: couldn't read orphan inode 15 (err -117)
[  256.705524][T13185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.706969][T13189] loop4: detected capacity change from 0 to 512
[  256.728931][T13189] EXT4-fs: inline encryption not supported
[  256.757846][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.773222][T13189] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  256.782347][T13189] System zones: 0-2, 18-18, 34-35
[  256.789164][T13189] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.821529][T13189] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.852130][T13189] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3388: lblock 23 mapped to illegal pblock 18 (length 1)
[  256.872624][T13189] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3388: lblock 23 mapped to illegal pblock 18 (length 1)
[  256.893732][T13189] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3388: lblock 23 mapped to illegal pblock 18 (length 1)
[  256.931383][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  256.965694][T13189] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 18: comm syz.4.3388: lblock 23 mapped to illegal pblock 18 (length 1)
[  256.990466][T13201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3393'.
[  257.073786][T12236] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.154170][T11067] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.160245][T13203] loop4: detected capacity change from 0 to 1024
[  257.170424][T13203] EXT4-fs: dax option not supported
[  257.292398][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.469002][T13217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.515160][T13217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.869584][T13222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3400'.
[  257.981304][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  258.031897][T13231] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3404'.
[  258.108332][T13233] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  258.154357][T13235] loop2: detected capacity change from 0 to 512
[  258.161107][T13235] EXT4-fs: inline encryption not supported
[  258.173023][T13235] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  258.181056][T13235] System zones: 0-2, 18-18, 34-35
[  258.187326][T13235] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.199917][T13235] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.212749][T13235] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3405: lblock 23 mapped to illegal pblock 18 (length 1)
[  258.227492][T13235] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3405: lblock 23 mapped to illegal pblock 18 (length 1)
[  258.243641][T13235] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3405: lblock 23 mapped to illegal pblock 18 (length 1)
[  258.309410][T13235] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3405: lblock 23 mapped to illegal pblock 18 (length 1)
[  258.337060][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.429017][T13243] loop2: detected capacity change from 0 to 512
[  258.436861][T13243] EXT4-fs: Ignoring removed i_version option
[  258.443531][T13243] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  258.456207][T13243] EXT4-fs (loop2): 1 truncate cleaned up
[  258.462430][T13243] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.887338][T13255] syz.4.3412[13255] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  258.887447][T13255] syz.4.3412[13255] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  258.956494][T13260] loop4: detected capacity change from 0 to 1024
[  258.976195][T13260] EXT4-fs: dax option not supported
[  259.011323][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  259.065349][T13267] loop1: detected capacity change from 0 to 512
[  259.071930][T13267] EXT4-fs: inline encryption not supported
[  259.082626][T13267] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  259.090843][T13267] System zones: 0-2, 18-18, 34-35
[  259.098654][T13267] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.112100][T13267] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  259.129835][T13267] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3416: lblock 23 mapped to illegal pblock 18 (length 1)
[  259.145935][T13267] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3416: lblock 23 mapped to illegal pblock 18 (length 1)
[  259.161105][T13267] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3416: lblock 23 mapped to illegal pblock 18 (length 1)
[  259.240917][T13267] EXT4-fs error (device loop1): ext4_map_blocks:609: inode #2: block 18: comm syz.1.3416: lblock 23 mapped to illegal pblock 18 (length 1)
[  259.312475][T12075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.332766][ T8938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.529354][T13287] loop2: detected capacity change from 0 to 512
[  259.535896][T13287] EXT4-fs: Ignoring removed i_version option
[  259.542555][T13287] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  259.554531][T13287] EXT4-fs (loop2): 1 truncate cleaned up
[  259.560493][T13287] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.588978][T13290] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  259.975636][T13300] loop0: detected capacity change from 0 to 512
[  259.982230][T13300] EXT4-fs: inline encryption not supported
[  259.998579][T13300] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  260.014691][T13300] System zones: 0-2, 18-18, 34-35
