last executing test programs:

10m35.630084016s ago: executing program 2 (id=481):
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setitimer(0x2, 0x0, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542f8000880f4000080060005000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014100200ff02000000000000000000000000000105c9900003000000000028000080060001000a00000014000200fc02000000000000000000000000000005000300000000001c000080060001000200000008000200e000000105000300000000001c000080060001000200000008000200ac1414"], 0x138}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000000)={0x6, 'batadv0\x00', {}, 0x105})
unlink(&(0x7f0000000040)='./file0\x00')
syz_clone(0x1008200, &(0x7f0000000080)="de825e0806507ffbb702bc26a892c2b7258850c3654ab2ee9120dec8b450def24aabddae7354d4b19baf9d5627ba5c79c89db874397f9e206b115121284ba9fe342cf3ea5003159b7b9f2636fa39df7ad823f4255a3d3415c3159333718807ab6bbd39b5b5543b74dadb3edb4c7619f0a1ee530593c9bf91d07e8e5f6c5d656e64d77f159a3250ca8a86ef83a270b0", 0x8f, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="22fbc3dc79b0a3c446db53be50116b2cafed")
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_genetlink_get_family_id$ethtool(0x0, r2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x40040)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0x2b1})

10m34.562433893s ago: executing program 2 (id=485):
clock_gettime(0x0, &(0x7f0000000040))
clock_settime(0x3, 0x0)

10m33.272143733s ago: executing program 2 (id=489):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0xb)
read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020)

10m32.080573632s ago: executing program 2 (id=493):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x7, 0x8000, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

10m31.729212717s ago: executing program 2 (id=495):
ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1)
socket$inet6_udplite(0xa, 0x2, 0x88)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})

10m30.494345147s ago: executing program 2 (id=498):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000040)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c73686f72746e616d653d6d697865642c756e695f786c6174653d302c696f636861727365743d63703933362c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c636f6465706167653d3733372c73686f72746e616d653d77696e6e742c696f636861727365743d6d61637475726b6973682c73686f72746e616d653d6d697865642c757466383d302c756e695f786c617465001d18"], 0x83, 0x371, &(0x7f0000000200)="$eJzs3U9oHFUYAPBvO5vdpFCTg1AUxNGboKGteNCLKSWFYi4qi38O4mJTlexa2MXF9tBtvIhHwaOevPWgBw89i6CINw9erSBV8aA9WbA6Mruzm93sJk3AbbX+fofhy3vvm/e9zJJMJuzbl1di4/RcnLl27WrMz5eivHJiJa6XYimSGLgYkypT2gCA/4brWRa/ZX17TCn1jslMywIAZqj3+//VQyMtb3+x2/isNAz/nGVdAMDsFH//L+w2Zn6njrMzKQkAmLGJ5/8PjnVXxv/VX/bYHwDuAM++8OJTx9cinknT+YjmO51apxZPbPUfPxOvRyPW40gsxo2I/o1Cfij1jidPra0eSdO0Gz8uRS3P6NQimt1OrX+ncDzp5VfjaCzGUpFf3G1kWZac/HRt9WjaExEXu735o1nq1ObiYDH/dwdjPY5FGndP5EecWls9lhYnqDUH+d2Iza3nFnn9y7EY37wSZ6MRpyPPrUT8np9hbfXC0TQ9ka2N5Xdq1d64vp2egLRmd2EAAAAAAAAAAAAAAAAAAAAAALijLadDS8P9b7Kt/XuWl6f0RzPp1Pr5xf5Am/39gbJqFln261uP1N5NYmx/oO3783Rq5Thwe5cOAAAAAAAAAAAAAAAAAAAA/xrtc5WoNxrrrfa58xujQbfVPncgIvKWN776+POFmBxzk6BczDHSlRZN5zfqWTIYnCVjY4ogyScftFy6nGct5IfRMdXhKqaWUd25q9E49MAPH2y13JcMzvzXgWFWEtMXmGwrYzRo3tUvaT/fqGFw7CZjrmRZtlP6hZcms6IUUd7/hds9yPLgy6uv3fNo+/BjvZbPsr6HHl587sr7H/28UW/kM0fvClZa7RvZRr34OuqXqvuZNBl5/ZSiHwxO1RtT3i19c7ylnnz7y/P3vvf13mbPRlvenDImr63eaHyyvavSD/Iyt3UtTJtrbrDAJ4cvm/v7Z15vtcv/2IU7/OFK/fKF73/aa9bIDwkbdQAAAAAAAAAAAAAAAAAAwC0x8l7xQvFm37ndsh5/evaVAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCts/X5/yPB5kTLXoI/ujHZVV1vtSMqt3uZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8z/0dAAD//+JLbdg=")

10m15.299294145s ago: executing program 32 (id=498):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000040)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c73686f72746e616d653d6d697865642c756e695f786c6174653d302c696f636861727365743d63703933362c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c636f6465706167653d3733372c73686f72746e616d653d77696e6e742c696f636861727365743d6d61637475726b6973682c73686f72746e616d653d6d697865642c757466383d302c756e695f786c617465001d18"], 0x83, 0x371, &(0x7f0000000200)="$eJzs3U9oHFUYAPBvO5vdpFCTg1AUxNGboKGteNCLKSWFYi4qi38O4mJTlexa2MXF9tBtvIhHwaOevPWgBw89i6CINw9erSBV8aA9WbA6Mruzm93sJk3AbbX+fofhy3vvm/e9zJJMJuzbl1di4/RcnLl27WrMz5eivHJiJa6XYimSGLgYkypT2gCA/4brWRa/ZX17TCn1jslMywIAZqj3+//VQyMtb3+x2/isNAz/nGVdAMDsFH//L+w2Zn6njrMzKQkAmLGJ5/8PjnVXxv/VX/bYHwDuAM++8OJTx9cinknT+YjmO51apxZPbPUfPxOvRyPW40gsxo2I/o1Cfij1jidPra0eSdO0Gz8uRS3P6NQimt1OrX+ncDzp5VfjaCzGUpFf3G1kWZac/HRt9WjaExEXu735o1nq1ObiYDH/dwdjPY5FGndP5EecWls9lhYnqDUH+d2Iza3nFnn9y7EY37wSZ6MRpyPPrUT8np9hbfXC0TQ9ka2N5Xdq1d64vp2egLRmd2EAAAAAAAAAAAAAAAAAAAAAALijLadDS8P9b7Kt/XuWl6f0RzPp1Pr5xf5Am/39gbJqFln261uP1N5NYmx/oO3783Rq5Thwe5cOAAAAAAAAAAAAAAAAAAAA/xrtc5WoNxrrrfa58xujQbfVPncgIvKWN776+POFmBxzk6BczDHSlRZN5zfqWTIYnCVjY4ogyScftFy6nGct5IfRMdXhKqaWUd25q9E49MAPH2y13JcMzvzXgWFWEtMXmGwrYzRo3tUvaT/fqGFw7CZjrmRZtlP6hZcms6IUUd7/hds9yPLgy6uv3fNo+/BjvZbPsr6HHl587sr7H/28UW/kM0fvClZa7RvZRr34OuqXqvuZNBl5/ZSiHwxO1RtT3i19c7ylnnz7y/P3vvf13mbPRlvenDImr63eaHyyvavSD/Iyt3UtTJtrbrDAJ4cvm/v7Z15vtcv/2IU7/OFK/fKF73/aa9bIDwkbdQAAAAAAAAAAAAAAAAAAwC0x8l7xQvFm37ndsh5/evaVAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCts/X5/yPB5kTLXoI/ujHZVV1vtSMqt3uZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8z/0dAAD//+JLbdg=")

9m47.334531214s ago: executing program 3 (id=586):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000a00)={'ip6_vti0\x00', &(0x7f0000000500)=@ethtool_rxfh={0x46, 0x40, 0x5, 0x400, 0x3, "67489e", 0x9, [0x0, 0x6, 0x7fffffff, 0x4, 0x8, 0x8, 0x59c5]}})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x11, 0x4, 0x2008, 0x5}, 0x50)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

9m46.382282129s ago: executing program 3 (id=588):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000380))
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x890b, &(0x7f0000000080)={0xffffc0fe, 'erspan0\x00', {}, 0x20})
getsockopt(r2, 0xffffffff, 0x3f6d, &(0x7f00000002c0)=""/100, 0x0)

9m44.657503336s ago: executing program 3 (id=591):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes256, 0x2, @desc3})
chdir(&(0x7f0000000000)='./file0\x00')
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6695d4982a83b71b906769e737201ac6b7a7804454156569cb03a5be811debc957b5831b89b59d703e748c7c", 0x25}, 0x48, 0xfffffffffffffffd)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

9m44.254862622s ago: executing program 3 (id=593):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000104000000000100000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000280012800b000100697036746e6c00001800028014000300ff"], 0x48}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x100, {0x0, 0x0, 0x0, r2, 0x100, 0x306c}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}]}}}]}, 0x3c}}, 0xeb64d656001f6f32)

9m43.940775067s ago: executing program 3 (id=595):
socket$inet6(0xa, 0x80002, 0x88)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000680)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x28, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0xf11, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0xdf6b3}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000680)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x28, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0)

9m42.685787666s ago: executing program 3 (id=598):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40041, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xb7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000009c0)={'batadv_slave_1\x00'})
rt_sigaction(0x3d, &(0x7f0000000740)={&(0x7f0000000180)="c4a129e0b26d9b00008fe9c095c90f38cb2e47ded9c4417c53480ef340df7473a5670f000bc4e1d5e4820400000044cf8f6978c26386", 0x4000007, &(0x7f00000001c0)="0f01d5c40115d23d612f0000660ff1dac4816def9e001000020fb5aea36a0000410f1c08c46141fed143fd8f4950984583458c11", {[0x2]}}, &(0x7f0000000800)={&(0x7f00000007c0)="2665f26fc4e3317ab6760c00005df3470f1efac44248f24febc4c3cdce1e548f097c80dec40281bad6c4619d7d6305660fd3213e673e0f3804a900800000", 0x0, 0x0}, 0x8, &(0x7f0000000980))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
getrusage(0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000780)='./bus\x00', 0x41, &(0x7f0000000c00)={[{@bsdgroups}, {@resgid}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@resuid}, {@auto_da_alloc}, {@noload}, {@jqfmt_vfsv1}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_open_dev$tty20(0xc, 0x4, 0x0)

9m27.496506845s ago: executing program 33 (id=598):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40041, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xb7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000009c0)={'batadv_slave_1\x00'})
rt_sigaction(0x3d, &(0x7f0000000740)={&(0x7f0000000180)="c4a129e0b26d9b00008fe9c095c90f38cb2e47ded9c4417c53480ef340df7473a5670f000bc4e1d5e4820400000044cf8f6978c26386", 0x4000007, &(0x7f00000001c0)="0f01d5c40115d23d612f0000660ff1dac4816def9e001000020fb5aea36a0000410f1c08c46141fed143fd8f4950984583458c11", {[0x2]}}, &(0x7f0000000800)={&(0x7f00000007c0)="2665f26fc4e3317ab6760c00005df3470f1efac44248f24febc4c3cdce1e548f097c80dec40281bad6c4619d7d6305660fd3213e673e0f3804a900800000", 0x0, 0x0}, 0x8, &(0x7f0000000980))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
getrusage(0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000780)='./bus\x00', 0x41, &(0x7f0000000c00)={[{@bsdgroups}, {@resgid}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@resuid}, {@auto_da_alloc}, {@noload}, {@jqfmt_vfsv1}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_open_dev$tty20(0xc, 0x4, 0x0)

2m1.011227791s ago: executing program 4 (id=1808):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
unshare(0x22020400)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)

2m0.797439725s ago: executing program 4 (id=1811):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001d00)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000007603000028feffff7a0af0fff8ffffff61a4f0ff000000005d040000000000007f000000000000002704000001ed0a002500000017ffffffce040000000000007b0300fe000000002d04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532e2df58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d85827513acd02b5a655a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f08050e46850600000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c52a2fc1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236ed200073826593c4e1a0f50a74bb482e486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c6133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc1caa80e64461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f6260a483632a2ab447f88dd6efec73a0271a19ca3aa860aa4dcaeebe3d53040b853a7c02a5fcc08b3a572969bbe91c921ac1476027772c87d172ab29967e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f522df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb000400000000000088d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb520400000000000000c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399fa5ee0b41e14a6fe6894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014fa841061e63d40f4e536314beda5738fee012365f963b2a85e7d8075c333475b9f0284405e30700000041285fbe0bdd37220e31d4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe8c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21da4fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68ad9fa2b2528798df1c36fc438d9c98f168490b41e158bb2e2d8ed19d44b9cce67c79f9f7bfae7ebe09e441745c592ce69c522b5136be09ed1b97ea3d5b317508df23e92c56fc2eb74d27d3861d91745b8fb9f6cc20e9f8b174000c62c4a2b212332a073fc5d0be7347e41454cb27e081c43e92ae7f9f046600db85d945a4666b588629ce0809d5c8506308688db21ec04d365497bf90060000000000000020726298dec1ae960e3d26cdaaa527ab9e2c41d177fdbaf462c2e45f6c261df0fa4934f81278477e00fd2eba63cf8dcbdec85fc3c6f146c53b701e446c218f02ca678b3e0bc4b5253ae32bace19fb0a10e3ff4bf0b870f399842f6966da779be2a481cac5f4f9cfa338df7640267c8c4dce6f6c41777f2606ae31230430052967bc0e3f69351c9f69363abf5bd30b875732a43413d9927435723577bdf74eb6f467dff089c14a4cae6ca551577a289d822aad77ec4701f57049e1222b692f7d8e299591925065907a6e16e962f7a886aa555b4674fdd575efcd14c8cc6edc971053695debde1bd37eb4c"], &(0x7f00000001c0)='GPL\x00'}, 0x94)

