last executing test programs:

2.667934394s ago: executing program 0 (id=4098):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x220, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000500], 0x7, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000875bf98d000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e2a30456b880000145b41fe6900000079616d3000000000000000000000000079616d3000000000000000000000000076657468315f742f5f626f6e640000001180c20000000000000000000180c200000000faffffffffffffff0000006701000090010000737461746973746963000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000008dadb8e3646e617400000000ff0300000000000000000000000000000000000010000100000000000000ff000000006e666c010000000000000000000000000000000000000000000000000000ff0050000000121b6eb244d4f0fffbf04a000000007e4b000022d4e27ebdf3b9dc569e338e2c551c2fc4a19597ba4c501c8b1f16fb7809c40aee86f4fe16383d2afb577ed2bb6dd99f024b3f54ba00000000415544495400000000000000000000000000000000000000000000000000000008000000000000200000000000000000000200"/540]}, 0x294)

2.644512776s ago: executing program 0 (id=4100):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f00000001c0)={[{@dioread_lock}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@auto_da_alloc}, {@noquota}, {@grpquota}, {@barrier_val}, {@grpjquota}, {@jqfmt_vfsold}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r0, 0x2007ffb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r0, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r3)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_crash_size', 0x62841, 0x0)
write$P9_RSTATu(r5, &(0x7f0000000f40)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x58)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0)
r7 = open(&(0x7f0000000f00)='./bus\x00', 0x161142, 0x6)
r8 = open(&(0x7f0000007f80)='./bus\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x1000000201005)

2.485724151s ago: executing program 1 (id=4105):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x9, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xfdef)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000300000000000000000800", @ANYRES32=r0, @ANYRES64=r0, @ANYRES32=0x0, @ANYRESDEC=r0, @ANYRES64=r0], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r6, 0x0)
setsockopt$RDS_FREE_MR(r6, 0x114, 0x3, &(0x7f0000000140)={{0x2f8, 0xd}, 0x20}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000018000380140001007665746830"], 0xfc}, 0x1, 0x0, 0x0, 0x240400c0}, 0x880)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
writev(r7, &(0x7f0000000300)=[{&(0x7f00000000c0)="c057", 0x2}], 0x1)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x1}, 0x14002}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.770991617s ago: executing program 0 (id=4116):
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2719, 0x0, &(0x7f0000000040))
recvmsg$can_raw(r0, &(0x7f0000000c40)={&(0x7f0000000a40)=@xdp, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000ac0)=""/78, 0x4e}], 0x1, &(0x7f0000000b80)=""/172, 0xac}, 0x2)

1.648429718s ago: executing program 1 (id=4120):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={0x0}}, 0x0)

1.593983633s ago: executing program 1 (id=4121):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000001500000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000954b783af51de19e996477f9aa0863bf9ab5da5623bf59ededdd269210c4ad6cba37f223cf67c5b0652f0fcde3988d10f710d8a9c8551ebd3a771e74cf7850083775294e9f5e13c3307558e8cd5221557b9a26230d9e39373b6bd2b7d9f04355dfdf32e4d141e22d3d58ab04f899233d73c1fc4146ebf12971163739bd32955d594f6a64a991a1335789661f93ce2ada25186a9ff2b64c3976a094a76e94372afce1be2051381ab3a03a3df87dff16fd26a2f081c11a92727b3503839c8726bdc59677d6"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19991625, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x48842, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, &(0x7f0000000140)={'xfrm0\x00', {0x2, 0x4e21, @empty}})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
timerfd_create(0x0, 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
msgsnd(0x0, &(0x7f0000000540)=ANY=[], 0xfd1, 0x0)

1.369566394s ago: executing program 4 (id=4127):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
io_setup(0x1000, &(0x7f0000000280)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x4000, 0x0, 0x1, 0x0, r2, &(0x7f0000000a80)="a975df206ea5", 0x6}])

1.325217378s ago: executing program 4 (id=4129):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x0, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda98801d202001400128009000100766c61b96ed0febf5b7609ebf8a8d07ae770087ba3be0176bf0083000000271271c380733d4645"], 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newlink={0x34, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x34}}, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804)

1.159104443s ago: executing program 4 (id=4133):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x9, 0xb7, 0x4, 0x37, 0x0, 0x8001, 0x2, 0x9, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2000000, 0x5, @perf_config_ext={0x6, 0x2004}, 0x5080, 0x1000000000e1, 0x80000000, 0x7, 0x4, 0xb96, 0x10, 0x0, 0x1, 0x0, 0x80000000}, 0xffffffffffffffff, 0x5, r0, 0x1)
write$UHID_CREATE2(r0, &(0x7f0000000100)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2284, &(0x7f0000000000)=0x2000000)
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)

1.118617897s ago: executing program 4 (id=4135):
pipe2$9p(&(0x7f0000000240), 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957eff13d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000af3b30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

1.118307527s ago: executing program 3 (id=4136):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1a00000004000000080000000b00bcaab381bd6209fcf6000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
pipe(&(0x7f00000001c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="090000001000000000f2ff3f0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008000f000000000008000a"], 0x44}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = io_uring_setup(0x3e76, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
unshare(0x2040400)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
unshare(0x2000400)
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)

1.117885847s ago: executing program 3 (id=4137):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000a00), 0x80402, 0x0)
write$cgroup_int(r1, 0x0, 0x2)

1.052430353s ago: executing program 3 (id=4138):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd3, 0x0, 0x0, 0x0, 0x1}, [@func={0x85, 0x0, 0x1, 0x0, 0x4}]}, &(0x7f0000000180)='syzkaller\x00', 0x4fb8, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x1, 0x10, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0xffffffffffffffff], 0x0, 0x10, 0x8000, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./bus\x00', 0x20081e, &(0x7f00000020c0), 0x1, 0x4ef, &(0x7f0000000a00)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000a50000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
inotify_rm_watch(0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r1, 0x0, 0x0, 0x1000f4)
write$binfmt_format(r1, &(0x7f0000000340)='-1\x00', 0x3)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001900010028bd7000fbdbdf251d01020008000900", @ANYRES32, @ANYBLOB="08000a00e1"], 0x24}, 0x1, 0x0, 0x0, 0x4048855}, 0x30004016)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0)

1.039065584s ago: executing program 3 (id=4139):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x82, &(0x7f0000000040), 0x1, 0x4d6, &(0x7f0000000740)="$eJzs3EFsVEUfAPD/27a0QPnoh4iCqEU0NhpbKCgcTAxGEw+aGPGgx6YtBFmooTURQmRJDB4NiXfj0asHr+rNcDLxikcTQ0IMF8DTM2/3bXe73V3a7bYr9PdLlp2Znbczs/Pm7bwZtgFsWqPZP0nEcETcjIidEVFozDBaebp35/L0/TuXp6OUpif/TrLD4m4WzyX58/Y8MlaIKHyZ1F6oM3/x0tmpYnH2Qh6fWDj36cT8xUuvnDk3dXr29Oz5yePHjx45fOy1yVdX36gm5WXturvvi7n9e9/5+Pp70/3V9KH8ub4d3TIao82qUvZCtwvrsR114aS/Xc431r8yrFh2/mfdNVAe/zujL9p2HvAISdM0HWz9ciltdHVZCvDQSqLXNQB6o/pFn93/Vh/NJgJb1mf60XO3T1RugLJ238sfEc+WE6vrIAMN97fdNBoRH5X++TZ7xDqtQwAA1Pv5RHUm2DD/G4nYU5fvf/keykhE/D8idkXEYxGxOyIej0reJyLiyYb374uItE35ow3x5fOfwq21tbC9bP73er63VZv/Rf0u2EhfHtsRUZ0wzx7KP5OxGBg8daY4e7hNGb+89fvXrV6rn/9lj6z86lwwr8et/oYFupmphamOG9zg9tWIff2N7U/6I5LFnYAkIvZGxL5VvO9IXfjMS9/vX4wMLM334PaXpU330bqwVZF+F/Fipf9LsaT/ayUm7fcnJ4aiOHtoIjsLDjUt48Zv195vVf4D2//jn42HvH3sp5P5yFq7rP+31Z3/Ud2/rbV/JIlIFvdr51dfxrU/vmp5T9Pp+b8l+bAcrt6Xfj61sHDhcMSW5N3l6ZO1Y6vx7DlKlfaPHWw+/nflx2SfxFMRkZ3ET0fEM1G5QxyN9MqBiHguIg62af+vbz7/SeftX19Z+2eaXv+W9H9tvz4LZKkXlqRMFZNSJXctZTHQd/bAzfstLh4r6/+j5dBYntL8+pcsuUQsr0XzwBo/PgAAAHgoFCJiuG4taTgKhfHxyhrQ7thWKM7NL7x8au6z8zOV3wiMxEChutJVWQ8eSKrrnyN18cmG+JF83fibvq3l+Pj0XHGmpy0HtpfHfFIYX7wWVMZ/5q/uLDED/2V+8gOb14PG/57rG1QRYMP5/ofNq278l1pkKfmfMvBoWsn3v7VAeDQ1G/9XOjgGeLikxjJsaqsZ/0vz3tjZ9coAG6o/PlgMF3paE2Cjmf/DprSiH8l3HEgHm780FMszx1D7N+yLzqqxtUlZPQlkM6uelL61k6Oqf02hZZ4orO4NB5f9yYjO+vTU2j+W03u6fvKn+f5Yt3vwhw0Zp80C7a8bk8Prd00CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopn8DAAD//7x926o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000004e6ff00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4, 0x0, 0x8}, 0x18)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getcwd(&(0x7f0000000340)=""/235, 0xeb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1267, 0x1000000000000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000000400eba18d1d1b0000ff0f0000050000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, [@call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r8}, 0x18)
r9 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$binfmt_misc(r9, &(0x7f0000000140), 0x10)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f0000000000)=ANY=[@ANYRES32=r7])
syz_clone(0x64289200, 0x0, 0x0, 0x0, 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000000)={0x10, 0x0, "31eacb679f3f4fd24dc9671ab34480d5"})

942.262233ms ago: executing program 4 (id=4140):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0x0, 0x0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f000067d000/0x1000)=nil, 0x1000, 0x2, 0x10010, 0xffffffffffffffff, 0x8000000)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r1, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000100)='net_dev_xmit\x00', r6}, 0x10)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)

891.965648ms ago: executing program 0 (id=4141):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0x0, 0x1800}], 0x1, 0x0)

848.711472ms ago: executing program 0 (id=4143):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x0, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda98801d202001400128009000100766c61b96ed0febf5b7609ebf8a8d07ae770087ba3be0176bf0083000000271271c380733d4645"], 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newlink={0x34, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x34}}, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804)

769.989769ms ago: executing program 2 (id=4145):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x9, 0xb7, 0x4, 0x37, 0x0, 0x8001, 0x2, 0x9, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2000000, 0x5, @perf_config_ext={0x6, 0x2004}, 0x5080, 0x1000000000e1, 0x80000000, 0x7, 0x4, 0xb96, 0x10, 0x0, 0x1, 0x0, 0x80000000}, 0xffffffffffffffff, 0x5, r0, 0x1)
write$UHID_CREATE2(r0, &(0x7f0000000100)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2284, &(0x7f0000000000)=0x2000000)
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)

707.284755ms ago: executing program 1 (id=4146):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000000, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=")
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_es_find_extent_range_exit\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000100), 0x1001)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000188500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000004c0)='kmem_cache_free\x00', r5}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @multicast1}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0)

706.852705ms ago: executing program 2 (id=4147):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuset.effective_mems\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
msgsnd(0x0, 0x0, 0xfd1, 0x0)

577.420407ms ago: executing program 2 (id=4148):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1a00000004000000080000000b00bcaab381bd6209fcf6000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
pipe(&(0x7f00000001c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="090000001000000000f2ff3f0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008000f000000000008000a"], 0x44}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
io_uring_setup(0x3e76, &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
unshare(0x2040400)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
unshare(0x2000400)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)

517.634792ms ago: executing program 1 (id=4149):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000a00), 0x80402, 0x0)
write$cgroup_int(r1, 0x0, 0x2)

486.012855ms ago: executing program 2 (id=4150):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000a00), 0x80402, 0x0)
write$cgroup_int(r2, 0x0, 0x2)