[  260.020853][T13300] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.042052][T13300] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3428: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.056328][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  260.064207][T13300] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3428: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.079004][T13300] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3428: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.196287][T13300] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 18: comm syz.0.3428: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.346392][T13315] loop4: detected capacity change from 0 to 512
[  260.363200][T13315] EXT4-fs: Ignoring removed bh option
[  260.379498][T13317] loop0: detected capacity change from 0 to 2048
[  260.401437][T13321] loop1: detected capacity change from 0 to 1024
[  260.409792][T13315] ext4 filesystem being mounted at /49/w��5�T��)�`)Y�F�nA��@T<�3�ڂ$���r�cnH�<�p�r��>�wC�" ��-������8 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.433210][T13321] EXT4-fs: dax option not supported
[  260.462529][T13315] EXT4-fs error (device loop4): ext4_add_entry:2435: inode #2: comm syz.4.3432: Directory hole found for htree leaf block 0
[  260.479200][T13315] usb usb8: usbfs: process 13315 (syz.4.3432) did not claim interface 0 before use
[  260.488749][T13315] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  260.689156][T13349] loop3: detected capacity change from 0 to 512
[  260.695875][T13349] EXT4-fs: inline encryption not supported
[  260.712224][T13349] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  260.720250][T13349] System zones: 0-2, 18-18, 34-35
[  260.727553][T13349] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.740701][T13349] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3445: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.756048][T13349] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3445: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.771079][T13349] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3445: lblock 23 mapped to illegal pblock 18 (length 1)
[  260.861320][T13353] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  260.873414][T13349] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.3445: lblock 23 mapped to illegal pblock 18 (length 1)
[  261.067289][   T29] kauditd_printk_skb: 605 callbacks suppressed
[  261.067357][   T29] audit: type=1326 audit(1726265336.880:28969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f94b7554ea7 code=0x7ffc0000
[  261.099046][   T29] audit: type=1326 audit(1726265336.910:28970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f94b74f9869 code=0x7ffc0000
[  261.101300][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  261.122611][   T29] audit: type=1326 audit(1726265336.910:28971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f94b7554ea7 code=0x7ffc0000
[  261.153014][   T29] audit: type=1326 audit(1726265336.910:28972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f94b74f9869 code=0x7ffc0000
[  261.176492][   T29] audit: type=1326 audit(1726265336.910:28973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  261.208550][   T29] audit: type=1326 audit(1726265336.940:28974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f94b7554ea7 code=0x7ffc0000
[  261.226097][T13357] loop3: detected capacity change from 0 to 512
[  261.232055][   T29] audit: type=1326 audit(1726265336.940:28975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f94b74f9869 code=0x7ffc0000
[  261.239120][T13357] EXT4-fs: Ignoring removed i_version option
[  261.261861][   T29] audit: type=1326 audit(1726265336.940:28976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f94b755def9 code=0x7ffc0000
[  261.271292][T13357] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  261.291516][   T29] audit: type=1326 audit(1726265336.940:28977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f94b7554ea7 code=0x7ffc0000
[  261.323055][T13357] EXT4-fs (loop3): 1 truncate cleaned up
[  261.325049][   T29] audit: type=1326 audit(1726265336.940:28978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13344 comm="syz.0.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f94b74f9869 code=0x7ffc0000
[  261.571021][T13374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.581329][T13374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.829335][T13378] loop2: detected capacity change from 0 to 2048
[  262.131347][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  262.495066][T13413] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  262.518896][T13415] syz.3.3467[13415] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.518980][T13415] syz.3.3467[13415] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.606402][T13417] loop3: detected capacity change from 0 to 512
[  262.625827][T13417] EXT4-fs: Ignoring removed i_version option
[  262.632277][T13417] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  262.644793][T13417] EXT4-fs (loop3): 1 truncate cleaned up
[  262.934692][T13425] loop2: detected capacity change from 0 to 512
[  262.951804][T13425] EXT4-fs: inline encryption not supported
[  262.972679][T13425] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a843c018, mo2=0002]
[  262.983072][T13425] System zones: 0-2, 18-18, 34-35
[  262.994189][T13425] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.054695][T13425] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3470: lblock 23 mapped to illegal pblock 18 (length 1)
[  263.072415][T13433] FAULT_INJECTION: forcing a failure.