2m0.635578127s ago: executing program 4 (id=1812):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000340)={[{@nodioread_nolock}, {@min_batch_time}, {@barrier_val={'barrier', 0x3d, 0x40}}, {@nodelalloc}]}, 0x5, 0x795, &(0x7f0000000cc0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTsmgRwY2g4kLQTdf+qDu3/tjqf+FCWqqmxYoLidyZO+20mUmTNjOj5vOBmznn3js553vP/XHunMtMAHvWRPonF3EoIt5NIsay+UlEDNVTgxEnGuvdXl8rplMSGxuv/pzU17m1vlaMlvekDmSZ/0fEN29FHM415g+3lFtdWZ0vlMulpSw/VVs4P1VdWT1ybqEwV5orLR6bnpk5evyZ48d2L9Zfv189eP29l578/MTvb/7v6jvfJnEiDmbLWuPYLRMxkW2ToXQT3uPF3S6sz5J+V4CHkh6aA42jPA7FWAzUUx2M9LJmAEC3bAAAe1CiDwAAe0zzc4Bb62vF5tTfTyR668YLEbG/EX9zfLOxZDAbs9tfHwcdvZXcMzKSRMT4LpQ/EREff/n6p+kUWTu0G0szvgbstkuXI+LM+MTm83+y6ZmFnXpqq4UbjadBJu6bvdeuP9BPX6X9n2fb9f9yd/o/0ab/M9zm2H0YDz7+c9d2oZiO0v7f8y3Ptt1uiT8zPpDl/lXv8w0lZ8+VS+m57d8RMRlDw2l+ur5q+17a5M0/bnYqv7X/98v7b3ySlp++3l0jd21w+N73zA7XCo8ad9ONyxGPDbaLP7nT/kmH/u+pbZbx8nNvf9RpWRp/Gm9z2hx/d21ciXiibfvfbctky+cTp+q7w1Rzp2jjix8+HO1Ufmv7p1NafvNeoBfS9h/dOv7xpPV5zerOy/juytjXnZY9OP42+3+hVtiXvFZP78vmXSzUakvTEfuSVzbPP3r3vc18c/00/snH2x//jWLb7//pPeGZbcY/eP2nzx4+/u5K45/dUfvvPHH19vxAp/K31/4z9dRkNidt/wfFtd0KPsq2AwAAAAAAAAAAAAAAAAAAAAAAAIDtykXEwUhy+TvpXC6fb/yG939jNFeuVGuHz1aWF2ej/lvZ4zGUa37V5VjL96FOZ9+H38wfvS//dET8JyI+GB6p5/PFSnm238EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZAh9//T/043O/aAQBds7/fFQAAes71HwD2np1d/0e6Vg8AoHfc/wPA3rPt6/+Z7tYDAOgd9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02amTJ9Np47f1tWKan72wsjxfuXBktlSdzy8sF/PFytL5/FylMlcu5YuVhY7/6FLjpVypnJ+JxeWLU7VStTZVXVk9vVBZXqydPrdQmCudLg31LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L7qyup8oVwuLUlsmRhJE4PZRvsL1KffiUEb4R+eaD1LjPTn5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwN/BnAAAA//+9uipa")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$packet(r3, &(0x7f0000000240), 0x0, 0x800, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
pselect6(0x40, &(0x7f0000000980)={0x7, 0xfa70, 0xa5d, 0x4, 0x0, 0x10000, 0x3, 0x5}, &(0x7f00000009c0)={0x8, 0x100000000, 0x0, 0x1, 0x3ff, 0x4, 0x4, 0x98}, &(0x7f0000000a00)={0xf, 0x0, 0x786, 0x7c1, 0xfffffffffffffff9, 0x9e3, 0x5}, 0x0, &(0x7f0000000ac0)={0x0})
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f353b68090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

1m58.588714009s ago: executing program 4 (id=1818):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0xfdef)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

1m53.881805663s ago: executing program 4 (id=1830):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)

1m53.661922116s ago: executing program 4 (id=1831):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000", @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0xa9)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x10, &(0x7f00000000c0)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0x40047438, 0x110e22fff6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff8f, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd3e, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
write$cgroup_int(r7, &(0x7f00000001c0), 0xfffffdef)
ioctl$TUNSETOFFLOAD(r7, 0x541b, 0x0)

1m53.000740737s ago: executing program 34 (id=1831):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000", @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0xa9)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x10, &(0x7f00000000c0)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0x40047438, 0x110e22fff6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff8f, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd3e, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
write$cgroup_int(r7, &(0x7f00000001c0), 0xfffffdef)
ioctl$TUNSETOFFLOAD(r7, 0x541b, 0x0)

6.606829856s ago: executing program 6 (id=2242):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
sendmsg$inet(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)

6.446584698s ago: executing program 6 (id=2247):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000280)={0x3, 0x0, [{0x7, 0x5, 0xfffffffe, 0x6, 0x1}, {0x0, 0x4, 0xb, 0x9, 0x7}, {0xd, 0x9, 0x2, 0x8000, 0xa49}]})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x44080)

4.595982808s ago: executing program 6 (id=2254):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000001b80)=@ethtool_gstrings})
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', 0xffffffffffffffff, 0x0, 0x100}, 0xc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, 0x0, 0x0)

3.492291745s ago: executing program 0 (id=2258):
mount$fuse(0x0, 0x0, 0x0, 0x800010, &(0x7f0000000180)=ANY=[@ANYBLOB='f', @ANYRESHEX, @ANYBLOB=',rootmode=000000000000000001'])
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.491605765s ago: executing program 5 (id=2259):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000f40)=ANY=[@ANYBLOB="7a0af8ff75250000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000005000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc5605fbbf6e1671d5ace8c142451f13dbae2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651064d08dde084e0c7ffddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e13b2f9614d547244a22000000000000db453620ce72d75946c0b638d9b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef4a96279856076ff7ac9ba09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be22dda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed5441218c54d0b3e9f298392b3276fabe4cb21ee6760b8ab4406f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314d7bb31ad9713d249499ed0d8a24abd57e052888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f009900eaffffffffffffff0000000000c9b46ff99a039eda74f74fe532dcfcd2c315b626fd768dbdf00fd532575767a7bca3968f50c20cfcaf91ab14b77f87e476bcf45fff904531adea62a517702743bf3492c8952c8e1fc37674de47d5881750516404c647fe02085b1a9603227411b17b6c7bc84fdfa0cfce589550df8faeeae5ca5024b374da260be559a741d22370373392ed74a7d1aff96a5b59775237f50c6bd8e0c4a7666be5962cd0931845e6d9a03a48fe85d370d9b6b755a2f66989da880c899d4d1c6757be6baffdce49b8c81f43d933549289dd475e39f399f6822a111ed8142b5dd2c01a15c949d86bd93b58"], &(0x7f0000000100)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$inet(r4, &(0x7f0000000640)={0x0, 0x7000000, 0x0}, 0x0)

3.490988605s ago: executing program 6 (id=2260):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8a"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r1}, 0x10)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)

3.329541648s ago: executing program 1 (id=2261):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r0}, 0x18)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

3.296871498s ago: executing program 5 (id=2262):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

3.17195287s ago: executing program 0 (id=2263):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socketpair(0x28, 0x2, 0x0, &(0x7f0000000040))

3.085255492s ago: executing program 1 (id=2264):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
socket(0x1e, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3.084661011s ago: executing program 5 (id=2265):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000280)={0x3, 0x0, [{0x7, 0x5, 0xfffffffe, 0x6, 0x1}, {0x0, 0x4, 0xb, 0x9, 0x7}, {0xd, 0x9, 0x2, 0x8000, 0xa49}]})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x44080)

3.049341712s ago: executing program 6 (id=2266):
getdents64(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a20fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
syz_open_dev$tty1(0xc, 0x4, 0x1)

2.903990104s ago: executing program 0 (id=2267):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r1}, 0x10)
close(r0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110c23003f)
write$cgroup_devices(r0, &(0x7f0000000bc0)=ANY=[], 0xa)

2.778001786s ago: executing program 7 (id=2268):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r1=>r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xff48, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32=r1, @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r4}, &(0x7f0000000000), &(0x7f00000005c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000100000000010"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0x2, 0x1, 0x6, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0e00000004000005a300080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ff7671036b000008000000b70400000000925fdfd77068292681fb4dee8500b9f0b62a7a5872f6cb57dd04001434b75c5298048dab3b3ced8f50daceb2614a30065d1851b016b61517b3ee0d59b1c0171a3bc0a4dc55b6b1a4103e3c315ec95fa12a966a8405d81d5199b00685b68f4924e726a4b1421d871c7195e295cade601911fae7fe4ade38fe6c1e91534e905ab3ac36e5b45f80597e1d3ccd4fbaaa00"/211], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r8}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r9, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)

1.985372399s ago: executing program 1 (id=2269):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x2, &(0x7f0000000ac0), 0x300}, 0x3)

1.87754859s ago: executing program 7 (id=2270):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@fallback=r0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

1.841185731s ago: executing program 1 (id=2271):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000001b80)=@ethtool_gstrings})
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', 0xffffffffffffffff, 0x0, 0x100}, 0xc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, 0x0, 0x0)

1.818942071s ago: executing program 5 (id=2272):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)

1.749364932s ago: executing program 7 (id=2273):
socket(0x8000000010, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)

1.693078513s ago: executing program 0 (id=2274):
mount$fuse(0x0, 0x0, 0x0, 0x800010, &(0x7f0000000180)=ANY=[@ANYBLOB='f', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100'])
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

746.821098ms ago: executing program 7 (id=2275):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c25000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10)
close(r0)

689.542969ms ago: executing program 5 (id=2276):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_clone(0x40020000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x10)

683.959269ms ago: executing program 6 (id=2277):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
fcntl$setpipe(r0, 0x407, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
preadv(r4, &(0x7f0000001240)=[{&(0x7f0000001300)=""/231, 0xe7}], 0x1, 0xe12, 0x200000c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)

567.472601ms ago: executing program 1 (id=2278):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880bbb9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000200)=r3, 0x4)

453.213413ms ago: executing program 1 (id=2279):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x21000e, &(0x7f0000000180)={[{@nolazytime}, {@abort}, {@lazytime}, {@mblk_io_submit}, {@noauto_da_alloc}]}, 0xde, 0x53b, &(0x7f0000000e00)="$eJzs3c1vI2cZAPBnJnbIdlOSAodSqR+ii3YrWHvT0Dbi0BaBuFUClfsSJd4oWme9ip12E1WQFX8AEkJQiRMnLkjcuCCh/RMQUiX2jgCBEGzhwAEYNOPxNmvG2cD6Y5X8ftJrv/OOPc/zOvb4nY94AjizXoiINyNiLiJeioilsj0tSxz2S/64D++9t5GXvPntvySRlG0RRfW+8+XTFvp3lbr7B9fX2+3Wbjnd7O3cbHb3Dy5v76xvtbZaN1ZXV15de23tlbUrY+ln3q/Xv/KHH3z3J199/Zeff/e3V/906Vt50l8u5w/6NT7Fqxd3i9t6/lrcV4uI3fEGm5m5sj/1WScCAMCJ5KPUT0TEZ4rx/1LMFaO5wvCQbmH62QEAAADjkL2xGP9MIjIAAADg1HojIhYjSRvluQCLkaaNRv8c3k/FE2m70+197lpn78ZmPi9iOerpte1260p5Tu1y1JN8eqWofzT98tD0akQ8FRHfXzpXTDc2Ou3NWe/8AAAAgDPi/ND2/9+X+tv/AAAAwCmzPOsEAAAAgIkbtf2fTDkPAAAAYHIc/wcAAIBT7WtvvZWXbHD968139veud965vNnqXm/s7G00Njq7Nxtbnc5W8Zt9O8ctqx4R7U7n5hci9m41e61ur9ndP7i609m70bu67fqBAAAAMCtPPX/nbhIRh188V5TcfH4zN+IJzhWAUyMd0V75Mf/9ZHMBpmvU1/wJzI8zD2D6arNOAJidw1knAMzaAz/1UTEoOHryzgP7DH41uZwAAIDxuvjpO3e/XXH8v1aezw+cXqOO/wOn3yMc/89l48oDmD7H/+HsqsdctnTiR9+eaC7AbDzsUh8jf7yj6vh/5ZnBWfbQZQEAABO1WJTn00Z5LHAx0rTRiHiy+B/genJtu926EhEfj4jfLNU/lk+vFM9MXB4QAAAAAAAAAAAAAAAAAAAAAAAAAE4oy5LIAAAAgFMtIv1jUl7/6+LShcXh/QPzyT+KywPOR8S7P3r7h7fWe73dlbz9r/fbe++X7S/PYg8GAAAAnEW1Y+cOttMH2/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAME4f3ntvY1CmGffPX4qI5ar4tVgo7heiHhFP/C2J2pHnJRExN4b4h7cj4umq+EmeViyXWQzHTyPi3HTiP5tlWWX882OID2fZnXz982bV5y+NF4r76s9/rSyP6oH13/zPj8xJ76//5kas/548YYxnPvhZc2T82xHP1KrXP4P4yYj4L1YtsOJF+eY3Dg7+q7G/8Mh+HHGx8vsneSBWs7dzs9ndP7i8vbO+1dpq3VhdXXl17bW1V9auNK9tt1vlbVWI+N6zv/j3UPR/ZX1F/6MfP6rWv8f1/0JeqR9pzIbDlME+uHXvk/1qfWgRRfxLL1a//54+Jn7+nvhs+T2Qz784qB/260c999NfP1eZWBl/c8Tr/7C//6VRCx3y0te/87sTPhQAmILBKGu3u39wfb3dbk2s8n6WZRMO8X9UIj3pg4vhYkTMPufJVGqTficsPC49nXLlwuORxv9SGceeLQAA4HHz0aB/1pkAAAAAAAAAAAAAAAAAAADA2dXdj3TSPyc2HPNwNl0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjWfwIAAP//nJjX8w==")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff85000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x80001, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
r4 = socket(0x11, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'gre0\x00'})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bind$packet(r4, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r4, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="02017d29012918000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0aba61f6304a80500ffffca88faca"], 0xdd12}], 0x1}, 0x0)

431.801823ms ago: executing program 0 (id=2280):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x0)
close(r0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0xf)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)

365.182454ms ago: executing program 7 (id=2281):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x280b40, 0x0)
getpid()
close(r3)
ioctl$SIOCSIFHWADDR(r3, 0x8914, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

117.515488ms ago: executing program 5 (id=2282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0xfdd, 0x18}, 0xc)

89.482638ms ago: executing program 7 (id=2283):
socket(0x8000000010, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000340)=0x61, 0x4)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=2284):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = getpid()
prlimit64(r6, 0xa, 0x0, &(0x7f0000000280))
write$uinput_user_dev(r1, &(0x7f0000000a80)={'syz1\x00', {0xfffd}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x185], [0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb10, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x4, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0xffffff80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4a9c, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ec2, 0x0, 0x0, 0x4]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x2)

kernel console output (not intermixed with test programs):