472.473956ms ago: executing program 1 (id=4151):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x82, &(0x7f0000000040), 0x1, 0x4d6, &(0x7f0000000740)="$eJzs3EFsVEUfAPD/27a0QPnoh4iCqEU0NhpbKCgcTAxGEw+aGPGgx6YtBFmooTURQmRJDB4NiXfj0asHr+rNcDLxikcTQ0IMF8DTM2/3bXe73V3a7bYr9PdLlp2Znbczs/Pm7bwZtgFsWqPZP0nEcETcjIidEVFozDBaebp35/L0/TuXp6OUpif/TrLD4m4WzyX58/Y8MlaIKHyZ1F6oM3/x0tmpYnH2Qh6fWDj36cT8xUuvnDk3dXr29Oz5yePHjx45fOy1yVdX36gm5WXturvvi7n9e9/5+Pp70/3V9KH8ub4d3TIao82qUvZCtwvrsR114aS/Xc431r8yrFh2/mfdNVAe/zujL9p2HvAISdM0HWz9ciltdHVZCvDQSqLXNQB6o/pFn93/Vh/NJgJb1mf60XO3T1RugLJ238sfEc+WE6vrIAMN97fdNBoRH5X++TZ7xDqtQwAA1Pv5RHUm2DD/G4nYU5fvf/keykhE/D8idkXEYxGxOyIej0reJyLiyYb374uItE35ow3x5fOfwq21tbC9bP73er63VZv/Rf0u2EhfHtsRUZ0wzx7KP5OxGBg8daY4e7hNGb+89fvXrV6rn/9lj6z86lwwr8et/oYFupmphamOG9zg9tWIff2N7U/6I5LFnYAkIvZGxL5VvO9IXfjMS9/vX4wMLM334PaXpU330bqwVZF+F/Fipf9LsaT/ayUm7fcnJ4aiOHtoIjsLDjUt48Zv195vVf4D2//jn42HvH3sp5P5yFq7rP+31Z3/Ud2/rbV/JIlIFvdr51dfxrU/vmp5T9Pp+b8l+bAcrt6Xfj61sHDhcMSW5N3l6ZO1Y6vx7DlKlfaPHWw+/nflx2SfxFMRkZ3ET0fEM1G5QxyN9MqBiHguIg62af+vbz7/SeftX19Z+2eaXv+W9H9tvz4LZKkXlqRMFZNSJXctZTHQd/bAzfstLh4r6/+j5dBYntL8+pcsuUQsr0XzwBo/PgAAAHgoFCJiuG4taTgKhfHxyhrQ7thWKM7NL7x8au6z8zOV3wiMxEChutJVWQ8eSKrrnyN18cmG+JF83fibvq3l+Pj0XHGmpy0HtpfHfFIYX7wWVMZ/5q/uLDED/2V+8gOb14PG/57rG1QRYMP5/ofNq278l1pkKfmfMvBoWsn3v7VAeDQ1G/9XOjgGeLikxjJsaqsZ/0vz3tjZ9coAG6o/PlgMF3paE2Cjmf/DprSiH8l3HEgHm780FMszx1D7N+yLzqqxtUlZPQlkM6uelL61k6Oqf02hZZ4orO4NB5f9yYjO+vTU2j+W03u6fvKn+f5Yt3vwhw0Zp80C7a8bk8Prd00CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopn8DAAD//7x926o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000004e6ff00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4, 0x0, 0x8}, 0x18)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getcwd(&(0x7f0000000340)=""/235, 0xeb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1267, 0x1000000000000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000000400eba18d1d1b0000ff0f0000050000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, [@call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r8}, 0x18)
r9 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$binfmt_misc(r9, &(0x7f0000000140), 0x10)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f0000000000)=ANY=[@ANYRES32=r7])
syz_clone(0x64289200, 0x0, 0x0, 0x0, 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000000)={0x10, 0x0, "31eacb679f3f4fd24dc9671ab34480d5"})

426.436651ms ago: executing program 2 (id=4152):
move_pages(0x0, 0x0, &(0x7f0000000340), 0xffffffffffffffff, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0x13, &(0x7f0000000980)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20010, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
accept$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @broadcast}, &(0x7f0000000340)=0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0)

265.686525ms ago: executing program 0 (id=4153):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x82, &(0x7f0000000040), 0x1, 0x4d6, &(0x7f0000000740)="$eJzs3EFsVEUfAPD/27a0QPnoh4iCqEU0NhpbKCgcTAxGEw+aGPGgx6YtBFmooTURQmRJDB4NiXfj0asHr+rNcDLxikcTQ0IMF8DTM2/3bXe73V3a7bYr9PdLlp2Znbczs/Pm7bwZtgFsWqPZP0nEcETcjIidEVFozDBaebp35/L0/TuXp6OUpif/TrLD4m4WzyX58/Y8MlaIKHyZ1F6oM3/x0tmpYnH2Qh6fWDj36cT8xUuvnDk3dXr29Oz5yePHjx45fOy1yVdX36gm5WXturvvi7n9e9/5+Pp70/3V9KH8ub4d3TIao82qUvZCtwvrsR114aS/Xc431r8yrFh2/mfdNVAe/zujL9p2HvAISdM0HWz9ciltdHVZCvDQSqLXNQB6o/pFn93/Vh/NJgJb1mf60XO3T1RugLJ238sfEc+WE6vrIAMN97fdNBoRH5X++TZ7xDqtQwAA1Pv5RHUm2DD/G4nYU5fvf/keykhE/D8idkXEYxGxOyIej0reJyLiyYb374uItE35ow3x5fOfwq21tbC9bP73er63VZv/Rf0u2EhfHtsRUZ0wzx7KP5OxGBg8daY4e7hNGb+89fvXrV6rn/9lj6z86lwwr8et/oYFupmphamOG9zg9tWIff2N7U/6I5LFnYAkIvZGxL5VvO9IXfjMS9/vX4wMLM334PaXpU330bqwVZF+F/Fipf9LsaT/ayUm7fcnJ4aiOHtoIjsLDjUt48Zv195vVf4D2//jn42HvH3sp5P5yFq7rP+31Z3/Ud2/rbV/JIlIFvdr51dfxrU/vmp5T9Pp+b8l+bAcrt6Xfj61sHDhcMSW5N3l6ZO1Y6vx7DlKlfaPHWw+/nflx2SfxFMRkZ3ET0fEM1G5QxyN9MqBiHguIg62af+vbz7/SeftX19Z+2eaXv+W9H9tvz4LZKkXlqRMFZNSJXctZTHQd/bAzfstLh4r6/+j5dBYntL8+pcsuUQsr0XzwBo/PgAAAHgoFCJiuG4taTgKhfHxyhrQ7thWKM7NL7x8au6z8zOV3wiMxEChutJVWQ8eSKrrnyN18cmG+JF83fibvq3l+Pj0XHGmpy0HtpfHfFIYX7wWVMZ/5q/uLDED/2V+8gOb14PG/57rG1QRYMP5/ofNq278l1pkKfmfMvBoWsn3v7VAeDQ1G/9XOjgGeLikxjJsaqsZ/0vz3tjZ9coAG6o/PlgMF3paE2Cjmf/DprSiH8l3HEgHm780FMszx1D7N+yLzqqxtUlZPQlkM6uelL61k6Oqf02hZZ4orO4NB5f9yYjO+vTU2j+W03u6fvKn+f5Yt3vwhw0Zp80C7a8bk8Prd00CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopn8DAAD//7x926o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000004e6ff00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4, 0x0, 0x8}, 0x18)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
getcwd(&(0x7f0000000340)=""/235, 0xeb)
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1267, 0x1000000000000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000000400eba18d1d1b0000ff0f0000050000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, [@call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r7}, 0x18)
r8 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$binfmt_misc(r8, &(0x7f0000000140), 0x10)
syz_clone(0x64289200, 0x0, 0x0, 0x0, 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000000)={0x10, 0x0, "31eacb679f3f4fd24dc9671ab34480d5"})

183.093113ms ago: executing program 3 (id=4154):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0x0, 0x1800}], 0x1, 0x0)

923.53µs ago: executing program 2 (id=4155):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f00000001c0)={[{@dioread_lock}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@auto_da_alloc}, {@noquota}, {@grpquota}, {@barrier_val}, {@grpjquota}, {@jqfmt_vfsold}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r0, 0x2007ffb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r0, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r3)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_crash_size', 0x62841, 0x0)
write$P9_RSTATu(r5, &(0x7f0000000f40)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x58)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0)
r7 = open(&(0x7f0000000f00)='./bus\x00', 0x161142, 0x6)
r8 = open(&(0x7f0000007f80)='./bus\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x1000000201005)

713.81µs ago: executing program 3 (id=4156):
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="3000000001000000080000", @ANYRES32], 0x50)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2719, 0x0, &(0x7f0000000040))
recvmsg$can_raw(r1, &(0x7f0000000c40)={&(0x7f0000000a40)=@xdp, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000ac0)=""/78, 0x4e}], 0x1, &(0x7f0000000b80)=""/172, 0xac}, 0x2)

0s ago: executing program 4 (id=4157):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000001500000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000954b783af51de19e996477f9aa0863bf9ab5da5623bf59ededdd269210c4ad6cba37f223cf67c5b0652f0fcde3988d10f710d8a9c8551ebd3a771e74cf7850083775294e9f5e13c3307558e8cd5221557b9a26230d9e39373b6bd2b7d9f04355dfdf32e4d141e22d3d58ab04f899233d73c1fc4146ebf12971163739bd32955d594f6a64a991a1335789661f93ce2ada25186a9ff2b64c3976a094a76e94372afce1be2051381ab3a03a3df87dff16fd26a2f081c11a92727b3503839c8726bdc59677d6"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19991625, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000140)={'xfrm0\x00', {0x2, 0x4e21, @empty}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
timerfd_create(0x0, 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
msgsnd(0x0, &(0x7f0000000540)=ANY=[], 0xfd1, 0x0)

kernel console output (not intermixed with test programs):