[  263.072415][T13433] name failslab, interval 1, probability 0, space 0, times 0
[  263.085057][T13433] CPU: 1 UID: 0 PID: 13433 Comm: syz.0.3473 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  263.095845][T13433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  263.105940][T13433] Call Trace:
[  263.109235][T13433]  <TASK>
[  263.112173][T13433]  dump_stack_lvl+0xf2/0x150
[  263.116790][T13433]  dump_stack+0x15/0x20
[  263.120956][T13433]  should_fail_ex+0x229/0x230
[  263.125698][T13433]  ? audit_log_start+0x34c/0x6b0
[  263.130663][T13433]  should_failslab+0x8f/0xb0
[  263.135338][T13433]  kmem_cache_alloc_noprof+0x4c/0x290
[  263.140746][T13433]  audit_log_start+0x34c/0x6b0
[  263.145606][T13433]  ? kmem_cache_free+0xd8/0x280
[  263.150497][T13433]  audit_seccomp+0x4b/0x130
[  263.155042][T13433]  __seccomp_filter+0x6fa/0x1180
[  263.160003][T13433]  ? proc_fail_nth_write+0x130/0x160
[  263.165373][T13433]  ? __fdget+0x105/0x110
[  263.169768][T13433]  __secure_computing+0x9f/0x1c0
[  263.174813][T13433]  syscall_trace_enter+0xd1/0x1f0
[  263.179939][T13433]  ? fpregs_assert_state_consistent+0x83/0xa0
[  263.186047][T13433]  do_syscall_64+0xaa/0x1c0
[  263.190596][T13433]  ? clear_bhb_loop+0x55/0xb0
[  263.195282][T13433]  ? clear_bhb_loop+0x55/0xb0
[  263.199975][T13433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.205897][T13433] RIP: 0033:0x7f94b755c93c
[  263.210344][T13433] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  263.230108][T13433] RSP: 002b:00007f94b61d1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  263.238531][T13433] RAX: ffffffffffffffda RBX: 00007f94b7715f80 RCX: 00007f94b755c93c
[  263.246577][T13433] RDX: 000000000000000f RSI: 00007f94b61d10a0 RDI: 0000000000000005
[  263.254554][T13433] RBP: 00007f94b61d1090 R08: 0000000000000000 R09: 0000000000000000
[  263.262526][T13433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.270511][T13433] R13: 0000000000000000 R14: 00007f94b7715f80 R15: 00007ffcb4048838
[  263.278618][T13433]  </TASK>
[  263.281747][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  263.307550][T13434] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3470: lblock 23 mapped to illegal pblock 18 (length 1)
[  263.327668][T13436] netlink: 'syz.1.3474': attribute type 29 has an invalid length.
[  263.336549][T13425] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3470: lblock 23 mapped to illegal pblock 18 (length 1)
[  263.353305][T13436] netlink: 'syz.1.3474': attribute type 29 has an invalid length.
[  263.465605][T13443] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  263.517392][T13425] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.3470: lblock 23 mapped to illegal pblock 18 (length 1)
[  263.539300][T13450] bridge0: port 3(vlan0) entered blocking state
[  263.545632][T13450] bridge0: port 3(vlan0) entered disabled state
[  263.554611][T13450] vlan0: entered allmulticast mode
[  263.560303][T13450] vlan0: left allmulticast mode
[  263.646760][T13461] syz.2.3483[13461] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  263.646834][T13461] syz.2.3483[13461] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  263.700855][T13466] loop2: detected capacity change from 0 to 2048
[  263.811698][T13474] xt_CT: No such helper "netbios-ns"
[  263.818244][T13474] FAULT_INJECTION: forcing a failure.
[  263.818244][T13474] name failslab, interval 1, probability 0, space 0, times 0
[  263.830877][T13474] CPU: 1 UID: 0 PID: 13474 Comm: syz.2.3487 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  263.841858][T13474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  263.851947][T13474] Call Trace:
[  263.855259][T13474]  <TASK>
[  263.858268][T13474]  dump_stack_lvl+0xf2/0x150
[  263.862869][T13474]  dump_stack+0x15/0x20
[  263.867028][T13474]  should_fail_ex+0x229/0x230
[  263.871719][T13474]  ? __alloc_skb+0x10b/0x310
[  263.876372][T13474]  should_failslab+0x8f/0xb0
[  263.880982][T13474]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[  263.886803][T13474]  __alloc_skb+0x10b/0x310
[  263.891381][T13474]  netlink_alloc_large_skb+0xad/0xe0
[  263.896676][T13474]  netlink_sendmsg+0x3b4/0x6e0
[  263.901453][T13474]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.906743][T13474]  __sock_sendmsg+0x140/0x180
[  263.911491][T13474]  ____sys_sendmsg+0x312/0x410
[  263.916286][T13474]  __sys_sendmsg+0x1e9/0x280
[  263.920903][T13474]  __x64_sys_sendmsg+0x46/0x50
[  263.925728][T13474]  x64_sys_call+0x2689/0x2d60
[  263.930474][T13474]  do_syscall_64+0xc9/0x1c0