p4): unmounting filesystem.
[  169.429515][ T5141] loop3: detected capacity change from 0 to 40427
[  169.452751][ T5141] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  169.471216][ T5141] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  169.522986][ T5141] F2FS-fs (loop3): invalid crc value
[  169.583953][ T5141] F2FS-fs (loop3): Found nat_bits in checkpoint
[  169.767544][ T5141] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  169.776372][ T5141] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  169.802693][   T26] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  169.828864][ T5170] syz.1.189[5170] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  169.828961][ T5170] syz.1.189[5170] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  169.852065][ T5170] loop1: detected capacity change from 0 to 1024
[  169.870628][ T5170] EXT4-fs: Ignoring removed oldalloc option
[  169.876697][ T5170] journal_path: Lookup failure for './file1'
[  169.882757][ T5170] EXT4-fs: error: could not find journal device path
[  169.911789][   T27] audit: type=1800 audit(1753006124.661:7): pid=5141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.181" name="file1" dev="loop3" ino=10 res=0 errno=0
[  169.992769][   T26] usb 3-1: Using ep0 maxpacket: 16
[  170.000093][   T26] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  170.028734][   T26] usb 3-1: config 1 has no interface number 0
[  170.038868][   T26] usb 3-1: config 1 interface 105 has no altsetting 0
[  170.234181][   T26] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  170.243535][   T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.251565][   T26] usb 3-1: Product: syz
[  170.256162][   T26] usb 3-1: Manufacturer: syz
[  170.260862][   T26] usb 3-1: SerialNumber: syz
[  170.660171][   T26] aqc111: probe of 3-1:1.105 failed with error -22
[  170.796544][ T5182] netlink: 56 bytes leftover after parsing attributes in process `syz.1.195'.
[  170.906421][   T22] usb 3-1: USB disconnect, device number 2
[  172.331182][ T5199] overlayfs: failed to resolve './file1': -2
[  172.699266][ T5204] loop3: detected capacity change from 0 to 2048
[  172.768135][ T5204] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  173.266276][ T5207] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set
[  173.381080][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  175.611382][ T5229] loop3: detected capacity change from 0 to 512
[  175.643385][ T5229] EXT4-fs: Ignoring removed mblk_io_submit option
[  175.666677][ T5229] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  175.682570][ T5229] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  175.726632][ T5229] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  175.743428][ T5233] random: crng reseeded on system resumption
[  175.772727][ T5229] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  175.804873][ T5229] System zones: 0-2, 18-18, 34-34
[  175.846353][ T5229] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.205: iget: bad i_size value: 360287970189639680
[  175.896743][ T5229] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.205: couldn't read orphan inode 15 (err -117)
[  175.958138][ T5229] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  176.316996][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  179.397941][  T126] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  179.887614][ T5251] IPVS: stopping backup sync thread 5272 ...
[  179.957977][  T126] usb 3-1: Using ep0 maxpacket: 16
[  179.968513][  T126] usb 3-1: config 1 has an invalid interface number: 214 but max is 0
[  180.016771][  T126] usb 3-1: config 1 has no interface number 0
[  180.028804][  T126] usb 3-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  180.042331][  T126] usb 3-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[  180.057345][  T126] usb 3-1: config 1 interface 214 has no altsetting 0
[  180.078846][  T126] usb 3-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  180.108525][  T126] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.118889][  T126] usb 3-1: Product: syz
[  180.130587][  T126] usb 3-1: Manufacturer: syz
[  180.136451][  T126] usb 3-1: SerialNumber: syz
[  180.150292][ T5267] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  180.172351][ T5267] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  180.203874][  T126] ums-alauda 3-1:1.214: USB Mass Storage device detected
[  180.248087][  T126] scsi host1: usb-storage 3-1:1.214
[  180.336985][ T5282] loop4: detected capacity change from 0 to 512
[  180.349630][ T5282] EXT4-fs: Ignoring removed mblk_io_submit option
[  180.419267][  T126] usb 3-1: USB disconnect, device number 3
[  180.443255][ T5282] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  180.462917][ T5282] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  180.483147][ T5282] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[  180.498757][ T5282] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  180.517406][ T5282] System zones: 0-2, 18-18, 34-34
[  180.537684][ T5282] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.221: iget: bad i_size value: 360287970189639680
[  180.561544][ T5282] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.221: couldn't read orphan inode 15 (err -117)
[  180.592947][ T5282] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  181.361148][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  181.853036][ T5305] loop1: detected capacity change from 0 to 256
[  182.091142][ T5305] FAT-fs (loop1): Directory bread(block 64) failed
[  182.149425][ T5305] FAT-fs (loop1): Directory bread(block 65) failed
[  182.156232][ T5305] FAT-fs (loop1): Directory bread(block 66) failed
[  182.182633][ T5305] FAT-fs (loop1): Directory bread(block 67) failed
[  182.207918][ T5305] FAT-fs (loop1): Directory bread(block 68) failed
[  182.240756][ T5305] FAT-fs (loop1): Directory bread(block 69) failed
[  182.270507][ T5305] FAT-fs (loop1): Directory bread(block 70) failed
[  182.291045][ T5305] FAT-fs (loop1): Directory bread(block 71) failed
[  182.317050][ T5305] FAT-fs (loop1): Directory bread(block 72) failed
[  182.335802][ T5305] FAT-fs (loop1): Directory bread(block 73) failed
[  183.395350][ T5322] loop4: detected capacity change from 0 to 128
[  183.563633][ T5322] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  183.622415][ T5322] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.762577][   T22] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  184.092578][   T22] usb 4-1: Using ep0 maxpacket: 16
[  184.115533][   T22] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82
[  184.142615][   T22] usb 4-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10
[  184.150850][   T22] usb 4-1: Product: syz
[  184.162563][   T22] usb 4-1: Manufacturer: syz
[  184.167370][   T22] usb 4-1: SerialNumber: syz
[  184.202325][   T22] usb 4-1: config 0 descriptor??
[  184.242056][   T22] usb 4-1: selecting invalid altsetting 1
[  184.377987][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  184.453546][   T22] snd-usb-audio: probe of 4-1:0.0 failed with error -22
[  184.612276][ T4482] udevd[4482]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  186.818810][   T14] usb 4-1: USB disconnect, device number 2
[  187.932823][ T5381] netlink: 8 bytes leftover after parsing attributes in process `syz.3.246'.
[  189.723703][ T5397] netlink: 24 bytes leftover after parsing attributes in process `syz.4.249'.
[  189.848189][ T4494] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  190.213750][ T4494] usb 3-1: Using ep0 maxpacket: 16
[  190.240976][ T4494] usb 3-1: config 166 has an invalid interface number: 177 but max is 1
[  190.277633][ T4494] usb 3-1: config 166 has an invalid descriptor of length 0, skipping remainder of the config
[  191.353241][ T5394] loop3: detected capacity change from 0 to 512
[  191.474728][ T5394] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  191.664561][ T5394] EXT4-fs (loop3): orphan cleanup on readonly fs
[  191.748496][ T5394] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.251: bg 0: block 248: padding at end of block bitmap is not set
[  191.915236][ T4494] usb 3-1: config 166 has 1 interface, different from the descriptor's value: 2
[  191.925457][ T4494] usb 3-1: config 166 has no interface number 0
[  191.931760][ T4494] usb 3-1: config 166 interface 177 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  191.960766][ T5394] Quota error (device loop3): write_blk: dquota write failed
[  191.977751][ T5394] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  191.982663][ T4494] usb 3-1: config 166 interface 177 has no altsetting 0
[  191.992918][ T5394] EXT4-fs error (device loop3): ext4_acquire_dquot:6814: comm syz.3.251: Failed to acquire dquot type 1
[  192.147601][ T4494] usb 3-1: string descriptor 0 read error: -71
[  192.154391][ T4494] usb 3-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[  192.164038][ T4494] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.177434][ T4494] usb 3-1: can't set config #166, error -71
[  192.186618][ T4494] usb 3-1: USB disconnect, device number 4
[  192.389618][ T5394] EXT4-fs (loop3): 1 truncate cleaned up
[  192.397703][ T5394] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  192.565016][ T5418] loop4: detected capacity change from 0 to 128
[  192.627900][ T5418] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  192.648538][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  192.677739][ T5418] ext4 filesystem being mounted at /51/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  193.177579][ T5433] loop1: detected capacity change from 0 to 512
[  193.211157][ T5433] EXT4-fs: Ignoring removed mblk_io_submit option
[  193.230584][ T5433] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  193.246922][ T5433] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  193.288632][ T5433] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended
[  193.307900][ T5433] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  193.325269][ T5433] System zones: 0-2, 18-18, 34-34
[  193.374353][ T5433] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.262: iget: bad i_size value: 360287970189639680
[  193.379213][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  193.412259][ T5433] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.262: couldn't read orphan inode 15 (err -117)
[  193.431917][ T5433] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  193.721659][ T5443] loop4: detected capacity change from 0 to 128
[  193.753488][ T4263] EXT4-fs (loop1): unmounting filesystem.
[  193.763466][ T5443] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  193.812698][ T5443] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  194.098694][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  194.124640][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  196.202910][ T4279] Bluetooth: hci1: command 0x0406 tx timeout
[  196.209057][ T4279] Bluetooth: hci4: command 0x0406 tx timeout
[  196.222500][ T4278] Bluetooth: hci0: command 0x0406 tx timeout
[  196.228550][ T4278] Bluetooth: hci3: command 0x0406 tx timeout
[  196.234640][ T4281] Bluetooth: hci2: command 0x0406 tx timeout
[  196.359789][ T5467] syz.1.269 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  196.396265][ T5471] loop3: detected capacity change from 0 to 128
[  196.427620][   T27] audit: type=1326 audit(1753006151.181:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5451 comm="syz.4.266" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x0
[  196.500382][ T5471] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  196.564149][ T5471] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.976371][ T5479] loop1: detected capacity change from 0 to 1024
[  198.208639][ T5479] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  198.686323][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  199.092320][ T5495] loop4: detected capacity change from 0 to 256
[  199.340714][ T4263] EXT4-fs (loop1): unmounting filesystem.
[  199.469546][ T5498] loop3: detected capacity change from 0 to 512
[  199.510337][ T5498] EXT4-fs: Ignoring removed mblk_io_submit option
[  199.533568][ T5498] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  199.550936][ T5498] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  199.667836][ T5498] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  199.707861][ T5498] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  199.748774][ T5498] System zones: 0-2, 18-18, 34-34
[  199.760233][ T5498] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.275: iget: bad i_size value: 360287970189639680
[  199.778997][ T5498] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.275: couldn't read orphan inode 15 (err -117)
[  200.565706][ T5498] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  200.929795][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  200.978035][ T5515] No such timeout policy "syz1"
[  201.272769][   T14] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  201.509188][   T14] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  201.566785][   T14] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.719166][   T14] usb 3-1: config 0 descriptor??
[  202.243037][ T5527] loop3: detected capacity change from 0 to 256
[  202.270514][ T5527] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  202.281450][ T5527] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  202.358747][ T5527] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  203.814096][   T14] usb 3-1: Cannot read MAC address
[  203.819371][   T14] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71
[  204.817287][   T14] usb 3-1: USB disconnect, device number 5
[  205.846464][ T5555] netlink: 'syz.1.292': attribute type 15 has an invalid length.
[  207.735970][ T5571] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  207.745596][ T5571] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  207.753219][ T5571] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  208.625572][ T5580] netlink: 'syz.0.301': attribute type 4 has an invalid length.
[  208.643285][ T5580] netlink: 17 bytes leftover after parsing attributes in process `syz.0.301'.
[  208.679607][ T5584] loop1: detected capacity change from 0 to 512
[  208.732335][ T5584] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  208.849556][ T5584] EXT4-fs (loop1): 1 truncate cleaned up
[  208.877076][ T5575] loop4: detected capacity change from 0 to 40427
[  208.962812][ T5584] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  209.069448][ T5575] F2FS-fs (loop4): Found nat_bits in checkpoint
[  209.909622][ T5575] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  209.985909][ T4263] EXT4-fs (loop1): unmounting filesystem.
[  210.113498][ T4264] syz-executor: attempt to access beyond end of device
[  210.113498][ T4264] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  211.712599][ T5612] IPVS: stopping backup sync thread 5613 ...
[  212.790515][ T5606] loop3: detected capacity change from 0 to 128
[  212.913269][ T5606] EXT4-fs: Ignoring removed nomblk_io_submit option
[  212.938366][ T5621] netlink: 24 bytes leftover after parsing attributes in process `syz.4.311'.
[  213.041978][ T5606] EXT4-fs: Ignoring removed nomblk_io_submit option
[  213.102660][ T5606] EXT4-fs (loop3): Test dummy encryption mode enabled
[  213.198963][ T5606] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  213.214872][ T5606] ext4 filesystem being mounted at /61/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  214.672216][ T5606] fscrypt (loop3): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  214.826398][ T5616] fscrypt (loop3): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  214.860066][ T5629] fscrypt (loop3): Error allocating 'cts(cbc(aes))' transform: -4
[  215.830467][ T5676] loop4: detected capacity change from 0 to 128
[  215.885240][ T5676] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  215.903592][ T5676] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.993434][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  216.480459][ T5683] loop4: detected capacity change from 0 to 16
[  216.621777][ T5683] erofs: (device loop4): mounted with root inode @ nid 36.
[  216.656812][ T5683] erofs: (device loop4): z_erofs_readahead: readahead error at page 2 @ nid 89
[  216.665910][ T5683] erofs: (device loop4): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  216.675651][ T5683] erofs: (device loop4): z_erofs_readahead: readahead error at page 1 @ nid 89
[  216.812889][ T5683] erofs: (device loop4): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  216.822784][ T5683] erofs: (device loop4): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  216.832661][ T5683] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117]
[  216.868139][   T27] audit: type=1800 audit(1753006171.591:9): pid=5683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.323" name="file3" dev="loop4" ino=89 res=0 errno=0
[  219.874230][ T5707] bridge: RTM_NEWNEIGH with invalid ether address
[  222.669654][ T5728] syz.4.335[5728] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  222.670091][ T5728] syz.4.335[5728] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  222.737783][ T5728] loop4: detected capacity change from 0 to 1024
[  222.759898][ T5728] EXT4-fs: Ignoring removed oldalloc option
[  222.766153][ T5728] journal_path: Lookup failure for './file1'
[  222.772253][ T5728] EXT4-fs: error: could not find journal device path
[  223.142659][ T4482] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  223.704715][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  225.218267][ T5742] loop4: detected capacity change from 0 to 512
[  225.269130][ T5742] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  225.422663][ T5742] EXT4-fs (loop4): 1 truncate cleaned up
[  225.428374][ T5742] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  225.520820][ T5738] loop3: detected capacity change from 0 to 40427
[  225.530972][ T5738] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x3ffff
[  225.540927][ T5738] F2FS-fs (loop3): invalid crc value
[  225.738922][ T5738] F2FS-fs (loop3): Found nat_bits in checkpoint
[  225.779802][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  226.054998][ T5738] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  227.062579][ T4375] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  227.368354][ T4375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.575890][ T4375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.782543][ T4375] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  227.822175][ T4375] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.896997][ T4375] usb 5-1: config 0 descriptor??
[  228.920209][ T4375] uclogic 0003:256C:006D.0004: interface is invalid, ignoring
[  229.147157][   T14] usb 5-1: USB disconnect, device number 5
[  229.701259][ T5774] loop3: detected capacity change from 0 to 512
[  229.713823][ T5774] EXT4-fs: Ignoring removed mblk_io_submit option
[  229.746349][ T5774] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  229.772561][ T5774] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  229.810221][ T5774] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  229.828093][ T5774] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  229.843747][ T5774] System zones: 0-2, 18-18, 34-34
[  229.874199][ T5774] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.349: iget: bad i_size value: 360287970189639680
[  229.908188][ T5774] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.349: couldn't read orphan inode 15 (err -117)
[  229.955933][ T5774] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  230.561055][ T4280] EXT4-fs (loop3): unmounting filesystem.
[  231.857175][ T4482] udevd[4482]: inotify_add_watch(7, /dev/loop3, 10) failed: No such file or directory
[  235.719751][ T5827] loop4: detected capacity change from 0 to 512
[  235.768569][ T5827] EXT4-fs: Ignoring removed mblk_io_submit option