j=root:sysadm_r:sysadm_t pid=26114 comm="syz.0.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  344.822860][   T29] audit: type=1326 audit(1728356220.472:17338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26114 comm="syz.0.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  344.846668][   T29] audit: type=1326 audit(1728356220.472:17339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26114 comm="syz.0.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  344.870608][   T29] audit: type=1326 audit(1728356220.472:17340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26114 comm="syz.0.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  344.894452][   T29] audit: type=1326 audit(1728356220.472:17341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26114 comm="syz.0.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  344.918133][   T29] audit: type=1326 audit(1728356220.472:17342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26114 comm="syz.0.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  344.982473][   T29] audit: type=1326 audit(1728356220.542:17343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26131 comm="syz.3.3170" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2536e9dff9 code=0x0
[  345.360756][T26223] loop4: detected capacity change from 0 to 2048
[  345.378257][T26223] EXT4-fs mount: 2 callbacks suppressed
[  345.378273][T26223] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.481766][T26240] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3175: bg 0: block 234: padding at end of block bitmap is not set
[  345.497498][T26240] EXT4-fs (loop4): Remounting filesystem read-only
[  345.522381][T23280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.590100][T26258] wireguard0: entered promiscuous mode
[  345.595678][T26258] wireguard0: entered allmulticast mode
[  345.681049][T26274] lo speed is unknown, defaulting to 1000
[  345.734440][T26284] loop3: detected capacity change from 0 to 1024
[  345.747350][T26284] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.796553][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.926194][T26298] loop1: detected capacity change from 0 to 2048
[  345.983379][T26298] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.042864][T26309] syz.0.3185[26309] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  346.043101][T26309] syz.0.3185[26309] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  346.054730][T26309] syz.0.3185[26309] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  346.060994][T26310] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3181: bg 0: block 234: padding at end of block bitmap is not set
[  346.092748][T26310] EXT4-fs (loop1): Remounting filesystem read-only
[  346.138340][T25678] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.190984][T26320] loop1: detected capacity change from 0 to 512
[  346.328971][T26323] lo speed is unknown, defaulting to 1000
[  347.060536][T26339] syz.0.3195[26339] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.060603][T26339] syz.0.3195[26339] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.094838][T26341] syz.0.3196[26341] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.106722][T26341] syz.0.3196[26341] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.119123][T26341] syz.0.3196[26341] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.228592][T26345] loop1: detected capacity change from 0 to 2048
[  347.261448][T26345] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.336876][T26353] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3198: bg 0: block 234: padding at end of block bitmap is not set
[  347.351546][T26353] EXT4-fs (loop1): Remounting filesystem read-only
[  347.370286][T25678] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.404103][T26355] loop1: detected capacity change from 0 to 2048
[  347.444300][T26355] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.447616][T26366] ALSA: seq fatal error: cannot create timer (-22)
[  347.511230][T26373] loop4: detected capacity change from 0 to 512
[  347.530159][T26375] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3200: bg 0: block 234: padding at end of block bitmap is not set
[  347.546385][T26375] EXT4-fs (loop1): Remounting filesystem read-only
[  347.562245][T26373] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.575173][T26373] ext4 filesystem being mounted at /104/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  347.583579][T25678] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.655976][T23280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.878832][T26427] syz.3.3207[26427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.878927][T26427] syz.3.3207[26427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.891177][T26427] syz.3.3207[26427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  347.913392][T26430] loop4: detected capacity change from 0 to 512
[  347.942279][T26430] EXT4-fs: Ignoring removed bh option
[  347.959694][T26430] EXT4-fs error (device loop4): __ext4_iget:4952: inode #15: block 1803188595: comm syz.4.3208: invalid block
[  347.974857][T26430] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.3208: couldn't read orphan inode 15 (err -117)
[  347.989188][T26430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  348.016124][T23280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.206151][T26477] lo speed is unknown, defaulting to 1000
[  348.268985][T26485] netlink: 'syz.4.3213': attribute type 10 has an invalid length.
[  348.278582][T26485] team0: Device hsr_slave_0 failed to register rx_handler
[  348.903122][T26564] ALSA: seq fatal error: cannot create timer (-22)
[  349.056916][T26569] usb usb9: usbfs: process 26569 (syz.3.3225) did not claim interface 0 before use
[  349.292324][T26581] loop4: detected capacity change from 0 to 512
[  349.305292][T26581] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.3231: invalid block
[  349.321073][T26581] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3231: invalid indirect mapped block 4294967295 (level 1)
[  349.336989][T26581] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3231: invalid indirect mapped block 4294967295 (level 1)
[  349.351604][T26581] EXT4-fs (loop4): 2 truncates cleaned up
[  349.374897][T26581] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.389251][T26586] ALSA: seq fatal error: cannot create timer (-22)
[  349.513167][T26605] sd 0:0:1:0: device reset
[  349.536257][T26607] loop3: detected capacity change from 0 to 512
[  349.546922][T26607] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  349.561997][T26607] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  349.570693][T26607] EXT4-fs (loop3): failed to initialize system zone (-117)
[  349.578328][T26607] EXT4-fs (loop3): mount failed
[  349.692926][T26633] netlink: 'syz.2.3236': attribute type 10 has an invalid length.
[  349.706806][T26633] team0: Device hsr_slave_0 failed to register rx_handler
[  350.047312][   T29] kauditd_printk_skb: 290 callbacks suppressed
[  350.047341][   T29] audit: type=1326 audit(1728356225.772:17634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.081559][   T29] audit: type=1326 audit(1728356225.772:17635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.105332][   T29] audit: type=1326 audit(1728356225.802:17636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.128984][   T29] audit: type=1326 audit(1728356225.802:17637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.152618][   T29] audit: type=1326 audit(1728356225.802:17638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.176319][   T29] audit: type=1326 audit(1728356225.802:17639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.180958][T26685] syz.0.3241[26685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  350.200056][   T29] audit: type=1326 audit(1728356225.802:17640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.213130][T26685] syz.0.3241[26685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  350.235356][   T29] audit: type=1326 audit(1728356225.802:17641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.270533][   T29] audit: type=1326 audit(1728356225.802:17642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.294101][   T29] audit: type=1326 audit(1728356225.802:17643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26681 comm="syz.0.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  350.432121][T26702] ALSA: seq fatal error: cannot create timer (-22)
[  350.919463][T26762] program syz.2.3253 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  351.646187][T23280] EXT4-fs error (device loop4): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  351.675296][T23280] EXT4-fs error (device loop4): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  351.856701][T26790] xt_CT: You must specify a L4 protocol and not use inversions on it
[  351.867700][T26603] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.920444][   T50] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.977000][   T50] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.037389][   T50] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.097000][   T50] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.197377][T26798] lo speed is unknown, defaulting to 1000
[  352.208997][   T50] bridge_slave_1: left allmulticast mode
[  352.214837][   T50] bridge_slave_1: left promiscuous mode
[  352.220524][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.242811][   T50] bridge_slave_0: left allmulticast mode
[  352.248625][   T50] bridge_slave_0: left promiscuous mode
[  352.254345][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.397315][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.407897][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.418713][   T50] bond0 (unregistering): Released all slaves
[  352.477852][   T50] hsr_slave_0: left promiscuous mode
[  352.483475][   T50] hsr_slave_1: left promiscuous mode
[  352.492687][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  352.500257][   T50] batman_adv: batadv0: Removing interface: batadv_slave_0
[  352.524642][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  352.532102][   T50] batman_adv: batadv0: Removing interface: batadv_slave_1
[  352.546489][   T50] veth1_macvtap: left promiscuous mode
[  352.551987][   T50] veth0_macvtap: left promiscuous mode
[  352.557612][   T50] veth1_vlan: left promiscuous mode
[  352.562900][   T50] veth0_vlan: left promiscuous mode
[  352.639792][   T50] team0 (unregistering): Port device team_slave_1 removed
[  352.650875][   T50] team0 (unregistering): Port device team_slave_0 removed
[  352.722585][T26798] chnl_net:caif_netlink_parms(): no params data found
[  352.798411][T26798] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.805529][T26798] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.812884][T26798] bridge_slave_0: entered allmulticast mode
[  352.819810][T26798] bridge_slave_0: entered promiscuous mode
[  352.826892][T26798] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.833951][T26798] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.864167][T26798] bridge_slave_1: entered allmulticast mode
[  352.870783][T26798] bridge_slave_1: entered promiscuous mode
[  352.886442][T26872] sd 0:0:1:0: device reset
[  352.902133][T26798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.914293][T26798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.949040][T26873] lo speed is unknown, defaulting to 1000
[  352.974551][T26798] team0: Port device team_slave_0 added
[  352.989382][T26798] team0: Port device team_slave_1 added
[  353.012275][T26798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.019321][T26798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.045372][T26798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.076261][T26798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.083242][T26798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.109195][T26798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.157674][T26798] hsr_slave_0: entered promiscuous mode
[  353.164129][T26798] hsr_slave_1: entered promiscuous mode
[  353.170218][T26798] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  353.178803][T26798] Cannot create hsr debugfs directory
[  353.196257][T26902] lo speed is unknown, defaulting to 1000
[  353.445912][T26926] lo speed is unknown, defaulting to 1000
[  353.678642][T26798] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  353.710687][T26798] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  353.730255][T26798] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  353.745222][T26798] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  353.753220][T26963] program syz.2.3279 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  353.800002][T26963] lo speed is unknown, defaulting to 1000
[  353.849919][T26974] program syz.0.3282 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  353.903258][T26798] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.937813][T26974] lo speed is unknown, defaulting to 1000
[  353.953072][T26798] 8021q: adding VLAN 0 to HW filter on device team0
[  353.999536][ T1848] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.006681][ T1848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.030026][ T1848] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.037231][ T1848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.148518][T26798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.382865][T26798] veth0_vlan: entered promiscuous mode
[  354.403106][T26798] veth1_vlan: entered promiscuous mode
[  354.429985][T26798] veth0_macvtap: entered promiscuous mode
[  354.441791][T26798] veth1_macvtap: entered promiscuous mode
[  354.453995][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.464593][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.474534][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.484997][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.494938][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.505399][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.515228][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.525743][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.535572][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.546063][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.560162][T26798] batman_adv: batadv0: Interface activated: batadv_slave_0
[  354.575020][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.585498][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.595353][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.605802][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.615727][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.626227][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.636068][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.646769][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.656631][T26798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.667160][T26798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.748575][T26798] batman_adv: batadv0: Interface activated: batadv_slave_1
[  354.759804][T27053] lo speed is unknown, defaulting to 1000
[  354.768526][T26798] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  354.777366][T26798] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  354.786184][T26798] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  354.795028][T26798] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  354.826741][T27074] syz.0.3294[27074] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  354.826871][T27074] syz.0.3294[27074] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  354.863952][T27074] syz.0.3294[27074] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  354.940348][T27086] loop3: detected capacity change from 0 to 512
[  355.014422][T27099] program syz.2.3295 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  355.038855][T27098] loop4: detected capacity change from 0 to 512
[  355.039094][T27086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.057730][   T29] kauditd_printk_skb: 129 callbacks suppressed
[  355.057741][   T29] audit: type=1326 audit(1728356230.782:17773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f38d234cc8a code=0x7ffc0000
[  355.058090][T27098] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  355.064009][   T29] audit: type=1326 audit(1728356230.782:17774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f38d234cc8a code=0x7ffc0000
[  355.120733][   T29] audit: type=1326 audit(1728356230.782:17775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f38d234c897 code=0x7ffc0000