[  263.934995][T13474]  ? clear_bhb_loop+0x55/0xb0
[  263.939681][T13474]  ? clear_bhb_loop+0x55/0xb0
[  263.944361][T13474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.950355][T13474] RIP: 0033:0x7ff9c8d5def9
[  263.954770][T13474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.974424][T13474] RSP: 002b:00007ff9c79d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.982844][T13474] RAX: ffffffffffffffda RBX: 00007ff9c8f15f80 RCX: 00007ff9c8d5def9
[  263.990815][T13474] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000008
[  263.998891][T13474] RBP: 00007ff9c79d7090 R08: 0000000000000000 R09: 0000000000000000
[  264.006952][T13474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.014985][T13474] R13: 0000000000000000 R14: 00007ff9c8f15f80 R15: 00007ffd9a787cb8
[  264.022972][T13474]  </TASK>
[  264.127889][T13480] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13480 comm=syz.2.3488
[  264.238605][T13482] loop2: detected capacity change from 0 to 512
[  264.245150][T13482] EXT4-fs: Ignoring removed i_version option
[  264.251838][T13482] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  264.263810][T13482] EXT4-fs (loop2): 1 truncate cleaned up
[  264.291344][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  264.433712][T13487] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  264.453091][T13482] ==================================================================
[  264.461197][T13482] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / writeback_single_inode
[  264.470430][T13482] 
[  264.472760][T13482] write to 0xffff888106de4ac8 of 8 bytes by task 13484 on cpu 0:
[  264.480481][T13482]  writeback_single_inode+0x10e/0x4a0
[  264.485877][T13482]  sync_inode_metadata+0x5c/0x90
[  264.490835][T13482]  generic_buffers_fsync_noflush+0xe4/0x130
[  264.496748][T13482]  ext4_sync_file+0x20b/0x6c0
[  264.501440][T13482]  vfs_fsync_range+0x122/0x140
[  264.506211][T13482]  ext4_buffered_write_iter+0x338/0x380
[  264.511755][T13482]  ext4_file_write_iter+0x29f/0xe30
[  264.516974][T13482]  iter_file_splice_write+0x5e6/0x970
[  264.522366][T13482]  direct_splice_actor+0x16c/0x2c0
[  264.527477][T13482]  splice_direct_to_actor+0x305/0x670
[  264.532875][T13482]  do_splice_direct+0xd7/0x150
[  264.537665][T13482]  do_sendfile+0x3ab/0x950
[  264.542196][T13482]  __x64_sys_sendfile64+0x110/0x150
[  264.547408][T13482]  x64_sys_call+0xed5/0x2d60
[  264.552016][T13482]  do_syscall_64+0xc9/0x1c0
[  264.556538][T13482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.562451][T13482] 
[  264.564793][T13482] read to 0xffff888106de4ac8 of 8 bytes by task 13482 on cpu 1:
[  264.572446][T13482]  generic_buffers_fsync_noflush+0x89/0x130
[  264.578363][T13482]  ext4_sync_file+0x20b/0x6c0
[  264.583043][T13482]  vfs_fsync_range+0x122/0x140
[  264.587823][T13482]  ext4_buffered_write_iter+0x338/0x380
[  264.593380][T13482]  ext4_file_write_iter+0x29f/0xe30
[  264.598584][T13482]  iter_file_splice_write+0x5e6/0x970
[  264.603975][T13482]  direct_splice_actor+0x16c/0x2c0
[  264.609083][T13482]  splice_direct_to_actor+0x305/0x670
[  264.614482][T13482]  do_splice_direct+0xd7/0x150
[  264.619276][T13482]  do_sendfile+0x3ab/0x950
[  264.623704][T13482]  __x64_sys_sendfile64+0x110/0x150
[  264.628930][T13482]  x64_sys_call+0xed5/0x2d60
[  264.633537][T13482]  do_syscall_64+0xc9/0x1c0
[  264.638044][T13482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.643963][T13482] 
[  264.646286][T13482] value changed: 0x0000000000000005 -> 0x0000000000000080
[  264.653387][T13482] 
[  264.655715][T13482] Reported by Kernel Concurrency Sanitizer on:
[  264.661967][T13482] CPU: 1 UID: 0 PID: 13482 Comm: syz.2.3489 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0
[  264.672737][T13482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  264.683319][T13482] ==================================================================
[  265.331316][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  266.371327][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  267.421329][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  268.451588][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  269.491337][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  270.531322][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  271.571338][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  272.621310][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  273.651356][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available