[  235.809877][ T5827] EXT4-fs: Ignoring removed bh option
[  235.817236][ T5827] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  235.839210][ T5827] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  236.074276][ T5827] EXT4-fs (loop4): 1 truncate cleaned up
[  236.090336][ T5827] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  236.371679][ T5827] netlink: 'syz.4.363': attribute type 27 has an invalid length.
[  242.184339][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.192836][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.159031][ T5827] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.235848][ T5827] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.537626][ T5827] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.552351][ T5827] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.581789][ T5827] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.592792][ T5827] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.994820][ T5840] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  247.006308][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.016251][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  247.026123][ T5840] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  247.255890][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  247.275733][ T5921] overlayfs: failed to resolve './file0': -2
[  247.303603][  T126] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  247.457912][  T126] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  247.744640][ T5935] loop4: detected capacity change from 0 to 1024
[  249.119352][ T4316] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  249.804002][ T5935] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  250.134150][ T4331] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  250.142683][ T4331] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  250.587084][ T4264] EXT4-fs (loop4): unmounting filesystem.
[  250.595230][ T4316] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  251.895202][ T5961] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  251.895202][ T5961] 
[  251.909841][ T5963] usb usb1: usbfs: process 5963 (syz.1.403) did not claim interface 0 before use
[  251.944390][ T5965] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  251.944390][ T5965] �C<+
[  252.603392][ T5979] loop4: detected capacity change from 0 to 2048
[  252.641299][ T5979]  loop4: p1 < > p4
[  253.912593][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  255.398907][ T5997] netlink: 24 bytes leftover after parsing attributes in process `syz.3.413'.
[  255.533349][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  255.546763][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  257.963470][ T5493] Bluetooth: hci5: Frame reassembly failed (-84)
[  260.009823][ T4279] Bluetooth: hci5: command 0x1003 tx timeout
[  260.032658][ T4278] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  260.832551][   T26] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  261.024667][   T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.042501][   T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.062659][   T26] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  261.082518][   T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.112214][   T26] usb 3-1: config 0 descriptor??
[  261.272597][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  261.557073][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.571758][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.581016][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.600464][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.610323][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.620901][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.630712][   T26] hid-picolcd 0003:04D8:C002.0005: unknown main item tag 0x0
[  261.702933][   T26] hid-picolcd 0003:04D8:C002.0005: No report with id 0x11 found
[  261.765986][   T26] usb 3-1: USB disconnect, device number 6
[  265.162693][ T6110] No such timeout policy "syz1"
[  265.442696][ T4324] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  265.671624][ T4324] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  265.754644][ T4324] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.900633][ T4324] usb 4-1: config 0 descriptor??
[  268.134034][ T4324] usb 4-1: Cannot read MAC address
[  268.139337][ T4324] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71
[  268.157286][ T4324] usb 4-1: USB disconnect, device number 3
[  270.195720][ T6137] netlink: 60 bytes leftover after parsing attributes in process `syz.2.465'.
[  271.140231][ T6114] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.147763][ T6114] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.249202][ T6114] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.296587][ T6114] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  276.642598][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  277.503634][ T6114] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  277.519594][ T6114] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  277.529075][ T6114] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  277.538130][ T6114] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  282.368172][ T6193] tipc: Started in network mode
[  282.373751][ T6193] tipc: Node identity ac14142f, cluster identity 4711
[  282.381448][ T6193] tipc: New replicast peer: 0.0.0.0
[  282.387508][ T6193] tipc: Enabled bearer <udp:syz2>, priority 10
[  283.416534][ T4331] tipc: Node number set to 2886997039
[  285.221506][ T6216] futex_wake_op: syz.0.487 tries to shift op by -1; fix this program
[  290.202540][ T4331] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  290.392656][ T4331] usb 5-1: Using ep0 maxpacket: 16
[  290.403779][ T4331] usb 5-1: config 1 has an invalid descriptor of length 248, skipping remainder of the config
[  290.437089][ T4331] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  290.857863][ T4331] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  291.023934][ T4331] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.152203][ T4331] usb 5-1: Product: syz
[  291.559760][ T4331] usb 5-1: Manufacturer: syz
[  291.648786][ T4331] usb 5-1: SerialNumber: syz
[  292.221804][ T4331] usb 5-1: 0:2 : does not exist
[  292.240529][ T4331] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  292.370867][ T4331] usb 5-1: USB disconnect, device number 6
[  292.688338][ T6266] udevd[6266]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  295.146107][ T6303] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  295.162461][ T6299] IPVS: stopping backup sync thread 6303 ...
[  296.964612][ T6312] tmpfs: Unknown parameter 'nolazytime��'
[  297.590908][ T6320] tipc: Started in network mode
[  297.629951][ T6320] tipc: Node identity ac14142f, cluster identity 4711
[  297.712913][ T6320] tipc: New replicast peer: 0.0.0.0
[  297.756682][ T6320] tipc: Enabled bearer <udp:syz2>, priority 10
[  298.874558][ T4494] tipc: Node number set to 2886997039
[  302.994495][ T6361] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  303.022909][ T6345] IPVS: stopping backup sync thread 6361 ...
[  305.937331][ T4356] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.223705][ T4279] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  306.233752][ T4279] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  306.241678][ T4279] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  306.250489][ T4279] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  306.258412][ T4279] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  306.266159][ T4279] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  306.292480][ T4356] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.358409][ T4356] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.411726][ T4356] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.352565][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  307.945971][ T6380] chnl_net:caif_netlink_parms(): no params data found
[  308.487085][ T4278] Bluetooth: hci3: command 0x0409 tx timeout
[  310.562711][ T4278] Bluetooth: hci3: command 0x041b tx timeout
[  312.709168][ T4278] Bluetooth: hci3: command 0x040f tx timeout
[  312.746363][ T6410] netlink: 32 bytes leftover after parsing attributes in process `syz.0.540'.
[  315.650222][ T4279] Bluetooth: hci3: command 0x0419 tx timeout
[  315.952720][ T6380] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.960035][ T6380] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.041335][ T6380] device bridge_slave_0 entered promiscuous mode
[  316.386714][ T6380] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.394281][ T6380] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.247498][ T6380] device bridge_slave_1 entered promiscuous mode
[  317.410205][ T6380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.487030][ T6380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  317.624111][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  317.630477][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  317.714606][ T6380] team0: Port device team_slave_0 added
[  317.790215][ T6380] team0: Port device team_slave_1 added
[  318.643233][ T6380] batman_adv: batadv0: Adding interface: batadv_slave_0
[  318.650366][ T6380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  318.827853][ T6380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  319.264516][ T6475] syz.1.563 uses obsolete (PF_INET,SOCK_PACKET)
[  320.833106][ T6380] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.840105][ T6380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.069273][ T6380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.625158][ T6380] device hsr_slave_0 entered promiscuous mode
[  322.636463][ T6380] device hsr_slave_1 entered promiscuous mode
[  322.683257][ T6380] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  322.690929][ T6380] Cannot create hsr debugfs directory
[  325.176272][ T4356] device hsr_slave_0 left promiscuous mode
[  325.191302][ T4356] device hsr_slave_1 left promiscuous mode
[  325.334729][ T4356] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  325.351202][ T4356] batman_adv: batadv0: Removing interface: batadv_slave_0
[  325.577547][ T4356] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  325.700778][   T27] audit: type=1326 audit(1753006280.451:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  325.779187][ T4356] batman_adv: batadv0: Removing interface: batadv_slave_1
[  326.042508][   T27] audit: type=1326 audit(1753006280.481:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.073174][ T4356] device bridge_slave_1 left promiscuous mode
[  326.097470][ T4356] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.155745][   T27] audit: type=1326 audit(1753006280.481:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.179249][ T4356] device bridge_slave_0 left promiscuous mode
[  326.187692][ T4356] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.271937][   T27] audit: type=1326 audit(1753006280.481:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.298797][ T6533] fuse: Unknown parameter 'fd0x0000000000000007'
[  326.326643][   T27] audit: type=1326 audit(1753006280.481:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.361896][ T4356] device veth1_macvtap left promiscuous mode
[  326.373508][ T4356] device veth0_macvtap left promiscuous mode
[  326.379678][ T4356] device veth1_vlan left promiscuous mode
[  326.386426][ T4356] device veth0_vlan left promiscuous mode
[  326.392379][   T27] audit: type=1326 audit(1753006280.491:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.459891][   T27] audit: type=1326 audit(1753006280.491:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.560204][ T6546] 9pnet: p9_errstr2errno: server reported unknown error �@��
[  326.561524][   T27] audit: type=1326 audit(1753006280.491:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.677969][   T27] audit: type=1326 audit(1753006280.491:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  326.774592][   T27] audit: type=1326 audit(1753006280.491:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6516 comm="syz.4.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7a798e9a9 code=0x7fc00000
[  329.046917][ T4356] team0 (unregistering): Port device team_slave_1 removed
[  329.116001][ T4356] team0 (unregistering): Port device team_slave_0 removed
[  329.179558][ T4356] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  329.233492][ T4356] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  329.871082][ T4356] bond0 (unregistering): Released all slaves
[  330.121266][ T6380] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  330.292478][ T6380] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  330.306739][ T6577] xt_time: unknown flags 0xc
[  330.328638][ T6380] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  330.358088][ T6380] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  332.027489][ T6380] 8021q: adding VLAN 0 to HW filter on device bond0
[  332.501182][ T6380] 8021q: adding VLAN 0 to HW filter on device team0
[  332.727282][ T6380] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  332.778486][ T6380] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  333.132806][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  333.168604][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  333.223611][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  333.303426][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  333.377621][ T4479] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.384923][ T4479] bridge0: port 1(bridge_slave_0) entered forwarding state
[  333.491264][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  333.570418][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  333.636500][ T4479] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.643713][ T4479] bridge0: port 2(bridge_slave_1) entered forwarding state
[  333.652064][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  333.661168][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  333.673851][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  333.704382][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  333.724501][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  333.753258][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  333.772194][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  333.793321][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  333.829335][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  333.853367][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  333.873666][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  333.903914][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  333.931132][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  334.336477][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  334.366862][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  334.402916][ T6380] 8021q: adding VLAN 0 to HW filter on device batadv0
[  335.624329][ T6380] device veth0_vlan entered promiscuous mode
[  335.641054][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  335.650564][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  335.675092][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  335.707898][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  335.747079][ T6380] device veth1_vlan entered promiscuous mode
[  335.776990][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  335.788995][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  335.851361][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  335.869359][ T4356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  335.910635][ T6380] device veth0_macvtap entered promiscuous mode
[  335.933924][ T6380] device veth1_macvtap entered promiscuous mode
[  336.001659][ T6380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  336.040704][ T6380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  336.091570][ T6380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  336.123885][ T6380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  336.158274][ T6380] batman_adv: batadv0: Interface activated: batadv_slave_0
[  336.202781][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  336.224912][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  336.249060][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  336.294291][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  336.341338][ T6380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  336.364698][ T6380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  336.382585][ T6380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  336.412470][ T6380] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  336.443973][ T6380] batman_adv: batadv0: Interface activated: batadv_slave_1
[  336.451671][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  336.468462][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  336.511159][ T6380] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.531040][ T6380] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.550668][ T6380] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.561373][ T6380] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.859688][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.918793][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  339.484179][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  339.523735][ T4400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  339.587987][ T4400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  339.629046][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  339.991531][ T6707] serio: Serial port ttyS3
[  341.622752][ T6722] TCP: TCP_TX_DELAY enabled
[  343.592713][  T951] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  343.784840][  T951] usb 6-1: unable to get BOS descriptor or descriptor too short
[  343.814581][  T951] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  343.876013][  T951] usb 6-1: config 1 interface 0 altsetting 195 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  343.980882][  T951] usb 6-1: config 1 interface 0 has no altsetting 0
[  344.010245][  T951] usb 6-1: string descriptor 0 read error: -22
[  344.052689][  T951] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  344.112488][  T951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.197047][  T951] usb 6-1: bad CDC descriptors
[  344.402931][   T26] usb 6-1: USB disconnect, device number 2
[  347.141581][ T6761] netlink: 'syz.0.622': attribute type 13 has an invalid length.
[  348.231732][ T6761] gretap0: refused to change device tx_queue_len
[  348.238905][ T6761] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  349.522566][   T26] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  349.843124][   T26] usb 5-1: Using ep0 maxpacket: 32
[  349.850307][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.894424][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.917959][   T26] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  349.942097][   T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.972884][   T26] usb 5-1: config 0 descriptor??
[  350.449425][   T26] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  350.714799][ T4309] usb 5-1: USB disconnect, device number 7
[  350.829960][ T6795] fido_id[6795]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  350.923911][ T6800] loop5: detected capacity change from 0 to 1024
[  353.426073][ T6800] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  353.914174][ T6380] EXT4-fs (loop5): unmounting filesystem.
[  355.404845][ T4278] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  355.433614][ T4278] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  355.442019][ T4269] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  355.458247][ T4278] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  355.475185][ T4278] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  355.483613][ T4278] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  355.653600][ T6828] loop5: detected capacity change from 0 to 256