[  355.144458][   T29] audit: type=1326 audit(1728356230.782:17776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f38d234f79a code=0x7ffc0000
[  355.172607][T27086] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  355.188527][T27098] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  355.205505][T27099] lo speed is unknown, defaulting to 1000
[  355.206105][T27098] EXT4-fs (loop4): failed to initialize system zone (-117)
[  355.224250][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.241498][T27098] EXT4-fs (loop4): mount failed
[  355.286042][   T29] audit: type=1326 audit(1728356231.012:17777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f38d234c990 code=0x7ffc0000
[  355.309773][   T29] audit: type=1326 audit(1728356231.012:17778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f38d234dbfb code=0x7ffc0000
[  355.333483][   T29] audit: type=1326 audit(1728356231.012:17779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f38d234cc8a code=0x7ffc0000
[  355.357104][   T29] audit: type=1326 audit(1728356231.012:17780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d234dff9 code=0x7ffc0000
[  355.380926][   T29] audit: type=1326 audit(1728356231.012:17781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d234dff9 code=0x7ffc0000
[  355.450747][   T29] audit: type=1326 audit(1728356231.142:17782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27097 comm="syz.4.3261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38d234dff9 code=0x7ffc0000
[  355.455761][T27114] loop4: detected capacity change from 0 to 512
[  355.498638][T27114] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3301: bg 0: block 5: invalid block bitmap
[  355.545616][T27114] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  355.556072][T27114] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3301: invalid indirect mapped block 3 (level 2)
[  355.569924][T27114] EXT4-fs (loop4): 1 orphan inode deleted
[  355.575722][T27114] EXT4-fs (loop4): 1 truncate cleaned up
[  355.583086][T27114] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.678019][T27123] program syz.4.3301 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  355.771717][T27129] xt_CT: You must specify a L4 protocol and not use inversions on it
[  355.983847][T27144] netlink: 'syz.1.3309': attribute type 10 has an invalid length.
[  355.994914][T27144] team0: Device hsr_slave_0 failed to register rx_handler
[  356.071539][T27142] lo speed is unknown, defaulting to 1000
[  356.317702][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.488299][T27149] loop3: detected capacity change from 0 to 164
[  356.498244][T27149] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  356.530780][T27149] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  356.541019][T27149] iso9660: Corrupted directory entry in block 4 of inode 1792
[  356.557327][T27149] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  356.566456][T27149] iso9660: Corrupted directory entry in block 4 of inode 1792
[  356.720314][T27162] syz.0.3320[27162] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  356.720375][T27162] syz.0.3320[27162] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  356.745821][T27162] syz.0.3320[27162] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  356.784098][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x1
[  356.802903][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.810505][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.817904][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.825304][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.832703][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.843946][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.851348][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x2
[  356.858932][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.866363][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.873802][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.881221][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.888647][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.896119][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.903507][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.911008][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.918451][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.925968][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.933362][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.940771][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.948179][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.955658][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.963079][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.970500][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.977910][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.985435][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  356.992818][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.000305][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.007700][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.015161][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.022557][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.029988][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.037456][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.044917][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.052303][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.059716][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.067316][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.074861][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.082237][ T3326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  357.090170][ T3326] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  357.465539][T27187] loop3: detected capacity change from 0 to 256
[  357.472267][T27187] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  357.488789][T27187] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  358.268304][T27289] loop4: detected capacity change from 0 to 164
[  358.288569][T27289] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  358.290343][T27291] netlink: 'syz.1.3335': attribute type 10 has an invalid length.
[  358.301221][T27289] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  358.324182][T27289] iso9660: Corrupted directory entry in block 4 of inode 1792
[  358.340516][T27289] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  358.342594][T27291] team0: Device hsr_slave_0 failed to register rx_handler
[  358.354737][T27289] iso9660: Corrupted directory entry in block 4 of inode 1792
[  358.470997][T27311] loop3: detected capacity change from 0 to 512
[  358.505557][T27311] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.3341: bg 0: block 5: invalid block bitmap
[  358.522373][T27311] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  358.534439][T27311] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3341: invalid indirect mapped block 3 (level 2)
[  358.553498][T27311] EXT4-fs (loop3): 1 orphan inode deleted
[  358.559349][T27311] EXT4-fs (loop3): 1 truncate cleaned up
[  358.566274][T27311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  358.641652][T27327] program syz.3.3341 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  358.677355][T27327] lo speed is unknown, defaulting to 1000
[  359.308507][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.549272][T27391] loop4: detected capacity change from 0 to 512
[  359.566660][T27393] FAULT_INJECTION: forcing a failure.
[  359.566660][T27393] name failslab, interval 1, probability 0, space 0, times 0
[  359.579345][T27393] CPU: 1 UID: 0 PID: 27393 Comm: syz.2.3351 Tainted: G        W          6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  359.591634][T27393] Tainted: [W]=WARN
[  359.595424][T27393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  359.605475][T27393] Call Trace:
[  359.608763][T27393]  <TASK>
[  359.611693][T27393]  dump_stack_lvl+0xf2/0x150
[  359.616329][T27393]  dump_stack+0x15/0x20
[  359.620485][T27393]  should_fail_ex+0x223/0x230
[  359.625271][T27393]  ? security_file_alloc+0x32/0x100
[  359.630546][T27393]  should_failslab+0x8f/0xb0
[  359.635153][T27393]  kmem_cache_alloc_noprof+0x4c/0x290
[  359.640552][T27393]  security_file_alloc+0x32/0x100
[  359.645717][T27393]  alloc_empty_file+0x121/0x2f0
[  359.650573][T27393]  alloc_file_pseudo+0xc3/0x140
[  359.655429][T27393]  __shmem_file_setup+0x1bb/0x1f0
[  359.660475][T27393]  shmem_file_setup+0x3b/0x50
[  359.665184][T27393]  __se_sys_memfd_create+0x31d/0x5c0
[  359.670555][T27393]  __x64_sys_memfd_create+0x31/0x40
[  359.675831][T27393]  x64_sys_call+0x2891/0x2d60
[  359.680516][T27393]  do_syscall_64+0xc9/0x1c0
[  359.685054][T27393]  ? clear_bhb_loop+0x55/0xb0
[  359.689780][T27393]  ? clear_bhb_loop+0x55/0xb0
[  359.694512][T27393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.700489][T27393] RIP: 0033:0x7fd748e0dff9
[  359.704991][T27393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.724666][T27393] RSP: 002b:00007fd747a80e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  359.733105][T27393] RAX: ffffffffffffffda RBX: 00000000000004ea RCX: 00007fd748e0dff9
[  359.741150][T27393] RDX: 00007fd747a80ef0 RSI: 0000000000000000 RDI: 00007fd748e80b02
[  359.749117][T27393] RBP: 00000000200006c0 R08: 00007fd747a80bb7 R09: 00007fd747a80e40
[  359.757125][T27393] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000140
[  359.765098][T27393] R13: 00007fd747a80ef0 R14: 00007fd747a80eb0 R15: 0000000020000400
[  359.773110][T27393]  </TASK>
[  360.222983][T27449] netlink: 'syz.1.3354': attribute type 10 has an invalid length.
[  360.261567][T27449] team0: Device hsr_slave_0 failed to register rx_handler
[  360.927002][   T29] kauditd_printk_skb: 101 callbacks suppressed
[  360.927017][   T29] audit: type=1400 audit(1728356236.652:17884): avc:  denied  { cpu } for  pid=27504 comm="syz.0.3357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  360.972566][   T29] audit: type=1400 audit(1728356236.692:17885): avc:  denied  { validate_trans } for  pid=27504 comm="syz.0.3357" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  361.419251][T27549] lo speed is unknown, defaulting to 1000
[  361.579611][T27564] loop4: detected capacity change from 0 to 512
[  361.596690][T27564] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3363: bg 0: block 5: invalid block bitmap
[  361.642717][T27564] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  361.662887][T27564] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3363: invalid indirect mapped block 3 (level 2)
[  361.677945][T27572] xt_CT: You must specify a L4 protocol and not use inversions on it
[  361.688810][T27564] EXT4-fs (loop4): 1 orphan inode deleted
[  361.694609][T27564] EXT4-fs (loop4): 1 truncate cleaned up
[  361.706931][T27564] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  361.776031][T27582] program syz.4.3363 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  361.791167][   T29] audit: type=1326 audit(1728356237.512:17886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27579 comm="syz.1.3367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1d08cfdff9 code=0x0
[  361.838551][T27586] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3368'.
[  361.848446][T27586] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3368'.
[  361.859893][   T29] audit: type=1326 audit(1728356237.582:17887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  361.883065][   T29] audit: type=1326 audit(1728356237.582:17888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  361.906115][   T29] audit: type=1326 audit(1728356237.582:17889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  361.929291][   T29] audit: type=1326 audit(1728356237.582:17890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  361.952472][   T29] audit: type=1326 audit(1728356237.582:17891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  361.975611][   T29] audit: type=1326 audit(1728356237.582:17892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  361.998990][   T29] audit: type=1326 audit(1728356237.582:17893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27585 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  362.028469][  T129] bridge_slave_1: left allmulticast mode
[  362.034296][  T129] bridge_slave_1: left promiscuous mode
[  362.040120][  T129] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.048848][  T129] bridge_slave_0: left allmulticast mode
[  362.054576][  T129] bridge_slave_0: left promiscuous mode
[  362.060390][  T129] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.155973][  T129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  362.166602][  T129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  362.176836][  T129] bond0 (unregistering): Released all slaves
[  362.188002][T27598] lo speed is unknown, defaulting to 1000
[  362.236788][  T129] tipc: Disabling bearer <udp:syz2>
[  362.242140][  T129] tipc: Left network mode
[  362.249130][  T129] hsr_slave_0: left promiscuous mode
[  362.255091][  T129] hsr_slave_1: left promiscuous mode
[  362.260826][  T129] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.268588][  T129] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.278381][  T129] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.286013][  T129] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.301315][  T129] veth1_macvtap: left promiscuous mode
[  362.306860][  T129] veth0_macvtap: left promiscuous mode
[  362.312488][  T129] veth1_vlan: left promiscuous mode
[  362.317786][  T129] veth0_vlan: left promiscuous mode
[  362.416391][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.429752][  T129] team0 (unregistering): Port device team_slave_1 removed
[  362.442390][  T129] team0 (unregistering): Port device team_slave_0 removed
[  362.489022][T27613] loop4: detected capacity change from 0 to 512
[  362.501851][T27607] syz_tun: entered allmulticast mode
[  362.512630][T27613] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3378: bg 0: block 5: invalid block bitmap
[  362.528007][ T3346] lo speed is unknown, defaulting to 1000
[  362.528418][T27611] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.544935][T27613] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  362.555135][T27613] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3378: invalid indirect mapped block 3 (level 2)
[  362.569896][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  362.584728][T27613] EXT4-fs (loop4): 1 orphan inode deleted
[  362.590510][T27613] EXT4-fs (loop4): 1 truncate cleaned up
[  362.615915][T27605] syz_tun: left allmulticast mode
[  362.624440][T27613] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  362.868894][  T129] IPVS: stop unused estimator thread 0...
[  362.985334][T27632] loop3: detected capacity change from 0 to 512
[  363.006048][T27632] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  363.020019][T27632] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  363.059285][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.328956][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.492696][T27640] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  363.500921][T27640] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  363.618827][T27655] syz_tun: entered allmulticast mode
[  363.626578][T27654] syz_tun: left allmulticast mode
[  364.009203][T27663] loop3: detected capacity change from 0 to 2048
[  364.025638][T27663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.106222][T27666] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3395: bg 0: block 234: padding at end of block bitmap is not set
[  364.121000][T27666] EXT4-fs (loop3): Remounting filesystem read-only
[  364.156054][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.221418][T27670] loop4: detected capacity change from 0 to 512
[  364.233459][T27670] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  364.245242][T27670] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  364.253232][T27670] EXT4-fs (loop4): failed to initialize system zone (-117)
[  364.260509][T27670] EXT4-fs (loop4): mount failed
[  364.621433][T27690] netlink: 'syz.0.3399': attribute type 10 has an invalid length.
[  364.629613][T27690] team0: Device hsr_slave_0 failed to register rx_handler
[  365.058644][T27701] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3407'.
[  365.099519][T27703] syz_tun: entered allmulticast mode
[  365.107049][T27702] syz_tun: left allmulticast mode
[  365.219936][T27707] loop4: detected capacity change from 0 to 2048
[  365.247527][T27707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.279955][T27707] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3410: bg 0: block 234: padding at end of block bitmap is not set
[  365.305078][T27707] EXT4-fs (loop4): Remounting filesystem read-only
[  365.306451][T27714] loop3: detected capacity change from 0 to 512
[  365.326544][T27714] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.3412: bg 0: block 5: invalid block bitmap
[  365.339519][T27714] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  365.340019][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.349833][T27714] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3412: invalid indirect mapped block 3 (level 2)
[  365.381211][T27714] EXT4-fs (loop3): 1 orphan inode deleted
[  365.387023][T27714] EXT4-fs (loop3): 1 truncate cleaned up
[  365.401490][T27719] xt_CT: You must specify a L4 protocol and not use inversions on it
[  365.424263][T27714] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.456352][T27729] netlink: 'syz.4.3418': attribute type 2 has an invalid length.
[  365.464454][T27729] netlink: 'syz.4.3418': attribute type 1 has an invalid length.
[  365.500419][T27736] program syz.3.3412 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.509886][T27734] loop4: detected capacity change from 0 to 2048
[  365.537903][T27734] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.571614][T27734] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3419: bg 0: block 234: padding at end of block bitmap is not set
[  365.587468][T27734] EXT4-fs (loop4): Remounting filesystem read-only
[  365.603528][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.144338][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.166160][T27759] loop3: detected capacity change from 0 to 1024
[  366.185732][T27759] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  366.205721][T25688] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.223783][T27763] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  366.231665][T27763] batadv_slave_0: entered promiscuous mode
[  366.298352][   T29] kauditd_printk_skb: 172 callbacks suppressed
[  366.298412][   T29] audit: type=1400 audit(1728356242.022:18066): avc:  denied  { ioctl } for  pid=27766 comm="syz.0.3429" path="socket:[72524]" dev="sockfs" ino=72524 ioctlcmd=0x48de scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  366.342675][   T29] audit: type=1400 audit(1728356242.062:18067): avc:  denied  { bind } for  pid=27768 comm="syz.0.3430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  366.362937][   T29] audit: type=1400 audit(1728356242.062:18068): avc:  denied  { name_bind } for  pid=27768 comm="syz.0.3430" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  366.384122][   T29] audit: type=1400 audit(1728356242.062:18069): avc:  denied  { node_bind } for  pid=27768 comm="syz.0.3430" saddr=ff01::1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  366.406500][   T29] audit: type=1400 audit(1728356242.062:18070): avc:  denied  { connect } for  pid=27768 comm="syz.0.3430" laddr=ff01::1 lport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  366.428703][   T29] audit: type=1400 audit(1728356242.062:18071): avc:  denied  { name_connect } for  pid=27768 comm="syz.0.3430" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  366.436236][T27771] netlink: 'syz.3.3428': attribute type 10 has an invalid length.
[  366.449110][   T29] audit: type=1400 audit(1728356242.062:18072): avc:  denied  { setopt } for  pid=27768 comm="syz.0.3430" laddr=ff01::1 lport=20001 faddr=fe80:: scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  366.492464][T27771] team0: Device hsr_slave_0 failed to register rx_handler
[  366.545833][   T29] audit: type=1326 audit(1728356242.232:18073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27772 comm="syz.1.3432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d08cfdff9 code=0x7ffc0000
[  366.552586][T27777] loop4: detected capacity change from 0 to 2048
[  366.569720][   T29] audit: type=1326 audit(1728356242.232:18074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27772 comm="syz.1.3432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1d08cfdff9 code=0x7ffc0000
[  366.599785][   T29] audit: type=1326 audit(1728356242.232:18075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27772 comm="syz.1.3432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d08cfdff9 code=0x7ffc0000
[  366.667309][T27777] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  366.722485][T27788] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3437'.
[  366.841931][T27790] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3433: bg 0: block 234: padding at end of block bitmap is not set
[  366.914664][T27790] EXT4-fs (loop4): Remounting filesystem read-only
[  367.409603][T27804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3442'.
[  367.520333][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.934036][T27825] xt_CT: You must specify a L4 protocol and not use inversions on it
[  367.959233][T27830] loop4: detected capacity change from 0 to 512
[  367.978491][T27830] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3453: bg 0: block 5: invalid block bitmap
[  367.991064][T27830] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  367.999900][T27830] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3453: invalid indirect mapped block 3 (level 2)
[  368.013603][T27830] EXT4-fs (loop4): 1 orphan inode deleted
[  368.019391][T27830] EXT4-fs (loop4): 1 truncate cleaned up
[  368.029221][T27830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  368.206994][T27847] syz.2.3458[27847] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.207036][T27847] syz.2.3458[27847] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.218625][T27847] syz.2.3458[27847] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.241913][T27849] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  368.261563][T27849] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  368.796682][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.930695][T27907] loop3: detected capacity change from 0 to 512
[  368.948142][T27907] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3483: invalid indirect mapped block 4294967295 (level 1)
[  368.962626][T27907] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3483: invalid indirect mapped block 4294967295 (level 1)
[  368.978913][T27907] EXT4-fs (loop3): 2 truncates cleaned up
[  368.985256][T27907] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.582711][T28100] pim6reg1: entered promiscuous mode
[  370.588078][T28100] pim6reg1: entered allmulticast mode
[  370.608760][T28102] syz_tun: entered allmulticast mode
[  370.616066][T28101] syz_tun: left allmulticast mode
[  370.707243][T25688] EXT4-fs error (device loop3): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  370.721319][T25688] EXT4-fs error (device loop3): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  370.905671][T27925] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.960217][   T28] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.998517][   T28] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.041405][   T28] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.081809][   T28] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.103410][T28124] chnl_net:caif_netlink_parms(): no params data found
[  371.137084][T28124] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.144252][T28124] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.151517][T28124] bridge_slave_0: entered allmulticast mode
[  371.159356][T28124] bridge_slave_0: entered promiscuous mode
[  371.166468][T28124] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.173608][T28124] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.180919][T28124] bridge_slave_1: entered allmulticast mode
[  371.187360][T28124] bridge_slave_1: entered promiscuous mode
[  371.211909][T28124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  371.226350][T28124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  371.248161][   T28] bridge_slave_1: left allmulticast mode
[  371.253841][   T28] bridge_slave_1: left promiscuous mode
[  371.259526][   T28] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.267554][   T28] bridge_slave_0: left allmulticast mode
[  371.273261][   T28] bridge_slave_0: left promiscuous mode
[  371.278937][   T28] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.386141][   T28] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  371.396617][   T28] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.406686][   T28] bond0 (unregistering): Released all slaves
[  371.420353][T28124] team0: Port device team_slave_0 added
[  371.430227][T28124] team0: Port device team_slave_1 added
[  371.450559][T28124] batman_adv: batadv0: Adding interface: batadv_slave_0
[  371.457838][T28124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.483971][T28124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  371.499114][T28124] batman_adv: batadv0: Adding interface: batadv_slave_1
[  371.506124][T28124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.532139][T28124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  371.547324][   T28] hsr_slave_0: left promiscuous mode
[  371.553185][   T28] hsr_slave_1: left promiscuous mode
[  371.559817][   T28] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.568981][   T28] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.576569][   T28] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.588380][   T28] veth1_macvtap: left promiscuous mode
[  371.594029][   T28] veth0_macvtap: left promiscuous mode
[  371.599546][   T28] veth1_vlan: left promiscuous mode
[  371.604802][   T28] veth0_vlan: left promiscuous mode
[  371.732118][   T28] team0 (unregistering): Port device team_slave_1 removed
[  371.751376][   T28] team0 (unregistering): Port device team_slave_0 removed
[  371.817661][T28142] pim6reg1: entered promiscuous mode
[  371.823081][T28142] pim6reg1: entered allmulticast mode
[  371.905028][T28124] hsr_slave_0: entered promiscuous mode
[  371.920062][T28124] hsr_slave_1: entered promiscuous mode
[  371.940180][T28124] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  371.940695][T28186] loop4: detected capacity change from 0 to 512
[  371.955830][T28124] Cannot create hsr debugfs directory
[  371.986972][T28186] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3520: bg 0: block 5: invalid block bitmap
[  372.001566][T28186] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  372.018372][T28186] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3520: invalid indirect mapped block 3 (level 2)
[  372.034025][T28186] EXT4-fs (loop4): 1 orphan inode deleted
[  372.039778][T28186] EXT4-fs (loop4): 1 truncate cleaned up
[  372.045827][T28186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.529103][T28124] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  372.552573][T28124] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  372.570582][T28124] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  372.587877][T28124] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  372.688124][T28124] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.727373][T28124] 8021q: adding VLAN 0 to HW filter on device team0
[  372.756002][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.763171][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.794110][T26798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.812419][ T1848] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.819640][ T1848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.975421][T28124] 8021q: adding VLAN 0 to HW filter on device batadv0
[  373.027901][T28300] loop4: detected capacity change from 0 to 512
[  373.059876][T28300] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.3522: invalid block
[  373.073477][T28300] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3522: invalid indirect mapped block 4294967295 (level 1)
[  373.091336][T28300] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3522: invalid indirect mapped block 4294967295 (level 1)
[  373.161398][T28300] EXT4-fs (loop4): 2 truncates cleaned up
[  373.189723][T28300] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.239021][T28124] veth0_vlan: entered promiscuous mode
[  373.272112][T28124] veth1_vlan: entered promiscuous mode
[  373.310767][T28124] veth0_macvtap: entered promiscuous mode
[  373.329280][T28124] veth1_macvtap: entered promiscuous mode
[  373.363355][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.374054][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.384007][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.394580][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.404402][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  373.414851][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.493671][T28124] batman_adv: batadv0: Interface activated: batadv_slave_0
[  373.515216][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  373.525875][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.535774][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  373.546217][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.556065][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  373.566581][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.576410][T28124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  373.587107][T28124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  373.686633][T28124] batman_adv: batadv0: Interface activated: batadv_slave_1
[  373.707264][T28124] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  373.716128][T28124] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  373.724862][T28124] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  373.733633][T28124] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  373.742566][T28193] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  373.815871][T28418] syz_tun: entered allmulticast mode
[  373.827941][T28417] syz_tun: left allmulticast mode
[  373.950869][   T29] kauditd_printk_skb: 269 callbacks suppressed
[  373.950883][   T29] audit: type=1326 audit(1728356249.672:18345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28439 comm="syz.2.3528" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x0
[  374.457339][T26798] EXT4-fs error (device loop4): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  374.468800][T28449] sd 0:0:1:0: device reset
[  374.472054][T26798] EXT4-fs error (device loop4): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  374.644975][T28352] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.818272][   T29] audit: type=1326 audit(1728356250.542:18346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.842077][   T29] audit: type=1326 audit(1728356250.542:18347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.857233][T28454] chnl_net:caif_netlink_parms(): no params data found
[  374.867762][   T29] audit: type=1326 audit(1728356250.592:18348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.897003][   T29] audit: type=1326 audit(1728356250.612:18349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.921032][   T29] audit: type=1326 audit(1728356250.612:18350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.944994][   T29] audit: type=1326 audit(1728356250.612:18351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.968819][   T29] audit: type=1326 audit(1728356250.612:18352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  374.992889][   T29] audit: type=1326 audit(1728356250.612:18353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  375.016650][   T29] audit: type=1326 audit(1728356250.612:18354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28469 comm="syz.2.3538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  375.049529][ T1369] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.084339][T28454] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.091518][T28454] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.100022][T28454] bridge_slave_0: entered allmulticast mode
[  375.107035][T28454] bridge_slave_0: entered promiscuous mode
[  375.119008][ T1369] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.130991][T28454] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.138129][T28454] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.145783][T28454] bridge_slave_1: entered allmulticast mode
[  375.152264][T28454] bridge_slave_1: entered promiscuous mode
[  375.173529][T28454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  375.187881][ T1369] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.200639][T28454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.222904][T28454] team0: Port device team_slave_0 added