[  355.804377][ T6828] FAT-fs (loop5): Directory bread(block 64) failed
[  355.811168][ T6828] FAT-fs (loop5): Directory bread(block 65) failed
[  355.872550][ T6828] FAT-fs (loop5): Directory bread(block 66) failed
[  355.879134][ T6828] FAT-fs (loop5): Directory bread(block 67) failed
[  355.915811][ T6828] FAT-fs (loop5): Directory bread(block 68) failed
[  355.923674][ T6828] FAT-fs (loop5): Directory bread(block 69) failed
[  355.930428][ T6828] FAT-fs (loop5): Directory bread(block 70) failed
[  355.937332][ T6828] FAT-fs (loop5): Directory bread(block 71) failed
[  355.944302][ T6828] FAT-fs (loop5): Directory bread(block 72) failed
[  355.951580][ T6828] FAT-fs (loop5): Directory bread(block 73) failed
[  356.045543][ T5493] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.411209][ T5493] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.695671][ T4278] Bluetooth: hci5: command 0x0409 tx timeout
[  357.789019][ T5493] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.043628][ T5493] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.716665][ T6816] chnl_net:caif_netlink_parms(): no params data found
[  359.782939][ T4278] Bluetooth: hci5: command 0x041b tx timeout
[  360.596885][ T6816] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.617164][ T6816] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.660192][ T6816] device bridge_slave_0 entered promiscuous mode
[  360.693588][ T6816] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.721187][ T6816] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.756990][ T6816] device bridge_slave_1 entered promiscuous mode
[  361.410500][ T6816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  361.455939][ T6816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.575547][ T6884] fuse: Bad value for 'fd'
[  361.777088][ T6816] team0: Port device team_slave_0 added
[  361.813611][ T6816] team0: Port device team_slave_1 added
[  361.833006][ T4278] Bluetooth: hci5: command 0x040f tx timeout
[  362.009783][ T6816] batman_adv: batadv0: Adding interface: batadv_slave_0
[  362.050811][ T6816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.211244][ T6816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  362.378972][ T6816] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.393522][ T6816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.651314][ T6816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  364.355214][ T4278] Bluetooth: hci5: command 0x0419 tx timeout
[  364.444676][ T6816] device hsr_slave_0 entered promiscuous mode
[  364.543084][ T6816] device hsr_slave_1 entered promiscuous mode
[  367.220085][ T6924] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.363116][ T5493] device hsr_slave_0 left promiscuous mode
[  367.388594][ T5493] device hsr_slave_1 left promiscuous mode
[  367.452755][ T5493] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  367.480565][ T5493] batman_adv: batadv0: Removing interface: batadv_slave_0
[  367.514038][ T5493] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  367.561631][ T5493] batman_adv: batadv0: Removing interface: batadv_slave_1
[  367.613274][ T5493] device bridge_slave_1 left promiscuous mode
[  367.619554][ T5493] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.712553][ T4331] usb 2-1: new low-speed USB device number 3 using dummy_hcd
[  367.727836][ T5493] device bridge_slave_0 left promiscuous mode
[  367.747409][ T5493] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.856156][ T5493] device veth1_macvtap left promiscuous mode
[  367.862357][ T5493] device veth0_macvtap left promiscuous mode
[  367.868537][ T5493] device veth1_vlan left promiscuous mode
[  367.874453][ T5493] device veth0_vlan left promiscuous mode
[  368.994157][ T6941] loop5: detected capacity change from 0 to 512
[  369.049357][ T6941] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  369.064563][ T4331] usb 2-1: config 0 has no interfaces?
[  369.084117][ T4331] usb 2-1: string descriptor 0 read error: -22
[  369.123371][ T4331] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  369.177238][ T4331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.189833][ T6941] EXT4-fs (loop5): 1 truncate cleaned up
[  369.204241][ T6941] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  369.255248][ T4331] usb 2-1: config 0 descriptor??
[  369.458711][ T6380] EXT4-fs (loop5): unmounting filesystem.
[  369.511757][   T14] usb 2-1: USB disconnect, device number 3
[  370.855944][ T5493] team0 (unregistering): Port device team_slave_1 removed
[  370.973351][ T5493] team0 (unregistering): Port device team_slave_0 removed
[  371.057364][ T5493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  371.167699][ T5493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  372.345201][ T5493] bond0 (unregistering): Released all slaves
[  372.620937][ T6947] bridge0: port 3(vlan2) entered blocking state
[  372.640965][ T6947] bridge0: port 3(vlan2) entered disabled state
[  373.000040][ T6816] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  373.018975][ T6816] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  373.034406][ T6816] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  373.068321][ T6816] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  373.282607][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  373.507361][ T6816] 8021q: adding VLAN 0 to HW filter on device bond0
[  373.571905][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  373.619216][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  373.670698][ T6816] 8021q: adding VLAN 0 to HW filter on device team0
[  373.887512][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  374.001983][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  374.212365][ T4795] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.219579][ T4795] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.518777][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  374.592988][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  374.620058][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  374.621642][ T7000] capability: warning: `syz.5.669' uses deprecated v2 capabilities in a way that may be insecure
[  374.633174][ T4795] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.646269][ T4795] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.694924][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  374.748567][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  374.781134][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  374.822490][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  374.894691][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  374.923437][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  374.962968][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  374.980794][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  375.004399][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  375.043102][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  375.109687][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  375.154847][ T6816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  375.281164][ T7017] Driver unsupported XDP return value 0 on prog  (id 364) dev N/A, expect packet loss!
[  375.679877][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  375.687553][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  375.725118][ T6816] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.534051][ T7051] loop5: detected capacity change from 0 to 128
[  376.541254][ T7051] EXT4-fs: Ignoring removed nomblk_io_submit option
[  376.548093][ T7051] EXT4-fs: Ignoring removed nomblk_io_submit option
[  376.566626][ T7051] EXT4-fs (loop5): Test dummy encryption mode enabled
[  376.607783][ T7051] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  376.617380][ T7051] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  377.078374][ T7051] fscrypt (loop5): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  378.139962][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  378.175561][ T6380] EXT4-fs (loop5): unmounting filesystem.
[  378.181981][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  378.240353][ T6816] device veth0_vlan entered promiscuous mode
[  378.291981][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  378.344100][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  378.360360][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  378.395757][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  378.402123][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  378.445851][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  378.547277][ T7076] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  378.564500][ T6816] device veth1_vlan entered promiscuous mode
[  378.598069][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  378.607754][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  378.616527][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  378.734396][ T4391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  378.776699][ T6816] device veth0_macvtap entered promiscuous mode
[  378.833297][ T6816] device veth1_macvtap entered promiscuous mode
[  379.550631][ T7080] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  379.558155][ T7080] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  379.573073][ T7080] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  379.592782][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  379.601088][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  379.763140][ T6816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.804413][ T6816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.852146][ T6816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  379.898092][ T6816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  379.949898][ T6816] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.008152][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  380.039574][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  380.083689][ T6816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.110453][ T6816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.147331][ T6816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.149747][ T7090] loop5: detected capacity change from 0 to 512
[  380.185388][ T7090] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  380.240157][ T6816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.298568][ T6816] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.336663][ T7090] EXT4-fs (loop5): 1 truncate cleaned up
[  380.339856][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  380.358418][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  380.369303][ T7090] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  380.380732][ T6816] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.409817][ T6816] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.420872][ T6816] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.430402][ T6816] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.547598][ T6380] EXT4-fs (loop5): unmounting filesystem.
[  380.723846][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.735605][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.794033][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  380.817722][ T5717] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.839132][ T5717] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.883376][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  381.797510][ T7117] input: syz1 as /devices/virtual/input/input8
[  382.644471][ T7129] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  382.644471][ T7129] �
[  383.418550][ T7136] tipc: Started in network mode
[  383.424190][ T7136] tipc: Node identity ac14142f, cluster identity 4711
[  383.434602][ T7136] tipc: New replicast peer: 0.0.0.0
[  383.443984][ T7136] tipc: Enabled bearer <udp:syz2>, priority 10
[  384.559812][   T22] tipc: Node number set to 2886997039
[  386.566221][ T7229] loop6: detected capacity change from 0 to 128
[  386.833374][ T7229] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  386.946157][ T7229] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  387.408811][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  389.258810][ T7262] IPVS: stopping backup sync thread 7264 ...
[  389.265535][ T7264] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  396.781856][ T7338] I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  396.833980][ T7338] FAT-fs (loop13): unable to read boot sector
[  400.945674][ T4279] Bluetooth: hci4: command 0x1003 tx timeout
[  400.946303][ T4278] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  401.323817][ T7387] IPVS: stopping backup sync thread 7394 ...
[  401.329956][ T7394] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  402.530852][ T7414] loop6: detected capacity change from 0 to 128
[  402.740311][   T27] kauditd_printk_skb: 9 callbacks suppressed
[  402.740326][   T27] audit: type=1800 audit(1753006357.471:29): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.750" name="file1" dev="loop6" ino=1048606 res=0 errno=0
[  404.247733][ T7443] netlink: 36 bytes leftover after parsing attributes in process `syz.4.756'.
[  404.876228][ T7445] loop5: detected capacity change from 0 to 256
[  407.983179][ T7474] syz.5.764[7474] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.983279][ T7474] syz.5.764[7474] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.996435][ T7474] usb usb1: usbfs: process 7474 (syz.5.764) did not claim interface 0 before use
[  408.017078][ T7474] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  408.116937][ T7477] IPVS: stopping backup sync thread 7478 ...
[  408.123455][ T7478] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  410.267616][   T22] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  411.472578][   T22] usb 2-1: Using ep0 maxpacket: 16
[  412.183499][   T22] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  412.202424][   T22] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  412.273423][   T22] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  412.327873][   T22] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.397485][   T22] usb 2-1: Product: syz
[  412.440374][   T22] usb 2-1: Manufacturer: syz
[  412.459332][   T22] usb 2-1: SerialNumber: syz
[  413.014880][   T22] usb 2-1: 0:2 : does not exist
[  413.378716][ T7553] loop6: detected capacity change from 0 to 2048
[  413.433011][   T22] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  413.466895][   T22] usb 2-1: USB disconnect, device number 4
[  413.505562][ T7553] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  413.530275][   T27] audit: type=1800 audit(1753006368.281:30): pid=7553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.784" name="bus" dev="loop6" ino=18 res=0 errno=0
[  413.572546][  T951] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  413.608959][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  413.773454][ T6515] udevd[6515]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  413.792803][ T7564] process 'syz.0.786' launched './file3' with NULL argv: empty string added
[  413.824430][  T951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.848042][  T951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.873286][  T951] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  413.895203][  T951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.920984][  T951] usb 5-1: config 0 descriptor??
[  414.338101][  T951] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x0
[  414.352759][  T951] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x2
[  414.361668][  T951] cp2112 0003:10C4:EA90.0007: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[  414.654752][  T951] cp2112 0003:10C4:EA90.0007: Part Number: 0x00 Device Version: 0x00
[  418.213045][ T7596] loop6: detected capacity change from 0 to 512
[  418.534136][ T7596] EXT4-fs error (device loop6): ext4_do_update_inode:5254: inode #3: comm syz.6.794: corrupted inode contents
[  418.550629][ T7596] EXT4-fs error (device loop6): ext4_dirty_inode:6119: inode #3: comm syz.6.794: mark_inode_dirty error
[  418.568713][ T7596] EXT4-fs error (device loop6): ext4_do_update_inode:5254: inode #3: comm syz.6.794: corrupted inode contents
[  418.582587][ T7596] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #3: comm syz.6.794: mark_inode_dirty error
[  418.603723][ T7596] Quota error (device loop6): write_blk: dquota write failed
[  418.611759][ T7596] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  418.622638][ T7596] EXT4-fs error (device loop6): ext4_acquire_dquot:6814: comm syz.6.794: Failed to acquire dquot type 0
[  418.665490][ T7596] EXT4-fs (loop6): 1 orphan inode deleted
[  418.671379][ T7596] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  418.682677][ T7596] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  418.746807][ T4365] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  418.924661][ T4365] EXT4-fs error (device loop6): ext4_release_dquot:6850: comm kworker/u4:7: Failed to release dquot type 1
[  419.133624][ T7605] binder: 7602:7605 ioctl c0306201 200000000080 returned -22
[  419.863941][ T7616] input: syz1 as /devices/virtual/input/input9
[  420.494999][  T126] usb 5-1: USB disconnect, device number 8
[  420.743157][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  424.123830][ T7668] netlink: 32 bytes leftover after parsing attributes in process `syz.1.811'.
[  425.672550][ T4278] Bluetooth: hci5: command 0x0405 tx timeout
[  426.913706][ T7697] netlink: 'syz.1.816': attribute type 1 has an invalid length.
[  427.042327][ T7700] netlink: 16 bytes leftover after parsing attributes in process `syz.6.820'.
[  430.393794][ T7750] loop6: detected capacity change from 0 to 512
[  430.468001][ T7750] EXT4-fs: Ignoring removed mblk_io_submit option
[  430.528922][ T7750] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  430.610466][ T7750] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  430.663189][ T7750] EXT4-fs (loop6): warning: checktime reached, running e2fsck is recommended
[  430.727067][ T7750] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  430.770412][ T7750] System zones: 0-2, 18-18, 34-34
[  430.813786][ T7750] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.828: iget: bad i_size value: 360287970189639680
[  430.873840][ T7750] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.828: couldn't read orphan inode 15 (err -117)
[  430.928128][ T7750] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  431.672728][ T4279] Bluetooth: hci3: command 0x0406 tx timeout
[  432.190638][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  432.457095][ T7782] devtmpfs: Bad value for 'nr_inodes'
[  434.098719][ T7793] loop6: detected capacity change from 0 to 512
[  434.132273][ T7793] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  434.234918][ T7793] EXT4-fs (loop6): 1 truncate cleaned up
[  434.242900][ T7793] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  434.464781][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  434.941215][ T7810] loop6: detected capacity change from 0 to 2048
[  435.014980][ T7810] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  435.047771][ T7810] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  435.322043][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  439.716968][ T7900] loop6: detected capacity change from 0 to 512
[  439.767279][ T7900] EXT4-fs: Ignoring removed mblk_io_submit option
[  439.803519][ T7900] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  439.836201][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  439.843066][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  439.855986][ T7900] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  439.903819][ T7900] EXT4-fs (loop6): warning: checktime reached, running e2fsck is recommended