[  375.229924][T28454] team0: Port device team_slave_1 added
[  375.253252][ T1369] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.265881][T28454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  375.272856][T28454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.298825][T28454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  375.312992][T28454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  375.319999][T28454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.345953][T28454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  375.390068][ T1369] bridge_slave_1: left allmulticast mode
[  375.395879][ T1369] bridge_slave_1: left promiscuous mode
[  375.401514][ T1369] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.414907][ T1369] bridge_slave_0: left allmulticast mode
[  375.420781][ T1369] bridge_slave_0: left promiscuous mode
[  375.426479][ T1369] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.547528][ T1369] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  375.562070][ T1369] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  375.577314][ T1369] bond0 (unregistering): Released all slaves
[  375.638563][T28454] hsr_slave_0: entered promiscuous mode
[  375.644845][T28454] hsr_slave_1: entered promiscuous mode
[  375.650867][T28454] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  375.659788][T28454] Cannot create hsr debugfs directory
[  375.677462][ T1369] hsr_slave_0: left promiscuous mode
[  375.683174][ T1369] hsr_slave_1: left promiscuous mode
[  375.689574][ T1369] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.697116][ T1369] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.706844][ T1369] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.714365][ T1369] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.723916][ T1369] veth1_macvtap: left promiscuous mode
[  375.729399][ T1369] veth0_macvtap: left promiscuous mode
[  375.734940][ T1369] veth1_vlan: left promiscuous mode
[  375.740169][ T1369] veth0_vlan: left promiscuous mode
[  375.857884][ T1369] team0 (unregistering): Port device team_slave_1 removed
[  375.870582][ T1369] team0 (unregistering): Port device team_slave_0 removed
[  376.330057][T28454] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  376.339117][T28454] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  376.350493][T28454] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  376.362890][T28454] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  376.401172][T28454] 8021q: adding VLAN 0 to HW filter on device bond0
[  376.414115][T28454] 8021q: adding VLAN 0 to HW filter on device team0
[  376.427311][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.434475][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[  376.447298][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.454465][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[  376.487068][T28454] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  376.491334][T28708] loop3: detected capacity change from 0 to 512
[  376.517410][T28708] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.530430][T28708] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  376.583517][T28124] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.585216][T28454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.669336][T28738] xt_CT: You must specify a L4 protocol and not use inversions on it
[  376.791713][T28454] veth0_vlan: entered promiscuous mode
[  376.807522][T28454] veth1_vlan: entered promiscuous mode
[  376.860654][T28454] veth0_macvtap: entered promiscuous mode
[  376.868279][T28454] veth1_macvtap: entered promiscuous mode
[  376.878273][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.888824][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.898657][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.909098][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.918958][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.929441][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.940125][T28454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  376.948723][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.959237][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.969228][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.979711][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.989731][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.000164][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.010261][T28454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.020698][T28454] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.031403][T28454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.043725][T28454] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.052463][T28454] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.061272][T28454] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.070134][T28454] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.098428][T28783] loop3: detected capacity change from 0 to 512
[  377.109552][T28783] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.3561: bg 0: block 5: invalid block bitmap
[  377.133794][T28783] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  377.143060][T28783] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3561: invalid indirect mapped block 3 (level 2)
[  377.163595][T28783] EXT4-fs (loop3): 1 orphan inode deleted
[  377.169495][T28783] EXT4-fs (loop3): 1 truncate cleaned up
[  377.185490][T28783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.200193][T28790] syz_tun: entered allmulticast mode
[  377.206996][T28789] syz_tun: left allmulticast mode
[  377.528106][T28809] loop4: detected capacity change from 0 to 512
[  377.546035][T28809] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3569: bg 0: block 5: invalid block bitmap
[  377.558624][T28809] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  377.567632][T28809] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3569: invalid indirect mapped block 3 (level 2)
[  377.582320][T28809] EXT4-fs (loop4): 1 orphan inode deleted
[  377.588132][T28809] EXT4-fs (loop4): 1 truncate cleaned up
[  377.594112][T28809] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.736064][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.929831][T28124] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.096328][T28844] xt_CT: You must specify a L4 protocol and not use inversions on it
[  378.833638][T28870] loop4: detected capacity change from 0 to 512
[  378.848969][T28870] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  378.861841][T28870] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  378.865248][T28877] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3591'.
[  378.890615][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.116537][T28888] netlink: 'syz.3.3593': attribute type 10 has an invalid length.
[  379.133488][   T29] kauditd_printk_skb: 127 callbacks suppressed
[  379.133502][   T29] audit: type=1326 audit(1728356254.852:18482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28889 comm="syz.0.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.134908][T28888] team0: Device hsr_slave_0 failed to register rx_handler
[  379.141009][   T29] audit: type=1326 audit(1728356254.862:18483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28889 comm="syz.0.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.197224][   T29] audit: type=1326 audit(1728356254.922:18484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28889 comm="syz.0.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.220962][   T29] audit: type=1326 audit(1728356254.922:18485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28889 comm="syz.0.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.249548][   T29] audit: type=1326 audit(1728356254.952:18486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28892 comm="syz.0.3597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.273122][T28895] pim6reg1: entered promiscuous mode
[  379.273140][T28895] pim6reg1: entered allmulticast mode
[  379.283875][   T29] audit: type=1326 audit(1728356254.952:18487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28892 comm="syz.0.3597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.307693][   T29] audit: type=1326 audit(1728356254.952:18488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28892 comm="syz.0.3597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.331620][   T29] audit: type=1326 audit(1728356254.952:18489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28892 comm="syz.0.3597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.355207][   T29] audit: type=1326 audit(1728356254.952:18490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28892 comm="syz.0.3597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.379012][   T29] audit: type=1326 audit(1728356254.952:18491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28892 comm="syz.0.3597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  379.422152][T28899] xt_CT: You must specify a L4 protocol and not use inversions on it
[  379.518392][T28905] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3603'.
[  379.957951][T28936] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3614'.
[  379.980853][T28938] loop3: detected capacity change from 0 to 512
[  379.988919][T28938] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.3615: bg 0: block 5: invalid block bitmap
[  380.001595][T28938] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  380.010592][T28938] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3615: invalid indirect mapped block 3 (level 2)
[  380.024027][T28938] EXT4-fs (loop3): 1 orphan inode deleted
[  380.029794][T28938] EXT4-fs (loop3): 1 truncate cleaned up
[  380.035919][T28938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.783338][T29029] loop4: detected capacity change from 0 to 2048
[  380.816763][T29029] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.831294][T28124] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.634772][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.777788][T29131] loop4: detected capacity change from 0 to 512
[  381.805805][T29131] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.820060][T29131] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  381.845247][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.910101][T29137] pim6reg1: entered promiscuous mode
[  381.915509][T29137] pim6reg1: entered allmulticast mode
[  382.785349][T29177] pim6reg1: entered promiscuous mode
[  382.790706][T29177] pim6reg1: entered allmulticast mode
[  382.838384][T29183] tipc: Started in network mode
[  382.843267][T29183] tipc: Node identity f7, cluster identity 4711
[  382.849542][T29183] tipc: Node number set to 247
[  382.862829][T29185] xt_CT: You must specify a L4 protocol and not use inversions on it
[  383.020421][T29195] loop3: detected capacity change from 0 to 512
[  383.032758][T29197] sd 0:0:1:0: device reset
[  383.112083][T29195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  383.131336][T29195] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  383.167548][T28124] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  383.172196][T29211] loop4: detected capacity change from 0 to 512
[  383.244154][T29211] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  383.291873][T29211] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  383.354681][T29229] FAULT_INJECTION: forcing a failure.
[  383.354681][T29229] name failslab, interval 1, probability 0, space 0, times 0
[  383.367358][T29229] CPU: 1 UID: 0 PID: 29229 Comm: syz.0.3675 Tainted: G        W          6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  383.379662][T29229] Tainted: [W]=WARN
[  383.383472][T29229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  383.393533][T29229] Call Trace:
[  383.396819][T29229]  <TASK>
[  383.399750][T29229]  dump_stack_lvl+0xf2/0x150
[  383.404352][T29229]  dump_stack+0x15/0x20
[  383.408591][T29229]  should_fail_ex+0x223/0x230
[  383.413351][T29229]  ? _request_firmware+0x18f/0x9c0
[  383.418571][T29229]  should_failslab+0x8f/0xb0
[  383.423162][T29229]  __kmalloc_cache_noprof+0x4b/0x2a0
[  383.428463][T29229]  _request_firmware+0x18f/0x9c0
[  383.433410][T29229]  ? rpm_resume+0x655/0xd00
[  383.437998][T29229]  ? __rcu_read_unlock+0x4e/0x70
[  383.443007][T29229]  request_firmware+0x36/0x50
[  383.447714][T29229]  devlink_compat_flash_update+0xaf/0x1b0
[  383.453468][T29229]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  383.459418][T29229]  dev_ethtool+0x138b/0x14c0
[  383.464018][T29229]  ? __rcu_read_unlock+0x4e/0x70
[  383.469055][T29229]  dev_ioctl+0x854/0xab0
[  383.473346][T29229]  sock_do_ioctl+0x11c/0x260
[  383.477956][T29229]  sock_ioctl+0x46a/0x640
[  383.482360][T29229]  ? __pfx_sock_ioctl+0x10/0x10
[  383.487224][T29229]  __se_sys_ioctl+0xcd/0x140
[  383.491835][T29229]  __x64_sys_ioctl+0x43/0x50
[  383.496518][T29229]  x64_sys_call+0x15cc/0x2d60
[  383.501354][T29229]  do_syscall_64+0xc9/0x1c0
[  383.505891][T29229]  ? clear_bhb_loop+0x55/0xb0
[  383.510714][T29229]  ? clear_bhb_loop+0x55/0xb0
[  383.515500][T29229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.521534][T29229] RIP: 0033:0x7f26be29dff9
[  383.526002][T29229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.545655][T29229] RSP: 002b:00007f26bcf17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.554116][T29229] RAX: ffffffffffffffda RBX: 00007f26be455f80 RCX: 00007f26be29dff9
[  383.562453][T29229] RDX: 0000000020000000 RSI: 0000000000008946 RDI: 0000000000000003
[  383.570433][T29229] RBP: 00007f26bcf17090 R08: 0000000000000000 R09: 0000000000000000
[  383.578415][T29229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.586392][T29229] R13: 0000000000000000 R14: 00007f26be455f80 R15: 00007ffeac478cb8
[  383.594449][T29229]  </TASK>
[  383.597689][T29229] netdevsim netdevsim0: _request_firmware_prepare: kmalloc(struct firmware) failed
[  383.610043][T20183] unregister_netdevice: waiting for vcan0 to become free. Usage count = 2
[  383.651531][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  383.690407][T29273] FAULT_INJECTION: forcing a failure.
[  383.690407][T29273] name failslab, interval 1, probability 0, space 0, times 0
[  383.703136][T29273] CPU: 0 UID: 0 PID: 29273 Comm: syz.0.3682 Tainted: G        W          6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  383.715446][T29273] Tainted: [W]=WARN
[  383.719257][T29273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  383.729303][T29273] Call Trace:
[  383.732643][T29273]  <TASK>
[  383.735561][T29273]  dump_stack_lvl+0xf2/0x150
[  383.740146][T29273]  dump_stack+0x15/0x20
[  383.744345][T29273]  should_fail_ex+0x223/0x230
[  383.749074][T29273]  ? sidtab_sid2str_get+0xb8/0x140
[  383.754222][T29273]  should_failslab+0x8f/0xb0
[  383.758856][T29273]  __kmalloc_node_track_caller_noprof+0xa6/0x380
[  383.765180][T29273]  ? vsnprintf+0xdd8/0xe30
[  383.769599][T29273]  kmemdup_noprof+0x2a/0x60
[  383.774130][T29273]  sidtab_sid2str_get+0xb8/0x140
[  383.779058][T29273]  security_sid_to_context_core+0x1eb/0x2f0
[  383.785034][T29273]  security_sid_to_context+0x27/0x30
[  383.790334][T29273]  selinux_secid_to_secctx+0x22/0x30
[  383.795677][T29273]  security_secid_to_secctx+0x48/0x90
[  383.801047][T29273]  audit_log_task_context+0x8c/0x1b0
[  383.806347][T29273]  audit_log_task+0xfb/0x180
[  383.810961][T29273]  audit_seccomp+0x68/0x130
[  383.815452][T29273]  __seccomp_filter+0x6fa/0x1180
[  383.820419][T29273]  ? __perf_event_task_sched_out+0x111/0xfe0
[  383.826430][T29273]  ? __dequeue_entity+0x22/0x310
[  383.831439][T29273]  __secure_computing+0x9f/0x1c0
[  383.836371][T29273]  syscall_trace_enter+0xd1/0x1f0
[  383.841442][T29273]  do_syscall_64+0xaa/0x1c0
[  383.845946][T29273]  ? clear_bhb_loop+0x55/0xb0
[  383.850712][T29273]  ? clear_bhb_loop+0x55/0xb0
[  383.855405][T29273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.861305][T29273] RIP: 0033:0x7f26be29ca3c
[  383.865827][T29273] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  383.885862][T29273] RSP: 002b:00007f26bcf17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  383.894266][T29273] RAX: ffffffffffffffda RBX: 00007f26be455f80 RCX: 00007f26be29ca3c
[  383.902306][T29273] RDX: 000000000000000f RSI: 00007f26bcf170a0 RDI: 0000000000000005
[  383.910328][T29273] RBP: 00007f26bcf17090 R08: 0000000000000000 R09: 0000000000000000
[  383.918720][T29273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.926680][T29273] R13: 0000000000000000 R14: 00007f26be455f80 R15: 00007ffeac478cb8
[  383.934646][T29273]  </TASK>
[  384.049061][T29282] loop4: detected capacity change from 0 to 512
[  384.099069][T29282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  384.123500][T29282] ext4 filesystem being mounted at /32/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  384.137912][   T29] kauditd_printk_skb: 290 callbacks suppressed
[  384.137926][   T29] audit: type=1326 audit(1728356259.862:18781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.172792][   T29] audit: type=1326 audit(1728356259.862:18782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.196423][   T29] audit: type=1326 audit(1728356259.862:18783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.220025][   T29] audit: type=1326 audit(1728356259.862:18784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.243671][   T29] audit: type=1326 audit(1728356259.862:18785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.276443][   T29] audit: type=1326 audit(1728356259.942:18786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.300128][   T29] audit: type=1326 audit(1728356259.942:18787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.323720][   T29] audit: type=1326 audit(1728356259.972:18788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.325729][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.347149][   T29] audit: type=1326 audit(1728356259.972:18789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.347176][   T29] audit: type=1326 audit(1728356259.972:18790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29281 comm="syz.4.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  384.421646][T29311] pim6reg1: entered promiscuous mode
[  384.427103][T29311] pim6reg1: entered allmulticast mode
[  384.497235][T29319] loop4: detected capacity change from 0 to 512
[  384.546908][T29319] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  384.567045][T29319] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  384.589727][T29326] can0: slcan on ttyS3.
[  384.630919][T29336] sd 0:0:1:0: device reset
[  384.656866][T29326] can0 (unregistered): slcan off ttyS3.
[  384.670692][T29326] Falling back ldisc for ttyS3.
[  384.719246][T29350] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  384.729142][T28454] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.771258][T29350] batadv_slave_0: entered promiscuous mode
[  384.787020][T29361] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3702'.
[  384.857639][T29373] syz_tun: entered allmulticast mode
[  384.866877][T29372] syz_tun: left allmulticast mode
[  384.909124][T29384] syz_tun: entered allmulticast mode
[  384.928006][T29382] syz_tun: left allmulticast mode
[  384.944241][T29390] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  384.961966][T29390] batadv_slave_0: entered promiscuous mode
[  385.002178][T29400] syz_tun: entered allmulticast mode
[  385.012500][T29399] syz_tun: left allmulticast mode
[  385.068306][T29412] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3717'.
[  385.718310][T29484] loop3: detected capacity change from 0 to 512
[  385.727342][T29484] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.3721: invalid block
[  385.739908][T29484] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3721: invalid indirect mapped block 4294967295 (level 1)
[  385.754436][T29484] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3721: invalid indirect mapped block 4294967295 (level 1)
[  385.768813][T29484] EXT4-fs (loop3): 2 truncates cleaned up
[  385.775040][T29484] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  385.873860][T29507] xt_CT: You must specify a L4 protocol and not use inversions on it
[  385.987656][T29527] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  385.998147][T29527] batadv_slave_0: entered promiscuous mode
[  386.031916][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4
[  386.039788][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2
[  386.047486][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.055227][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.062956][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.070645][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.078341][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.086085][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.093816][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.101475][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.109210][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.116895][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.124582][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.132300][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.140024][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.147760][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.155446][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.163213][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.170895][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.178666][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.186550][ T3344] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0
[  386.202712][ T3344] hid-generic 0000:3000000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  387.178980][T29676] syz_tun: entered allmulticast mode
[  387.197741][T29675] syz_tun: left allmulticast mode
[  387.287403][T29700] program syz.1.3746 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  387.693994][T28124] EXT4-fs error (device loop3): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  387.706877][T28124] EXT4-fs error (device loop3): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904
[  387.876639][T29500] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.929304][ T1369] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.978535][ T1369] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.029527][ T1369] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.054584][T29749] chnl_net:caif_netlink_parms(): no params data found
[  388.076995][ T1369] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.139690][T29749] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.146915][T29749] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.154701][T29749] bridge_slave_0: entered allmulticast mode
[  388.161220][T29749] bridge_slave_0: entered promiscuous mode
[  388.176692][T29749] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.184193][T29749] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.200204][T29749] bridge_slave_1: entered allmulticast mode
[  388.212007][T29749] bridge_slave_1: entered promiscuous mode
[  388.215188][T29777] sd 0:0:1:0: device reset
[  388.254854][T29749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  388.278516][T29749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  388.302034][T29786] syz_tun: entered allmulticast mode
[  388.318881][T29749] team0: Port device team_slave_0 added
[  388.325257][ T1369] bridge_slave_1: left allmulticast mode
[  388.330915][ T1369] bridge_slave_1: left promiscuous mode
[  388.336732][ T1369] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.345113][ T1369] bridge_slave_0: left allmulticast mode
[  388.350769][ T1369] bridge_slave_0: left promiscuous mode
[  388.356825][ T1369] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.447533][ T1369] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.458443][ T1369] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.468816][ T1369] bond0 (unregistering): Released all slaves
[  388.478785][T29749] team0: Port device team_slave_1 added
[  388.488018][T29785] syz_tun: left allmulticast mode
[  388.516072][T29749] batman_adv: batadv0: Adding interface: batadv_slave_0
[  388.523036][T29749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.549026][T29749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.571374][T29749] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.578394][T29749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.604415][T29749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.624955][ T1369] hsr_slave_0: left promiscuous mode
[  388.630851][ T1369] hsr_slave_1: left promiscuous mode
[  388.638040][ T1369] batman_adv: batadv0: Removing interface: batadv_slave_0
[  388.645709][ T1369] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  388.653111][ T1369] batman_adv: batadv0: Removing interface: batadv_slave_1
[  388.663924][ T1369] veth1_macvtap: left promiscuous mode
[  388.669545][ T1369] veth0_macvtap: left promiscuous mode
[  388.675141][ T1369] veth1_vlan: left promiscuous mode
[  388.680450][ T1369] veth0_vlan: left promiscuous mode
[  388.783837][ T1369] team0 (unregistering): Port device team_slave_1 removed
[  388.797683][ T1369] team0 (unregistering): Port device team_slave_0 removed
[  388.866559][T29749] hsr_slave_0: entered promiscuous mode
[  388.879610][T29749] hsr_slave_1: entered promiscuous mode
[  388.891472][T29749] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  388.908919][T29749] Cannot create hsr debugfs directory
[  389.071415][T29822] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3780'.
[  389.217601][   T29] kauditd_printk_skb: 172 callbacks suppressed
[  389.217614][   T29] audit: type=1400 audit(1728356264.942:18963): avc:  denied  { write } for  pid=29833 comm="syz.1.3783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  389.290258][T29749] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  389.316430][T29749] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  389.335262][T29749] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  389.365149][T29749] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  389.413932][T29860] sd 0:0:1:0: device reset
[  389.433745][   T29] audit: type=1326 audit(1728356265.142:18964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.437240][T29749] 8021q: adding VLAN 0 to HW filter on device bond0
[  389.457385][   T29] audit: type=1326 audit(1728356265.142:18965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.487689][   T29] audit: type=1326 audit(1728356265.142:18966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.504168][T29749] 8021q: adding VLAN 0 to HW filter on device team0
[  389.511368][   T29] audit: type=1326 audit(1728356265.152:18967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.541589][   T29] audit: type=1326 audit(1728356265.152:18968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.542679][ T1848] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.565380][   T29] audit: type=1326 audit(1728356265.152:18969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.572383][ T1848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.595905][   T29] audit: type=1326 audit(1728356265.152:18970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.626967][   T29] audit: type=1326 audit(1728356265.152:18971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29866 comm="syz.0.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  389.674239][T29749] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  389.684671][T29749] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  389.699382][ T1848] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.706509][ T1848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.759377][T29890] syz_tun: entered allmulticast mode
[  389.770773][T29749] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.790884][T29887] syz_tun: left allmulticast mode
[  389.929750][T29749] veth0_vlan: entered promiscuous mode
[  389.945303][   T29] audit: type=1326 audit(1728356265.672:18972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29926 comm="syz.2.3802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd748e0dff9 code=0x7ffc0000
[  389.976186][T29749] veth1_vlan: entered promiscuous mode
[  390.006751][T29930] sd 0:0:1:0: device reset
[  390.008264][T29749] veth0_macvtap: entered promiscuous mode
[  390.043538][T29749] veth1_macvtap: entered promiscuous mode
[  390.063393][T29939] syz_tun: entered allmulticast mode
[  390.078502][T29749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.089237][T29749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.115131][T29749] batman_adv: batadv0: Interface activated: batadv_slave_0
[  390.123798][T29938] syz_tun: left allmulticast mode
[  390.147358][T29749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.158046][T29749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.167964][T29749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.178423][T29749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.188336][T29749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.198861][T29749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.208874][T29749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.213554][T29948] sd 0:0:1:0: device reset
[  390.219310][T29749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.229580][T29749] batman_adv: batadv0: Interface activated: batadv_slave_1
[  390.242980][T29749] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  390.251849][T29749] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  390.260727][T29749] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  390.269517][T29749] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  390.389173][T29968] syz_tun: entered allmulticast mode
[  390.407747][T29966] syz_tun: left allmulticast mode
[  390.566130][T29988] FAULT_INJECTION: forcing a failure.
[  390.566130][T29988] name failslab, interval 1, probability 0, space 0, times 0
[  390.578849][T29988] CPU: 1 UID: 0 PID: 29988 Comm: syz.0.3829 Tainted: G        W          6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  390.591113][T29988] Tainted: [W]=WARN
[  390.595027][T29988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  390.605088][T29988] Call Trace:
[  390.608428][T29988]  <TASK>
[  390.611354][T29988]  dump_stack_lvl+0xf2/0x150
[  390.615994][T29988]  dump_stack+0x15/0x20
[  390.620185][T29988]  should_fail_ex+0x223/0x230
[  390.625023][T29988]  ? iter_file_splice_write+0x102/0x980
[  390.630652][T29988]  should_failslab+0x8f/0xb0
[  390.635328][T29988]  __kmalloc_noprof+0xa5/0x370
[  390.640157][T29988]  iter_file_splice_write+0x102/0x980
[  390.645570][T29988]  ? __traceiter_kfree+0x2b/0x50
[  390.650592][T29988]  ? copy_splice_read+0x597/0x5d0
[  390.655656][T29988]  ? __pfx_iter_file_splice_write+0x10/0x10
[  390.661659][T29988]  direct_splice_actor+0x160/0x2c0
[  390.666910][T29988]  splice_direct_to_actor+0x302/0x670
[  390.672289][T29988]  ? __pfx_direct_splice_actor+0x10/0x10
[  390.677975][T29988]  do_splice_direct+0xd7/0x150
[  390.682808][T29988]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  390.688805][T29988]  do_sendfile+0x39b/0x970
[  390.693239][T29988]  __x64_sys_sendfile64+0x110/0x150
[  390.698467][T29988]  x64_sys_call+0xed5/0x2d60
[  390.703086][T29988]  do_syscall_64+0xc9/0x1c0
[  390.707726][T29988]  ? clear_bhb_loop+0x55/0xb0
[  390.712551][T29988]  ? clear_bhb_loop+0x55/0xb0
[  390.717242][T29988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.723220][T29988] RIP: 0033:0x7f26be29dff9
[  390.727688][T29988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.747297][T29988] RSP: 002b:00007f26bcf17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  390.755704][T29988] RAX: ffffffffffffffda RBX: 00007f26be455f80 RCX: 00007f26be29dff9
[  390.763813][T29988] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  390.771772][T29988] RBP: 00007f26bcf17090 R08: 0000000000000000 R09: 0000000000000000
[  390.779805][T29988] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000001
[  390.787840][T29988] R13: 0000000000000000 R14: 00007f26be455f80 R15: 00007ffeac478cb8
[  390.795892][T29988]  </TASK>
[  390.912241][ T3344] IPVS: starting estimator thread 0...
[  390.917195][T30002] syz_tun: entered allmulticast mode
[  390.930790][T30001] syz_tun: left allmulticast mode
[  391.079316][T30003] IPVS: using max 3024 ests per chain, 151200 per kthread
[  391.193252][T30027] netlink: 'syz.0.3840': attribute type 10 has an invalid length.
[  391.201500][T30027] team0: Device hsr_slave_0 failed to register rx_handler
[  391.295562][T30026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3845'.
[  391.304829][T30026] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3845'.
[  391.513043][T30036] syz_tun: entered allmulticast mode
[  391.792185][T30040] FAULT_INJECTION: forcing a failure.
[  391.792185][T30040] name failslab, interval 1, probability 0, space 0, times 0
[  391.804902][T30040] CPU: 1 UID: 0 PID: 30040 Comm: syz.4.3849 Tainted: G        W          6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  391.817541][T30040] Tainted: [W]=WARN
[  391.821381][T30040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  391.831448][T30040] Call Trace:
[  391.834733][T30040]  <TASK>