[  439.933220][ T7900] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  439.959330][ T7900] System zones: 0-2, 18-18, 34-34
[  439.993517][ T7900] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.863: iget: bad i_size value: 360287970189639680
[  440.064893][ T7900] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.863: couldn't read orphan inode 15 (err -117)
[  440.153080][ T7900] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  440.937169][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  441.128090][ T7924] loop6: detected capacity change from 0 to 512
[  441.193705][ T7924] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  441.256448][ T7924] EXT4-fs (loop6): 1 truncate cleaned up
[  441.312265][ T7924] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  441.566295][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  442.311785][ T7949] netlink: 'syz.0.872': attribute type 1 has an invalid length.
[  442.613120][ T7960] netlink: 'syz.5.878': attribute type 15 has an invalid length.
[  443.086934][ T7954] IPVS: stopping backup sync thread 7965 ...
[  443.453669][ T7970] syz.1.880[7970] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  443.453805][ T7970] syz.1.880[7970] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  443.485430][ T7971] loop6: detected capacity change from 0 to 512
[  443.546685][ T7971] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  443.751348][ T7971] EXT4-fs (loop6): 1 truncate cleaned up
[  443.773701][ T7971] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  444.841471][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  445.684844][   T27] audit: type=1326 audit(1753006913.435:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7993 comm="syz.1.886" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcbfd38e9a9 code=0x0
[  446.061938][ T8004] 9pnet_fd: p9_fd_create_tcp (8004): problem connecting socket to 127.0.0.1
[  448.766142][ T8034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.892'.
[  448.951318][ T8041] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  450.645992][ T8070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.897'.
[  452.032992][ T8075] overlayfs: missing 'lowerdir'
[  457.050083][ T8125] netlink: 'syz.1.908': attribute type 27 has an invalid length.
[  457.549678][ T8126] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  457.614456][ T8126] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.644065][ T8126] 8021q: adding VLAN 0 to HW filter on device team0
[  457.695438][ T8126] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  458.858574][ T8168] loop6: detected capacity change from 0 to 512
[  459.130709][ T8168] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  459.140298][ T8168] ext4 filesystem being mounted at /57/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  460.925894][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  461.810918][ T8183] device pim6reg1 entered promiscuous mode
[  464.702020][ T8215] loop6: detected capacity change from 0 to 512
[  464.853103][ T8215] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  465.087997][ T8215] EXT4-fs (loop6): 1 truncate cleaned up
[  465.122512][ T8215] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  465.555938][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  465.777039][ T8229] loop6: detected capacity change from 0 to 128
[  465.806560][ T8229] FAT-fs (loop6): Directory bread(block 162) failed
[  465.873954][ T8229] FAT-fs (loop6): Directory bread(block 163) failed
[  465.880644][ T8229] FAT-fs (loop6): Directory bread(block 164) failed
[  465.942795][ T8229] FAT-fs (loop6): Directory bread(block 165) failed
[  465.949658][ T8229] FAT-fs (loop6): Directory bread(block 166) failed
[  465.958408][ T8229] FAT-fs (loop6): Directory bread(block 167) failed
[  465.965527][ T8229] FAT-fs (loop6): Directory bread(block 168) failed
[  465.972168][ T8229] FAT-fs (loop6): Directory bread(block 169) failed
[  469.927301][ T8279] loop6: detected capacity change from 0 to 512
[  469.947144][ T8279] EXT4-fs: Ignoring removed mblk_io_submit option
[  469.971800][ T8279] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  470.003120][ T8279] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  470.039808][ T8279] EXT4-fs (loop6): warning: checktime reached, running e2fsck is recommended
[  470.073270][ T8279] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  470.081375][ T8279] System zones: 0-2, 18-18, 34-34
[  470.139294][ T8279] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.943: iget: bad i_size value: 360287970189639680
[  470.229430][ T8279] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.943: couldn't read orphan inode 15 (err -117)
[  470.243060][ T8279] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  470.874204][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  470.907389][ T8297] overlayfs: missing 'lowerdir'
[  471.840278][ T8307] loop6: detected capacity change from 0 to 1024
[  471.903946][ T8307] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  471.932573][ T8307] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  474.309692][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  477.254548][ T8369] loop6: detected capacity change from 0 to 1024
[  477.265875][ T8369] EXT4-fs: Ignoring removed nobh option
[  477.271542][ T8369] EXT4-fs: Ignoring removed bh option
[  477.277131][ T8369] ext4: Unknown parameter 'rootcontext'
[  478.250861][ T6515] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  478.255388][ T4278] Bluetooth: hci5: command 0x0406 tx timeout
[  482.744505][ T8405] loop6: detected capacity change from 0 to 40427
[  482.762133][ T8405] F2FS-fs (loop6): invalid crc value
[  482.867291][ T8405] F2FS-fs (loop6): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  482.940995][ T8405] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  492.696969][ T8529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.994'.
[  493.212443][ T4309] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  493.412442][ T4309] usb 2-1: Using ep0 maxpacket: 16
[  493.433675][ T4309] usb 2-1: config 1 has an invalid interface number: 214 but max is 0
[  493.462453][ T4309] usb 2-1: config 1 has no interface number 0
[  493.468603][ T4309] usb 2-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  493.534023][ T4309] usb 2-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[  493.582474][ T4309] usb 2-1: config 1 interface 214 has no altsetting 0
[  493.599817][ T4309] usb 2-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  493.626024][ T4309] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.650501][ T4309] usb 2-1: Product: syz
[  493.662707][ T4309] usb 2-1: Manufacturer: syz
[  493.706241][ T4309] usb 2-1: SerialNumber: syz
[  493.840957][ T8538] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  493.865980][ T8538] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  493.913540][ T4309] ums-alauda 2-1:1.214: USB Mass Storage device detected
[  493.933376][ T8549] IPVS: stopping backup sync thread 8041 ...
[  493.944141][ T8554] device pim6reg1 entered promiscuous mode
[  493.986702][ T4309] scsi host1: usb-storage 2-1:1.214
[  494.129927][ T4317] usb 2-1: USB disconnect, device number 5
[  501.111489][ T8640] IPVS: stopping backup sync thread 8644 ...
[  501.117762][ T8644] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  501.276903][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  501.283276][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  501.413286][ T8646] bridge0: port 3(vlan2) entered blocking state
[  501.609268][ T8646] bridge0: port 3(vlan2) entered disabled state
[  501.919015][ T8666] syz.4.1026[8666] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  501.919167][ T8666] syz.4.1026[8666] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  502.494061][ T8681] loop6: detected capacity change from 0 to 512
[  502.579396][ T8681] EXT4-fs: Ignoring removed bh option
[  502.648201][ T8681] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  503.166649][ T8681] EXT4-fs (loop6): 1 truncate cleaned up
[  503.646029][ T8681] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  504.348261][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  506.843459][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  506.926798][ T8724] device pim6reg1 entered promiscuous mode
[  509.735498][ T8763] ipt_CLUSTERIP: Please specify destination IP
[  517.386436][ T8821] hub 2-0:1.0: USB hub found
[  517.392495][ T8821] hub 2-0:1.0: 1 port detected
[  517.887045][ T8828] loop6: detected capacity change from 0 to 1024
[  517.984692][ T8828] EXT4-fs: Ignoring removed oldalloc option
[  517.990682][ T8828] journal_path: Lookup failure for './file1'
[  518.092499][ T8828] EXT4-fs: error: could not find journal device path
[  521.502682][ T8872] device vlan2 entered promiscuous mode
[  521.508334][ T8872] device syz_tun entered promiscuous mode
[  522.302294][ T8879] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1078'.
[  522.888788][ T8887] netlink: 'syz.5.1079': attribute type 27 has an invalid length.
[  525.395150][ T8887] bridge0: port 2(bridge_slave_1) entered disabled state
[  525.477527][ T8910] loop6: detected capacity change from 0 to 256
[  525.767745][ T8910] FAT-fs (loop6): Unrecognized mount option "�V�S:�i�������d�]�u*�����
2��Ds�w�q������C��n���Z�r�#�t$C?�H�MܸʚY�7��g������c�v+��F9W�L�>�m�zU��XS�" or missing value
[  527.743206][ T8910] loop6: detected capacity change from 0 to 40427
[  527.756376][ T8910] F2FS-fs (loop6): invalid crc value
[  527.799668][ T8910] F2FS-fs (loop6): Found nat_bits in checkpoint
[  527.913035][ T8910] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  528.223092][ T8929] syz.1.1093[8929] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  528.223552][ T8929] syz.1.1093[8929] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  529.070415][ T8910] ipt_CLUSTERIP: Please specify destination IP
[  529.935507][ T8887] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  529.966356][ T8887] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  531.574327][ T6816] syz-executor: attempt to access beyond end of device
[  531.574327][ T6816] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  531.818145][ T8887] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  531.827217][ T8887] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  531.882676][ T8887] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  531.901860][ T8887] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  532.339415][ T8887] device vlan2 left promiscuous mode
[  532.357723][ T8887] device syz_tun left promiscuous mode
[  532.553136][ T8892] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  532.562088][ T8892] 8021q: adding VLAN 0 to HW filter on device bond0
[  532.573748][ T8892] 8021q: adding VLAN 0 to HW filter on device team0
[  532.583512][ T8892] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  534.814552][ T8972] sch_tbf: burst 480 is lower than device lo mtu (65550) !
[  541.015475][ T9048] overlayfs: overlapping lowerdir path
[  541.044802][ T9048] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  543.417698][ T9060] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  543.436840][ T9060] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  543.468969][ T9065] loop6: detected capacity change from 0 to 256
[  546.782950][ T9090] loop6: detected capacity change from 0 to 40427
[  546.863630][ T9090] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  546.871432][ T9090] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  546.932040][ T9090] F2FS-fs (loop6): invalid crc value
[  546.994009][ T9090] F2FS-fs (loop6): Found nat_bits in checkpoint
[  547.174988][ T9090] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  547.182093][ T9090] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  547.300776][   T27] audit: type=1804 audit(1753007016.048:32): pid=9090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1134" name="/newroot/105/bus/bus" dev="loop6" ino=10 res=1 errno=0
[  547.531774][   T27] audit: type=1804 audit(1753007016.278:33): pid=9103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1134" name="/newroot/105/bus/bus" dev="loop6" ino=10 res=1 errno=0
[  548.013240][ T9111] device wireguard0 entered promiscuous mode
[  550.742832][ T9132] serio: Serial port ptm0
[  550.930610][ T9117] ipt_CLUSTERIP: Please specify destination IP
[  555.411944][ T9173] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  555.423538][ T9173] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  556.220051][ T9177] Bluetooth: MGMT ver 1.22
[  562.916264][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  562.922650][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  566.780683][ T9268] loop6: detected capacity change from 0 to 16
[  566.827879][ T9268] erofs: (device loop6): mounted with root inode @ nid 36.
[  566.854777][ T9268] erofs: (device loop6): z_erofs_readahead: readahead error at page 2 @ nid 89
[  566.863885][ T9268] erofs: (device loop6): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  566.873609][ T9268] erofs: (device loop6): z_erofs_readahead: readahead error at page 1 @ nid 89
[  567.039516][ T9268] erofs: (device loop6): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  567.049422][ T9268] erofs: (device loop6): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  567.059194][ T9268] erofs: (device loop6): z_erofs_read_folio: failed to read, err [-117]
[  567.093347][   T27] audit: type=1800 audit(1753007035.828:34): pid=9268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1184" name="file3" dev="loop6" ino=89 res=0 errno=0
[  572.335292][ T8938] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  572.545617][ T8938] usb 7-1: Using ep0 maxpacket: 16
[  572.555787][ T8938] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[  572.760989][ T8938] usb 7-1: config 0 has no interface number 0
[  572.767686][ T8938] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  572.777814][ T8938] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  572.788103][ T8938] usb 7-1: config 0 interface 41 has no altsetting 0
[  572.985782][ T8938] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  573.002384][ T8938] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.016302][ T8938] usb 7-1: Product: syz
[  573.020612][ T8938] usb 7-1: Manufacturer: syz
[  573.025700][ T8938] usb 7-1: SerialNumber: syz
[  573.086424][ T9358] IPVS: stopping backup sync thread 7076 ...
[  573.095330][ T8938] usb 7-1: config 0 descriptor??
[  573.102116][ T9347] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  573.115737][ T9347] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  573.361554][ T9347] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  573.372412][ T9347] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  574.154514][ T8938] Error reading MAC address
[  574.184949][ T9364] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  574.401479][ T9364] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  574.701339][ T8938] sr9700 7-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  574.722396][ T8938] usb 7-1: USB disconnect, device number 2
[  579.918660][ T9412] overlayfs: unrecognized mount option "/" or missing value
[  580.555336][  T126] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  582.800822][ T9442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1220'.
[  582.928613][  T126] usb 5-1: device descriptor read/all, error -71
[  584.150472][ T9452] loop6: detected capacity change from 0 to 4096
[  584.188315][ T9452] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  584.270150][ T6816] EXT4-fs (loop6): unmounting filesystem.
[  584.740761][ T9469] device syzkaller0 entered promiscuous mode
[  585.736038][ T9487] loop6: detected capacity change from 0 to 256
[  585.757023][ T9487] FAT-fs (loop6): Directory bread(block 64) failed
[  585.782814][ T9487] FAT-fs (loop6): Directory bread(block 65) failed
[  585.804949][ T9487] FAT-fs (loop6): Directory bread(block 66) failed
[  585.827136][ T9487] FAT-fs (loop6): Directory bread(block 67) failed
[  585.857458][ T9487] FAT-fs (loop6): Directory bread(block 68) failed
[  585.864913][ T9487] FAT-fs (loop6): Directory bread(block 69) failed
[  585.871820][ T9487] FAT-fs (loop6): Directory bread(block 70) failed
[  585.878608][ T9487] FAT-fs (loop6): Directory bread(block 71) failed
[  585.891438][ T9487] FAT-fs (loop6): Directory bread(block 72) failed
[  585.898531][ T9487] FAT-fs (loop6): Directory bread(block 73) failed
[  592.344154][ T9521] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  603.284687][ T9613] overlayfs: overlapping lowerdir path
[  603.734740][ T9612] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  610.900252][  T126] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  611.087939][  T126] usb 7-1: Using ep0 maxpacket: 16
[  611.095967][  T126] usb 7-1: config 1 has an invalid interface number: 214 but max is 0
[  611.119816][  T126] usb 7-1: config 1 has no interface number 0
[  612.015994][  T126] usb 7-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  612.047832][  T126] usb 7-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[  612.058600][  T126] usb 7-1: config 1 interface 214 has no altsetting 0
[  612.085397][  T126] usb 7-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  612.095679][  T126] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.111707][  T126] usb 7-1: Product: syz
[  612.121927][  T126] usb 7-1: Manufacturer: syz
[  612.126831][  T126] usb 7-1: SerialNumber: syz
[  612.151485][ T9666] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  612.222536][ T9666] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  612.284530][  T126] ums-alauda 7-1:1.214: USB Mass Storage device detected
[  612.685649][ T9681] overlayfs: failed to clone lowerpath
[  612.935443][ T9682] overlayfs: failed to clone upperpath
[  613.780044][  T126] scsi host1: usb-storage 7-1:1.214
[  613.977993][  T126] usb 7-1: USB disconnect, device number 3
[  621.458416][ T9736] overlayfs: failed to clone lowerpath
[  621.485807][ T9736] overlayfs: failed to clone upperpath
[  622.322884][ T4317] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  623.325740][ T4317] usb 2-1: Using ep0 maxpacket: 16
[  623.424289][ T4317] usb 2-1: device descriptor read/all, error -71
[  624.666634][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  624.765084][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  628.132478][ T9809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1316'.
[  628.221799][ T9810] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1316'.
[  629.831314][ T9830] overlayfs: overlapping lowerdir path
[  629.865332][ T9830] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  636.521531][ T9898] overlayfs: failed to clone lowerpath
[  636.600395][ T9899] overlayfs: failed to clone upperpath
[  637.217327][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1336'.
[  637.243807][ T9902] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1336'.
[  638.513211][ T8932] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  638.842569][ T8932] usb 7-1: Using ep0 maxpacket: 32
[  638.926915][ T8932] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  639.331751][ T8932] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.371831][ T8932] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  639.495526][ T8932] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.602237][ T8932] usb 7-1: config 0 descriptor??
[  639.705529][ T8932] usb 7-1: can't set config #0, error -71
[  639.768611][ T8932] usb 7-1: USB disconnect, device number 4
[  640.587345][ T9965] device syzkaller0 entered promiscuous mode
[  641.519008][ T9976] serio: Serial port ptm0
[  642.241067][ T9982] overlayfs: overlapping lowerdir path
[  642.414348][ T9983] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  642.988642][ T8932] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  643.175912][ T8932] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  643.198452][ T8932] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  643.243026][ T8932] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  643.272456][ T8932] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  643.288348][ T8932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.296404][ T8932] usb 2-1: Product: syz
[  643.312973][ T8932] usb 2-1: Manufacturer: syz
[  643.317672][ T8932] usb 2-1: SerialNumber: syz
[  644.790920][ T8932] cdc_ncm 2-1:1.0: bind() failure
[  644.963502][ T8932] cdc_ncm: probe of 2-1:1.1 failed with error -71
[  645.014199][ T8932] cdc_mbim: probe of 2-1:1.1 failed with error -71
[  645.036976][ T8932] usbtest: probe of 2-1:1.1 failed with error -71
[  645.095894][ T8932] usb 2-1: USB disconnect, device number 8
[  647.624809][T10035] overlayfs: overlapping lowerdir path
[  647.647793][T10035] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  661.935728][T10152] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  661.943728][T10152] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  662.369050][T10155] input: syz0 as /devices/virtual/input/input21
[  662.841669][T10152] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  664.563269][T10170] fuse: Bad value for 'fd'
[  668.493808][T10221] 9pnet: Could not find request transport: 0xffffffffffffffff
[  670.245142][T10252] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1430'.
[  670.335541][T10252] block device autoloading is deprecated and will be removed.
[  671.191154][ T4317] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  671.389860][ T4317] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  671.422316][ T4317] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.559231][ T4317] usb 2-1: config 0 descriptor??
[  671.577614][ T4317] usb 2-1: selecting invalid altsetting 1
[  672.797423][ T4317] snd-usb-audio: probe of 2-1:0.0 failed with error -22
[  672.816487][ T4317] usb 2-1: USB disconnect, device number 9
[  673.039422][T10157] udevd[10157]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  675.313066][T10309] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1448'.
[  677.226358][ T8936] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  677.428083][ T8936] usb 2-1: Using ep0 maxpacket: 16
[  677.435625][ T8936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  677.476885][ T8936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  677.509754][ T8936] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  677.661078][ T8936] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  677.670809][ T8936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.707289][ T8936] usb 2-1: config 0 descriptor??
[  678.448921][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.547614][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.584188][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.670184][T10318] netlink: 'syz.1.1451': attribute type 29 has an invalid length.
[  678.729798][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.737517][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.748025][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.755291][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.763255][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.778017][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.785360][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.789593][T10324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1451'.
[  678.793087][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.808997][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.816245][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.823861][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.831410][ T8936] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  678.840587][ T8936] microsoft 0003:045E:07DA.0008: No inputs registered, leaving
[  678.858870][ T8936] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  678.873490][ T8936] microsoft 0003:045E:07DA.0008: no inputs found
[  678.881026][ T8936] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway
[  679.010257][T10324] batman_adv: batadv0: Removing interface: batadv_slave_1
[  679.216431][   T14] usb 2-1: USB disconnect, device number 10
[  680.024057][T10350] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  680.918714][ T4317] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  680.926657][T10350] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  681.090999][ T4317] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  685.778367][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  685.784756][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  686.775306][T10390] block device autoloading is deprecated and will be removed.
[  693.783913][T10455] netlink: 5 bytes leftover after parsing attributes in process `syz.5.1488'.
[  694.120444][T10458] syz.4.1489[10458] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  694.120544][T10458] syz.4.1489[10458] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  694.133543][T10458] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1489'.
[  695.807590][ T8931] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  696.028257][ T8931] usb 7-1: Using ep0 maxpacket: 8
[  696.051943][ T8931] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.207238][ T8931] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  696.361276][ T8931] usb 7-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[  696.612979][ T8931] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.646908][ T8931] usb 7-1: config 0 descriptor??
[  697.104218][ T8931] wacom 0003:056A:0000.0009: unknown main item tag 0x1
[  697.122638][ T8931] wacom 0003:056A:0000.0009: item fetching failed at offset 3/11
[  697.141775][ T8931] wacom 0003:056A:0000.0009: parse failed
[  697.163509][ T8931] wacom: probe of 0003:056A:0000.0009 failed with error -22
[  697.499528][   T14] usb 7-1: USB disconnect, device number 5
[  697.609030][T10520] overlayfs: failed to clone upperpath
[  700.217097][T10547] block device autoloading is deprecated and will be removed.
[  701.875000][T10564] device veth0_to_bridge entered promiscuous mode
[  701.984548][T10541] device veth0_to_bridge left promiscuous mode
[  705.938510][T10612] loop1: detected capacity change from 0 to 16
[  706.018216][T10612] erofs: (device loop1): mounted with root inode @ nid 36.
[  706.045784][T10612] erofs: (device loop1): z_erofs_readahead: readahead error at page 2 @ nid 89
[  706.054969][T10612] erofs: (device loop1): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  706.064701][T10612] erofs: (device loop1): z_erofs_readahead: readahead error at page 1 @ nid 89
[  706.091961][T10612] erofs: (device loop1): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  706.101761][T10612] erofs: (device loop1): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89
[  706.111558][T10612] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117]
[  706.188167][T10612] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1542'.
[  706.218142][   T27] audit: type=1800 audit(1753010008.994:35): pid=10612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1542" name="file3" dev="loop1" ino=89 res=0 errno=0
[  708.526411][T10638] fuse: Bad value for 'fd'
[  714.868666][T10709] netlink: 'syz.1.1563': attribute type 13 has an invalid length.
[  714.898800][T10709] gretap0: refused to change device tx_queue_len
[  714.907816][T10709] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  716.157022][T10745] overlayfs: failed to resolve './file0': -2
[  716.980151][T10753] loop1: detected capacity change from 0 to 1024
[  717.023213][T10753] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5
[  717.097954][T10760] overlayfs: overlapping lowerdir path
[  717.206887][T10761] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  717.770208][T10753] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  717.810438][T10753] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.1578: Failed to acquire dquot type 0
[  717.867200][T10753] EXT4-fs error (device loop1): mb_free_blocks:1815: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  717.891748][T10753] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #13: comm syz.1.1578: corrupted inode contents
[  717.922309][T10753] EXT4-fs error (device loop1): ext4_dirty_inode:6119: inode #13: comm syz.1.1578: mark_inode_dirty error
[  718.085769][T10753] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #13: comm syz.1.1578: corrupted inode contents
[  718.123091][T10753] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #13: comm syz.1.1578: mark_inode_dirty error
[  718.934097][T10753] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #13: comm syz.1.1578: corrupted inode contents
[  718.978619][T10753] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  719.001269][T10753] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #13: comm syz.1.1578: corrupted inode contents
[  719.023386][T10753] EXT4-fs error (device loop1): ext4_truncate:4312: inode #13: comm syz.1.1578: mark_inode_dirty error
[  719.045129][T10753] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  719.068234][T10753] EXT4-fs (loop1): 1 truncate cleaned up
[  719.074813][T10753] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  719.148717][T10753] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[  719.182283][T10753] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  719.235567][T10753] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[  719.554073][ T4263] EXT4-fs (loop1): unmounting filesystem.
[  719.737252][T10782] loop1: detected capacity change from 0 to 256
[  721.941080][T10810] overlayfs: failed to clone lowerpath
[  722.034421][T10811] overlayfs: failed to clone upperpath
[  726.953451][T10865] overlayfs: overlapping lowerdir path
[  726.976563][T10865] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  727.681888][T10876] loop1: detected capacity change from 0 to 256
[  727.740702][T10876] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  728.194861][T10876] syz.1.1607: attempt to access beyond end of device
[  728.194861][T10876] loop1: rw=524288, sector=280, nr_sectors = 128 limit=256
[  728.556964][T10876] syz.1.1607: attempt to access beyond end of device
[  728.556964][T10876] loop1: rw=524288, sector=408, nr_sectors = 256 limit=256
[  728.654288][T10876] syz.1.1607: attempt to access beyond end of device
[  728.654288][T10876] loop1: rw=0, sector=280, nr_sectors = 8 limit=256
[  728.686173][   T27] audit: type=1800 audit(1753010516.517:36): pid=10876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1607" name="file1" dev="loop1" ino=1048612 res=0 errno=0
[  728.795244][T10879] syz.1.1607: attempt to access beyond end of device
[  728.795244][T10879] loop1: rw=0, sector=280, nr_sectors = 8 limit=256
[  728.875461][   T27] audit: type=1800 audit(1753010516.707:37): pid=10879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1607" name="file1" dev="loop1" ino=1048612 res=0 errno=0
[  728.941312][T10879] syz.1.1607: attempt to access beyond end of device
[  728.941312][T10879] loop1: rw=0, sector=280, nr_sectors = 8 limit=256
[  729.028627][T10879] syz.1.1607: attempt to access beyond end of device
[  729.028627][T10879] loop1: rw=0, sector=280, nr_sectors = 8 limit=256
[  729.058557][T10879] syz.1.1607: attempt to access beyond end of device
[  729.058557][T10879] loop1: rw=0, sector=280, nr_sectors = 8 limit=256
[  731.354246][T10912] loop1: detected capacity change from 0 to 128
[  731.545107][T10912] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  731.561800][T10912] ext4 filesystem being mounted at /350/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  731.829574][ T4263] EXT4-fs (loop1): unmounting filesystem.
[  739.417910][T10999] netlink: 'syz.5.1641': attribute type 9 has an invalid length.
[  739.880820][ T7202] Bluetooth: hci4: Frame reassembly failed (-84)
[  740.025721][T11011] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  742.995405][ T4278] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  744.507085][T11055] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  748.205527][   T14] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  748.409571][   T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  748.426378][   T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  748.445417][   T14] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  748.465201][   T14] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  748.474946][   T14] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.505329][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  748.511706][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  748.726872][   T14] usb 2-1: config 0 descriptor??
[  750.990091][   T14] usbhid 2-1:0.0: can't add hid device: -71
[  750.996252][   T14] usbhid: probe of 2-1:0.0 failed with error -71
[  751.019548][   T14] usb 2-1: USB disconnect, device number 11
[  752.448436][T11109] cgroup: none used incorrectly
[  758.915634][T11144] overlayfs: failed to clone upperpath
[  760.126360][T11164] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1687'.
[  761.873799][T11184] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  764.834626][T11206] overlayfs: failed to clone lowerpath
[  764.894674][T11207] overlayfs: failed to clone upperpath
[  765.046796][T11215] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1699'.
[  766.421076][T11228] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1704'.
[  767.474118][T11247] device pim6reg1 entered promiscuous mode
[  771.573973][T11282] overlayfs: failed to clone lowerpath
[  772.548002][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  776.746680][T11334] overlayfs: overlapping lowerdir path
[  778.841438][T11353] device pim6reg1 entered promiscuous mode
[  779.191544][T11355] rtc_cmos 00:00: Alarms can be up to one day in the future
[  780.085819][T11374] syz.5.1750[11374] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  780.086064][T11374] syz.5.1750[11374] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  782.482295][T11395] overlayfs: overlapping lowerdir path
[  788.142952][T11450] overlayfs: failed to clone lowerpath
[  789.813653][T11468] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  789.853238][T11468] kvm: pic: non byte read
[  789.859007][T11468] kvm: pic: non byte read
[  789.866035][T11468] kvm: pic: non byte read
[  789.883829][T11468] kvm: pic: non byte read
[  789.900453][T11468] kvm: pic: non byte read
[  790.497907][ T4317] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  790.687949][ T4317] usb 2-1: Using ep0 maxpacket: 16
[  790.697217][ T4317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.728876][ T4317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  790.749032][ T4317] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  790.782666][ T4317] usb 2-1: New USB device found, idVendor=045e, idProduct=9994, bcdDevice=fc.3c
[  790.802032][ T4317] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.822330][ T4317] usb 2-1: config 0 descriptor??
[  791.235432][ T4317] hid (null): invalid report_size -8990553
[  791.251135][ T4317] hid (null): global environment stack underflow
[  791.282819][ T4317] hid-generic 0003:045E:9994.000A: unknown main item tag 0x2
[  791.314346][ T4317] hid-generic 0003:045E:9994.000A: collection stack underflow
[  791.325599][ T4317] hid-generic 0003:045E:9994.000A: item 0 2 0 12 parsing failed
[  791.337586][ T4317] hid-generic: probe of 0003:045E:9994.000A failed with error -22
[  791.467068][T11477] kvm [11476]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x7
[  791.478728][T11477] kvm [11476]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x7
[  791.530013][T11477] kvm [11476]: vcpu2, guest rIP: 0x9114 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x1, nop
[  791.565624][T11477] kvm [11476]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0x187 data 0x1
[  791.613819][T11477] kvm [11476]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0x186 data 0x1
[  791.750154][ T4317] usb 2-1: USB disconnect, device number 12
[  792.868139][T11507] overlayfs: overlapping lowerdir path
[  797.313697][T11571] overlayfs: overlapping lowerdir path
[  805.375269][T11009] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  805.394883][T11009] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  805.403857][T11009] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  805.414873][T11009] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  805.424923][T11009] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  805.433485][T11009] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  806.589907][T11633] device pim6reg1 entered promiscuous mode
[  807.197600][T11671] overlayfs: failed to clone lowerpath
[  807.213805][T11671] overlayfs: failed to resolve './file1': -2
[  807.520106][T11009] Bluetooth: hci4: command 0x0409 tx timeout
[  808.132121][T11647] chnl_net:caif_netlink_parms(): no params data found
[  809.718197][ T4278] Bluetooth: hci4: command 0x041b tx timeout
[  809.844542][T11647] bridge0: port 1(bridge_slave_0) entered blocking state
[  809.872090][T11647] bridge0: port 1(bridge_slave_0) entered disabled state
[  809.908219][T11647] device bridge_slave_0 entered promiscuous mode
[  810.053961][ T4631] tipc: Disabling bearer <udp:syz2>
[  810.095408][ T4631] tipc: Left network mode
[  810.118692][T11698] device wg2 entered promiscuous mode
[  810.158922][T11647] bridge0: port 2(bridge_slave_1) entered blocking state
[  810.186321][T11647] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.273177][T11647] device bridge_slave_1 entered promiscuous mode
[  810.825998][T11647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  810.869713][T11647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  810.941828][T11647] team0: Port device team_slave_0 added
[  810.953643][T11647] team0: Port device team_slave_1 added
[  810.992667][T11647] batman_adv: batadv0: Adding interface: batadv_slave_0
[  811.009337][T11647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  811.036129][T11647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  811.079385][T11647] batman_adv: batadv0: Adding interface: batadv_slave_1
[  811.086377][T11647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  811.536177][T11647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  811.766726][ T4278] Bluetooth: hci4: command 0x040f tx timeout
[  812.040961][T11647] device hsr_slave_0 entered promiscuous mode
[  812.140009][T11647] device hsr_slave_1 entered promiscuous mode
[  812.180038][T11647] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  812.222354][T11647] Cannot create hsr debugfs directory
[  813.292815][T11760] syz.1.1863[11760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  813.292983][T11760] syz.1.1863[11760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  813.513166][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  813.537871][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  813.828227][ T4278] Bluetooth: hci4: command 0x0419 tx timeout
[  815.470966][ T4631] device hsr_slave_0 left promiscuous mode
[  815.487423][ T4631] device hsr_slave_1 left promiscuous mode
[  815.510672][ T4631] batman_adv: batadv0: Removing interface: batadv_slave_0
[  816.438588][ T4631] batman_adv: batadv0: Removing interface: batadv_slave_1
[  816.530004][ T4631] device bridge_slave_1 left promiscuous mode
[  816.556652][ T4631] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.631084][ T4631] device bridge_slave_0 left promiscuous mode
[  816.644803][ T4631] bridge0: port 1(bridge_slave_0) entered disabled state
[  819.678734][ T4631] team0 (unregistering): Port device team_slave_1 removed
[  819.756755][ T4631] team0 (unregistering): Port device team_slave_0 removed