[  391.837753][T30040]  dump_stack_lvl+0xf2/0x150
[  391.842378][T30040]  dump_stack+0x15/0x20
[  391.846557][T30040]  should_fail_ex+0x223/0x230
[  391.851385][T30040]  ? security_prepare_creds+0x53/0x120
[  391.856847][T30040]  should_failslab+0x8f/0xb0
[  391.861470][T30040]  __kmalloc_noprof+0xa5/0x370
[  391.866247][T30040]  security_prepare_creds+0x53/0x120
[  391.871560][T30040]  prepare_creds+0x346/0x480
[  391.876149][T30040]  lookup_user_key+0x213/0xdf0
[  391.880951][T30040]  ? should_fail_ex+0xd7/0x230
[  391.885725][T30040]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  391.891892][T30040]  __se_sys_add_key+0x24b/0x320
[  391.896745][T30040]  ? fput+0x14e/0x190
[  391.900737][T30040]  __x64_sys_add_key+0x67/0x80
[  391.905615][T30040]  x64_sys_call+0x157d/0x2d60
[  391.910304][T30040]  do_syscall_64+0xc9/0x1c0
[  391.914840][T30040]  ? clear_bhb_loop+0x55/0xb0
[  391.919544][T30040]  ? clear_bhb_loop+0x55/0xb0
[  391.924422][T30040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.930371][T30040] RIP: 0033:0x7f822176dff9
[  391.934825][T30040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.954509][T30040] RSP: 002b:00007f82203e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  391.963082][T30040] RAX: ffffffffffffffda RBX: 00007f8221925f80 RCX: 00007f822176dff9
[  391.971057][T30040] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000020000000
[  391.979020][T30040] RBP: 00007f82203e7090 R08: fffffffffffffffe R09: 0000000000000000
[  391.987001][T30040] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000000001
[  391.995050][T30040] R13: 0000000000000000 R14: 00007f8221925f80 R15: 00007ffd005c7798
[  392.003020][T30040]  </TASK>
[  392.010088][T30034] syz_tun: left allmulticast mode
[  392.097472][T30055] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  392.122379][T30059] loop3: detected capacity change from 0 to 164
[  392.130694][T30059] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  392.162767][T30059] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  392.175425][T30059] iso9660: Corrupted directory entry in block 4 of inode 1792
[  392.218139][T30067] netlink: 'syz.1.3861': attribute type 10 has an invalid length.
[  392.238775][T30067] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.253559][T30067] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  392.354510][T30080] syz_tun: entered allmulticast mode
[  392.365357][T30078] syz_tun: left allmulticast mode
[  392.448859][T30098] netlink: 'syz.2.3864': attribute type 10 has an invalid length.
[  392.457141][T30098] team0: Device hsr_slave_0 failed to register rx_handler
[  392.868453][T30115] sd 0:0:1:0: device reset
[  393.154752][T30132] syz_tun: entered allmulticast mode
[  393.192688][T30130] syz_tun: left allmulticast mode
[  393.226379][T30146] program syz.2.3883 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  393.305982][T30160] program syz.0.3886 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  393.363585][T30168] loop3: detected capacity change from 0 to 512
[  393.396094][T30168] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.408748][T30168] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  393.431353][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.506818][   T29] kauditd_printk_skb: 141 callbacks suppressed
[  394.506830][   T29] audit: type=1326 audit(1728356270.232:19114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.536681][   T29] audit: type=1326 audit(1728356270.232:19115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.560484][   T29] audit: type=1326 audit(1728356270.232:19116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.584248][   T29] audit: type=1326 audit(1728356270.232:19117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.608081][   T29] audit: type=1326 audit(1728356270.232:19118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.631717][   T29] audit: type=1326 audit(1728356270.232:19119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.655471][   T29] audit: type=1326 audit(1728356270.232:19120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.679190][   T29] audit: type=1326 audit(1728356270.232:19121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.702890][   T29] audit: type=1326 audit(1728356270.232:19122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  394.726468][   T29] audit: type=1326 audit(1728356270.232:19123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30278 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f26be29dff9 code=0x7ffc0000
[  395.141856][T30364] loop3: detected capacity change from 0 to 512
[  395.245456][T30364] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  395.277696][T30364] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  395.287016][T30395] pimreg: entered allmulticast mode
[  395.388233][T30399] netlink: 'syz.0.3931': attribute type 10 has an invalid length.
[  395.396777][T30399] team0: Device hsr_slave_0 failed to register rx_handler
[  395.428709][T30401] pimreg: left allmulticast mode
[  395.452408][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.137704][T30436] xt_CT: You must specify a L4 protocol and not use inversions on it
[  396.166669][T30442] sd 0:0:1:0: device reset
[  396.266053][T30458] loop3: detected capacity change from 0 to 512
[  397.198719][T30511] loop3: detected capacity change from 0 to 2048
[  397.219457][T30511] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  397.257695][T30511] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3978: bg 0: block 234: padding at end of block bitmap is not set
[  397.272384][T30511] EXT4-fs (loop3): Remounting filesystem read-only
[  397.290376][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.461340][T30537] program syz.1.3986 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  397.942016][T30556] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  397.999990][T30564] pimreg: entered allmulticast mode
[  398.540922][T30585] loop3: detected capacity change from 0 to 512
[  398.555866][T30585] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.4006: bg 0: block 5: invalid block bitmap
[  398.577851][T30585] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  398.596571][T30585] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4006: invalid indirect mapped block 3 (level 2)
[  398.617056][T30585] EXT4-fs (loop3): 1 orphan inode deleted
[  398.622838][T30585] EXT4-fs (loop3): 1 truncate cleaned up
[  398.636927][T30585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.719677][T30598] program syz.3.4006 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  398.941998][T30614] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  399.349081][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.393692][T30632] loop3: detected capacity change from 0 to 512
[  399.421755][T30632] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.435438][T30632] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  399.460389][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.642143][   T29] kauditd_printk_skb: 298 callbacks suppressed
[  399.648383][   T29] audit: type=1326 audit(1728356275.399:19422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30647 comm="syz.3.4033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x0
[  399.696160][   T29] audit: type=1326 audit(1728356275.461:19423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.721960][   T29] audit: type=1326 audit(1728356275.461:19424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.745711][   T29] audit: type=1326 audit(1728356275.461:19425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.769293][   T29] audit: type=1326 audit(1728356275.461:19426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.793104][   T29] audit: type=1326 audit(1728356275.461:19427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.816918][   T29] audit: type=1326 audit(1728356275.492:19428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.840598][   T29] audit: type=1326 audit(1728356275.492:19429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.865278][   T29] audit: type=1326 audit(1728356275.502:19430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  399.889043][   T29] audit: type=1326 audit(1728356275.502:19431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30652 comm="syz.4.4036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f822176dff9 code=0x7ffc0000
[  400.045177][T30705] xt_CT: You must specify a L4 protocol and not use inversions on it
[  400.177174][T30728] program syz.2.4051 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  400.262712][T30741] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4055'.
[  400.276765][T30741] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=30741 comm=syz.1.4055
[  401.140013][T30874] program syz.1.4067 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  401.342973][T30884] loop3: detected capacity change from 0 to 512
[  401.351468][T30884] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.4071: bg 0: block 5: invalid block bitmap
[  401.364564][T30884] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  401.373413][T30884] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4071: invalid indirect mapped block 3 (level 2)
[  401.387659][T30884] EXT4-fs (loop3): 1 orphan inode deleted
[  401.393672][T30884] EXT4-fs (loop3): 1 truncate cleaned up
[  401.399713][T30884] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.468172][T30893] program syz.3.4071 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  401.531770][T30901] EXT4-fs (sda1): resizing filesystem from 262144 to 2 blocks
[  401.539303][T30901] EXT4-fs warning (device sda1): ext4_resize_fs:2042: can't shrink FS - resize aborted
[  401.630917][T30902] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4078'.
[  401.709449][T30910] xt_CT: You must specify a L4 protocol and not use inversions on it
[  401.804920][T30927] pimreg: entered allmulticast mode
[  401.811248][T30927] pimreg: left allmulticast mode
[  401.985164][T30956] pimreg: entered allmulticast mode
[  401.992225][T30956] pimreg: left allmulticast mode
[  402.168517][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.205776][T30963] loop3: detected capacity change from 0 to 512
[  402.239153][T30963] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.257729][T30963] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  402.290003][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.406887][T30976] loop3: detected capacity change from 0 to 512
[  402.421997][T30976] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.4110: bg 0: block 5: invalid block bitmap
[  402.435732][T30976] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  402.445036][T30976] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4110: invalid indirect mapped block 3 (level 2)
[  402.459795][T30976] EXT4-fs (loop3): 1 orphan inode deleted
[  402.465587][T30976] EXT4-fs (loop3): 1 truncate cleaned up
[  402.472789][T30976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.540972][T30978] program syz.3.4110 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  402.799734][T30983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4112'.
[  402.808726][T30983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4112'.
[  403.224762][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.249795][T31020] xt_CT: You must specify a L4 protocol and not use inversions on it
[  403.344168][T31022] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4129'.
[  403.353246][T31022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4129'.
[  403.370221][T31032] pimreg: entered allmulticast mode
[  403.376272][T31032] pimreg: left allmulticast mode
[  403.481131][T31045] loop3: detected capacity change from 0 to 512
[  403.494618][T31045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.507277][T31045] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  403.534140][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.564237][T31049] loop3: detected capacity change from 0 to 512
[  403.576427][T31049] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.4139: bg 0: block 5: invalid block bitmap
[  403.589414][T31049] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  403.598465][T31049] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4139: invalid indirect mapped block 3 (level 2)
[  403.612342][T31049] EXT4-fs (loop3): 1 orphan inode deleted
[  403.618118][T31049] EXT4-fs (loop3): 1 truncate cleaned up
[  403.624365][T31049] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  403.692940][T31056] program syz.3.4139 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  403.910973][T31066] netlink: 'syz.4.4140': attribute type 10 has an invalid length.
[  403.928434][T31066] team0: Device hsr_slave_0 failed to register rx_handler
[  404.032638][T31061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4143'.
[  404.041593][T31061] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4143'.
[  404.213864][T31083] program syz.1.4151 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  404.390146][T29749] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.523439][   T29] kauditd_printk_skb: 212 callbacks suppressed
[  404.523452][   T29] audit: type=1326 audit(1728356280.413:19644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.558646][   T29] audit: type=1326 audit(1728356280.443:19645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.582456][   T29] audit: type=1326 audit(1728356280.443:19646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.606409][   T29] audit: type=1326 audit(1728356280.443:19647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.630030][   T29] audit: type=1326 audit(1728356280.443:19648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.653865][   T29] audit: type=1326 audit(1728356280.443:19649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.677600][   T29] audit: type=1326 audit(1728356280.443:19650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.701379][   T29] audit: type=1326 audit(1728356280.443:19651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.725079][   T29] audit: type=1326 audit(1728356280.443:19652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.749369][   T29] audit: type=1326 audit(1728356280.443:19653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31092 comm="syz.3.4154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20346ddff9 code=0x7ffc0000
[  404.793710][T31099] ==================================================================
[  404.801895][T31099] BUG: KCSAN: data-race in file_update_time / inode_update_timestamps
[  404.810053][T31099] 
[  404.812371][T31099] write to 0xffff88812699ef78 of 4 bytes by task 31095 on cpu 1:
[  404.820082][T31099]  inode_update_timestamps+0xaf/0x280
[  404.825454][T31099]  file_update_time+0x220/0x2b0
[  404.830302][T31099]  fault_dirty_shared_page+0xde/0x340
[  404.835678][T31099]  handle_mm_fault+0x1370/0x2a80
[  404.840609][T31099]  exc_page_fault+0x296/0x650
[  404.845377][T31099]  asm_exc_page_fault+0x26/0x30
[  404.850239][T31099]  rep_movs_alternative+0x4a/0x70
[  404.855283][T31099]  _copy_to_iter+0x137/0xd20
[  404.859870][T31099]  get_random_bytes_user+0x112/0x260
[  404.865155][T31099]  __x64_sys_getrandom+0xb5/0x190
[  404.870176][T31099]  x64_sys_call+0x2887/0x2d60
[  404.874865][T31099]  do_syscall_64+0xc9/0x1c0
[  404.879370][T31099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.885277][T31099] 
[  404.887595][T31099] read to 0xffff88812699ef78 of 4 bytes by task 31099 on cpu 0:
[  404.895218][T31099]  file_update_time+0xfe/0x2b0
[  404.899988][T31099]  shmem_file_write_iter+0x99/0xe0
[  404.905090][T31099]  iter_file_splice_write+0x5f1/0x980
[  404.910467][T31099]  direct_splice_actor+0x160/0x2c0
[  404.915574][T31099]  splice_direct_to_actor+0x302/0x670
[  404.920950][T31099]  do_splice_direct+0xd7/0x150
[  404.925793][T31099]  do_sendfile+0x39b/0x970
[  404.930199][T31099]  __x64_sys_sendfile64+0x110/0x150
[  404.935393][T31099]  x64_sys_call+0xed5/0x2d60
[  404.939981][T31099]  do_syscall_64+0xc9/0x1c0
[  404.944472][T31099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.950364][T31099] 
[  404.952696][T31099] value changed: 0x28741f72 -> 0x290ff2b9
[  404.958425][T31099] 
[  404.960759][T31099] Reported by Kernel Concurrency Sanitizer on:
[  404.966904][T31099] CPU: 0 UID: 0 PID: 31099 Comm: syz.2.4155 Tainted: G        W          6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  404.979153][T31099] Tainted: [W]=WARN
[  404.982943][T31099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  404.992989][T31099] ==================================================================