[  819.847633][ T4631] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  819.937016][ T4631] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  821.427813][ T4631] bond0 (unregistering): Released all slaves
[  822.213619][T11832] bridge0: port 2(bridge_slave_1) entered disabled state
[  822.220991][T11832] bridge0: port 1(bridge_slave_0) entered disabled state
[  822.360998][T11647] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  822.405866][T11647] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  822.439377][T11647] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  822.461801][T11647] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  822.845489][T11647] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.893397][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  822.907408][ T5717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  823.049527][T11647] 8021q: adding VLAN 0 to HW filter on device team0
[  823.118251][ T4819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  823.143863][ T4819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  823.170556][ T4819] bridge0: port 1(bridge_slave_0) entered blocking state
[  823.177790][ T4819] bridge0: port 1(bridge_slave_0) entered forwarding state
[  823.207683][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  823.237639][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  823.276070][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  823.350332][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[  823.357578][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[  823.422160][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  823.556567][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  823.587209][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  823.713541][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  823.746451][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  823.850552][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  823.905278][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  823.970121][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  824.050101][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  824.329682][T11647] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  824.341252][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  824.535539][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  824.568470][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  826.381367][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  826.412893][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  831.967528][T11647] 8021q: adding VLAN 0 to HW filter on device batadv0
[  834.218948][T12016] block device autoloading is deprecated and will be removed.
[  835.142567][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  835.160028][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  835.459683][T11647] device veth0_vlan entered promiscuous mode
[  835.647206][T11647] device veth1_vlan entered promiscuous mode
[  835.854605][T11647] device veth0_macvtap entered promiscuous mode
[  835.876509][T11647] device veth1_macvtap entered promiscuous mode
[  835.930566][T11647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  835.973836][T11647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  835.984212][T11647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  835.995349][T11647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.009317][T11647] batman_adv: batadv0: Interface activated: batadv_slave_0
[  836.038005][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  836.062740][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  836.083778][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  836.102713][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  836.140095][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  836.159861][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  836.242339][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  836.265168][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  836.295271][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  836.307268][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  836.319720][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  836.341653][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  836.359554][T11647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.392752][T11647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.403021][T11647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  836.519143][T11647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.786348][T11647] batman_adv: batadv0: Interface activated: batadv_slave_1
[  837.080873][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  837.096831][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  837.154780][T11647] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  837.197864][T11647] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  837.225810][T11647] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  837.235524][T11647] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  837.530280][ T7212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.812987][ T7212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.942057][ T7212] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  838.044168][ T7212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.172454][ T7212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  838.247963][ T7202] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  843.212985][T12169] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  846.314763][T12203] overlayfs: failed to clone lowerpath
[  846.330003][T12204] overlayfs: failed to clone upperpath
[  850.641022][T12244] overlayfs: failed to clone lowerpath
[  850.692400][T12245] overlayfs: failed to clone upperpath
[  853.443343][T12287] overlayfs: overlapping lowerdir path
[  853.631676][T12289] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  854.824015][T12306] device pim6reg1 entered promiscuous mode
[  855.887211][T12341] loop1: detected capacity change from 0 to 2048
[  856.135695][T12345] overlayfs: overlapping lowerdir path
[  856.158963][T12341] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  856.199817][T12348] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  857.391498][ T4263] EXT4-fs (loop1): unmounting filesystem.
[  858.712349][T12384] overlayfs: failed to clone lowerpath
[  858.734227][T12384] overlayfs: failed to clone upperpath
[  860.697811][T12375] device veth1_macvtap left promiscuous mode
[  860.703902][T12375] device macsec0 entered promiscuous mode
[  861.702670][T12431] overlayfs: overlapping lowerdir path
[  861.715118][T12431] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  863.761327][T12483] overlayfs: overlapping lowerdir path
[  863.861798][T12484] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  865.726645][T12508] syz.5.2070[12508] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  865.726752][T12508] syz.5.2070[12508] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  867.022408][T12541] overlayfs: failed to clone lowerpath
[  867.049565][T12541] overlayfs: failed to clone upperpath
[  867.422316][T12542] ������: renamed from vlan0
[  870.681352][T12584] overlayfs: overlapping lowerdir path
[  870.785858][T12585] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  871.023658][ T3637] udevd[3637]: worker [12405] terminated by signal 33 (Unknown signal 33)
[  874.939986][T12597] device pim6reg1 entered promiscuous mode
[  874.952624][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  874.959317][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  874.966478][T12628] overlayfs: overlapping lowerdir path
[  874.977275][T12628] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  878.296346][T12686] overlayfs: overlapping lowerdir path
[  878.309290][T12686] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  882.815140][T12725] syz.6.2136[12725] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  882.815264][T12725] syz.6.2136[12725] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  883.243828][T12732] overlayfs: overlapping lowerdir path
[  883.283105][T12732] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  887.849587][T12765] overlayfs: overlapping lowerdir path
[  888.561759][T12769] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  891.997145][T12816] overlayfs: overlapping lowerdir path
[  892.006221][T12816] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  892.892654][T12834] device pim6reg1 entered promiscuous mode
[  897.116432][T12867] overlayfs: failed to clone lowerpath
[  897.128981][T12867] overlayfs: failed to clone upperpath
[  900.229721][T12892] overlayfs: overlapping lowerdir path
[  900.249254][T12892] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  903.556946][T12939] overlayfs: failed to clone lowerpath
[  903.564824][T12939] overlayfs: failed to clone upperpath
[  906.363474][T12967] overlayfs: failed to clone lowerpath
[  906.371330][T12967] overlayfs: failed to clone upperpath
[  908.830645][T12964] ������: renamed from vlan1
[  908.976525][T12989] device wg2 entered promiscuous mode
[  909.745545][T13003] overlayfs: overlapping lowerdir path
[  909.757024][T13003] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  913.070631][T13047] overlayfs: overlapping lowerdir path
[  913.210141][T13065] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  915.691027][T13101] overlayfs: overlapping lowerdir path
[  915.731134][T13101] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  917.295371][T13133] device pim6reg1 entered promiscuous mode
[  917.516510][T13142] loop1: detected capacity change from 0 to 512
[  917.583572][T13142] EXT4-fs: Ignoring removed mblk_io_submit option
[  917.656299][T13142] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  917.667588][T13142] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  917.687482][T13148] syz.0.2280[13148] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  917.687596][T13148] syz.0.2280[13148] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  917.732602][T13142] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended
[  917.756877][T13142] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  917.782106][T13142] System zones: 0-2, 18-18, 34-34
[  917.807452][T13142] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.2279: iget: bad i_size value: 360287970189639680
[  917.831329][T13142] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.2279: couldn't read orphan inode 15 (err -117)
[  917.848778][T13142] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1022.917637][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1022.924782][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P13135/1:b..l
[ 1022.933427][    C0] 	(detected by 0, t=10503 jiffies, g=66397, q=178 ncpus=2)
[ 1022.940727][    C0] task:syz.6.2277      state:R  running task     stack:25248 pid:13135 ppid:6816   flags:0x00004000
[ 1022.952876][    C0] Call Trace:
[ 1022.956182][    C0]  <TASK>
[ 1022.959154][    C0]  __schedule+0x10e9/0x40d0
[ 1022.963732][    C0]  ? release_firmware_map_entry+0x18a/0x18a
[ 1022.969676][    C0]  ? lock_chain_count+0x20/0x20
[ 1022.974596][    C0]  ? preempt_schedule_irq+0xa6/0x150
[ 1022.979916][    C0]  preempt_schedule_irq+0xb1/0x150
[ 1022.985054][    C0]  ? preempt_schedule_notrace+0x110/0x110
[ 1022.990828][    C0]  ? rcu_is_watching+0x11/0xa0
[ 1022.995638][    C0]  ? rcu_irq_exit_check_preempt+0xdb/0x210
[ 1023.001494][    C0]  irqentry_exit+0x63/0x70
[ 1023.005950][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1023.011967][    C0] RIP: 0010:lock_acquire+0x15e/0x490
[ 1023.017327][    C0] Code: 89 f0 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 19 02 00 00 41 83 3e 00 0f 85 02 01 00 00 48 c7 84 24 a0 00 00 00 00 00 00 00 9c <8f> 84 24 a0 00 00 00 4c 8b b4 24 a0 00 00 00 fa 48 c7 c7 40 11 8c
[ 1023.036975][    C0] RSP: 0018:ffffc9000385f3f8 EFLAGS: 00000246
[ 1023.043081][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: d7b8308c6322f900
[ 1023.051090][    C0] RDX: 0000000000000000 RSI: ffffffff8adef240 RDI: ffffffff8adef200
[ 1023.059090][    C0] RBP: ffffc9000385f510 R08: dffffc0000000000 R09: fffffbfff1c3e91e
[ 1023.067097][    C0] R10: fffffbfff1c3e91e R11: 1ffffffff1c3e91d R12: 0000000000000001
[ 1023.075114][    C0] R13: 1ffff9200070be8c R14: ffff88802d9f8adc R15: dffffc0000000000
[ 1023.083156][    C0]  ? shmem_alloc_and_acct_folio+0x6ce/0xb60
[ 1023.089087][    C0]  ? read_lock_is_recursive+0x10/0x10
[ 1023.094508][    C0]  ? shmem_replace_folio+0xda0/0xda0
[ 1023.099847][    C0]  ? get_mem_cgroup_from_mm+0x34/0x290
[ 1023.105340][    C0]  get_mem_cgroup_from_mm+0x50/0x290
[ 1023.110659][    C0]  ? get_mem_cgroup_from_mm+0x34/0x290
[ 1023.116150][    C0]  __mem_cgroup_charge+0x11/0x80
[ 1023.121128][    C0]  shmem_add_to_page_cache+0x8fc/0x1c00
[ 1023.126707][    C0]  ? xas_load+0x127/0x140
[ 1023.131077][    C0]  ? __filemap_get_folio+0xf0/0xdd0
[ 1023.136322][    C0]  ? put_page+0x270/0x270
[ 1023.140685][    C0]  ? mark_lock+0x94/0x320
[ 1023.145044][    C0]  ? verify_lock_unused+0x140/0x140
[ 1023.150290][    C0]  shmem_get_folio_gfp+0x158b/0x3400
[ 1023.155636][    C0]  shmem_fault+0x1be/0x7b0
[ 1023.160095][    C0]  ? shmem_fallocate+0xf80/0xf80
[ 1023.165066][    C0]  ? filemap_map_pages+0x18b/0x10d0
[ 1023.170317][    C0]  ? filemap_read_folio+0x760/0x760
[ 1023.175545][    C0]  ? count_memcg_event_mm+0x8f/0x3b0
[ 1023.180891][    C0]  __do_fault+0x13b/0x4e0
[ 1023.185247][    C0]  ? handle_mm_fault+0x28b0/0x3e70
[ 1023.190491][    C0]  handle_mm_fault+0x28ca/0x3e70
[ 1023.195485][    C0]  ? numa_migrate_prep+0x250/0x250
[ 1023.200654][    C0]  __get_user_pages+0x3ff/0xeb0
[ 1023.205570][    C0]  ? populate_vma_page_range+0x2b0/0x2b0
[ 1023.211255][    C0]  populate_vma_page_range+0x214/0x2b0
[ 1023.216766][    C0]  __mm_populate+0x248/0x370
[ 1023.221395][    C0]  ? check_vma_flags+0x4d0/0x4d0
[ 1023.226390][    C0]  ? preempt_count_add+0x8d/0x190
[ 1023.231461][    C0]  ? up_write+0x1bb/0x420
[ 1023.235837][    C0]  vm_mmap_pgoff+0x203/0x2b0
[ 1023.240464][    C0]  ? account_locked_vm+0xe0/0xe0
[ 1023.245454][    C0]  ? ksys_mmap_pgoff+0xe6/0x6f0
[ 1023.250353][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[ 1023.255587][    C0]  do_syscall_64+0x4c/0xa0
[ 1023.260039][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1023.264746][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1023.269461][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1023.275413][    C0] RIP: 0033:0x7fefb238e9a9
[ 1023.279868][    C0] RSP: 002b:00007fefb3182038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1023.288304][    C0] RAX: ffffffffffffffda RBX: 00007fefb25b5fa0 RCX: 00007fefb238e9a9
[ 1023.296320][    C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[ 1023.304314][    C0] RBP: 00007fefb2410d69 R08: ffffffffffffffff R09: 0000000000000000
[ 1023.312311][    C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[ 1023.320305][    C0] R13: 0000000000000000 R14: 00007fefb25b5fa0 R15: 00007fffd2e71018
[ 1023.328320][    C0]  </TASK>
[ 1023.331366][    C0] rcu: rcu_preempt kthread starved for 10534 jiffies! g66397 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1023.343204][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1023.353191][    C0] rcu: RCU grace-period kthread stack dump:
[ 1023.359096][    C0] task:rcu_preempt     state:R  running task     stack:27840 pid:16    ppid:2      flags:0x00004000
[ 1023.369902][    C0] Call Trace:
[ 1023.373194][    C0]  <TASK>
[ 1023.376141][    C0]  __schedule+0x10e9/0x40d0
[ 1023.380681][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[ 1023.386356][    C0]  ? _raw_spin_unlock+0x40/0x40
[ 1023.391251][    C0]  ? release_firmware_map_entry+0x18a/0x18a
[ 1023.397180][    C0]  schedule+0xb9/0x180
[ 1023.401275][    C0]  schedule_timeout+0x15c/0x280
[ 1023.406172][    C0]  ? console_conditional_schedule+0x40/0x40
[ 1023.412096][    C0]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 1023.418021][    C0]  ? update_process_times+0x1b0/0x1b0
[ 1023.423442][    C0]  ? prepare_to_swait_event+0x335/0x350
[ 1023.429026][    C0]  rcu_gp_fqs_loop+0x2f2/0x1310
[ 1023.433906][    C0]  ? rcu_gp_kthread+0x380/0x380
[ 1023.438791][    C0]  ? dyntick_save_progress_counter+0x2b0/0x2b0
[ 1023.444984][    C0]  ? rcu_gp_init+0x14b0/0x14b0
[ 1023.449785][    C0]  ? rcu_gp_cleanup+0xb4c/0xca0
[ 1023.454662][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1023.459896][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[ 1023.465129][    C0]  rcu_gp_kthread+0x95/0x380
[ 1023.469748][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[ 1023.474879][    C0]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 1023.480814][    C0]  ? __kthread_parkme+0x162/0x1c0
[ 1023.485870][    C0]  kthread+0x29d/0x330
[ 1023.489975][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[ 1023.495106][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 1023.499756][    C0]  ret_from_fork+0x1f/0x30
[ 1023.504216][    C0]  </TASK>
[ 1023.507254][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1023.513613][    C0] CPU: 0 PID: 13154 Comm: syz.1.2279 Not tainted 6.1.146-syzkaller #0
[ 1023.521785][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1023.531851][    C0] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40
[ 1023.537683][    C0] Code: f5 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 ce 41 43 f7 48 89 df e8 26 07 44 f7 e8 41 f9 66 f7 fb bf 01 00 00 00 <e8> 36 84 37 f7 65 8b 05 07 45 e2 75 85 c0 74 02 5b c3 e8 54 56 e0
[ 1023.557317][    C0] RSP: 0018:ffffc90003327bb8 EFLAGS: 00000286
[ 1023.563440][    C0] RAX: 1f0dfc676383f800 RBX: ffff888055ec1280 RCX: 1f0dfc676383f800
[ 1023.571452][    C0] RDX: dffffc0000000000 RSI: ffffffff8a8c0460 RDI: 0000000000000001
[ 1023.579460][    C0] RBP: 1ffff11005c29885 R08: dffffc0000000000 R09: ffffed100abd8251
[ 1023.587453][    C0] R10: ffffed100abd8251 R11: 1ffff1100abd8250 R12: ffff8880463d26e0
[ 1023.595442][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8880463d26f8
[ 1023.603429][    C0] FS:  00007fcbfe2a96c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1023.612397][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1023.619008][    C0] CR2: 00007fcbfe2a8e80 CR3: 0000000075b83000 CR4: 00000000003506f0
[ 1023.627009][    C0] Call Trace:
[ 1023.630316][    C0]  <TASK>
[ 1023.633260][    C0]  get_signal+0x1163/0x1350
[ 1023.637813][    C0]  arch_do_signal_or_restart+0xb0/0x1230
[ 1023.643475][    C0]  ? do_futex+0x310/0x320
[ 1023.647844][    C0]  ? __ia32_sys_get_robust_list+0x80/0x80
[ 1023.653596][    C0]  ? get_sigframe_size+0x10/0x10
[ 1023.658582][    C0]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1023.664088][    C0]  exit_to_user_mode_loop+0x70/0x110
[ 1023.669412][    C0]  exit_to_user_mode_prepare+0xb1/0x140
[ 1023.674995][    C0]  syscall_exit_to_user_mode+0x16/0x40
[ 1023.680491][    C0]  do_syscall_64+0x58/0xa0
[ 1023.684930][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1023.689646][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1023.692401][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[ 1023.694340][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1023.700805][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[ 1023.706459][    C0] RIP: 0033:0x7fcbfd38e9a9
[ 1023.717148][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1023.736780][    C0] RSP: 002b:00007fcbfe2a90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1023.745233][    C0] RAX: fffffffffffffe00 RBX: 00007fcbfd5b6088 RCX: 00007fcbfd38e9a9
[ 1023.753249][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcbfd5b6088
[ 1023.761246][    C0] RBP: 00007fcbfd5b6080 R08: 0000000000000000 R09: 0000000000000000
[ 1023.769245][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbfd5b608c
[ 1023.777235][    C0] R13: 0000000000000000 R14: 00007ffc2f016c30 R15: 00007ffc2f016d18
[ 1023.785269][    C0]  </TASK>