last executing test programs:

6m48.976795299s ago: executing program 3 (id=1302):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x89901)
sendfile(r2, r2, 0x0, 0x200000)
ioctl$sock_proto_private(r0, 0x89e1, 0x0)
socket$packet(0x11, 0x2, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1f3ffc00e2c84759d7d9fd9283c99837740684c16abb86b2d1fa8f4317d06a89834cca941105bebe30e047af0f8ba7f462e9b3147e04e849971bc8f40294507f1a4e84d01959ffcbf780f5aea14d6ccd746ffb08b7424954c36d0731ea8e6fc1000614ad19db3a898fdf6974a48966c92e84b7a1352b6e078492e25e00"/140, @ANYRES16=r4], 0x98}, 0x1, 0x0, 0x0, 0x4000804}, 0x8000)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
syz_fuse_handle_req(r5, &(0x7f0000004380)="4e5350994ebf71ce3049a58c5d050078bf16b0757a4c27b455e2a547739587dd3380b5df8f40a0696c5bd6cdb672cffe4d870c5c90ca92095b9ebf3e92fe31d8cd74275d857d34a74f7eecc7fac15e2f148d4e9d47bb45b858bbf078999970d180f28d7b2cefd92635d45a563d9229c9fd770efdc0848e52fa5efd9ada5c94a1ba94b4b7c7507f8b0819bb20910f9f50a83a010abbe126dd9f6a7b84eab6b0d5ce78d2ade77a5f7e4e997df1d03ffab4b4c945d803e4457909013127a98769c938c237f37263bc509a42bc56ff2dbf80e847e2c407009eef94f18e1e59069d62298fdbadae007ffbdf403c5049a4530ac0abecceb5608da02754c9a575af52c0b7e41226e2d642a814861c4310c935bcbae413516dde2132652b39c7aa0218a6ce65dabb4494965209ce879ba7e7e59039db5c1d36d6a7f86d72dd59954fd6f46124a2506b245a0db11aa89d2feb312a6596ea2fecaa7b6021f37a255f628da7ff6b6c36b514d3b6be34e505f9dac6acfb888198004699fb350ac93431533554658c4957df36703591438d6488bc03dd8290a75ebb367a481a50e79a46b04d005649cabd79e5c6326c066bc2b6fc5febb87ef66d832ef31a16c2a450a0b990fb549a5d810c928d1a81fa1dc795db2607ac7d46cb5716b68acdeb00987e429fe6a394632c83b43336e7b51d9cfdb50e83d8c6ba1784d9f74c16b476e048e65e7ac0af683b347d7377ac1795422e00e5bd8da9b313af83abb3348861116de7a99959169b7dff9f7d9b7a6d107f2e76670a6214a419bf8298f80eb570fa29264ba57a383c5ec5836ce33104ecaf1aec76e311280a1d2c8bd7abff3a5a242e6a637f7db63038ef5d78aca9c680d72b60da4dbeb0e1e683ddc82898647c589a81b8f92db06711d8a0af05560cd77fa7005283db71e8da21713fccd450822062b994d152aaed2cdcf0dec9c60617e15ba4df628da4e71279bf9d1eee5c7f055c27cddfdd45f9225d5d5529ef7119e2e3c9838e7362971e069be487797e949b24297de19c61340d1cd7a2bfa3880b91a71e934720a59e1e0ea992d2a1633a0852ad8addfcab73a291e35745e694a6471f429b124305886c1f79f67c78de3f3ec998c91e7fc59d26766cd446f6f0de603f2c6892e13cdaa37d9e8e118d098b6986ccd991993ec152193e7d77394b05b99e7d310c506707f1be52249438fba9615f6dad2ec7244fedf36e34ec311b7d6bee64271d6491079e161190ded7e28e2ada4307a9b2986c267b1a30d2f720ff23408011f1d589ce9ee77f981c7833656ccf7df5b3a87ec253ff7c7ef1e67ceeb10c93e3fa683cdadad65850ffbc402b7744e94cdecef9db9d264c755c53d36278df23d4c9685fdefa69f7588a33b8a64b35191ee81abcb9765577d175cb06e31c582807ff7243bfef44961fbc0f8a235242f51ee991ea621803d4dcfed90d26f004b299425bf219f6d185fe6e088ae44601b03defada18794feac93787696a5d419f09f769bc590f43d2df6a131f6895da2de120c2644685e57b1d476c6aba5881e954fb2575356452b118b942cb02b4ea0fcf8f1bbb9a23b6e32c9d0accd3dd861452a3ad77b38fe709e216974932deb5397fd8033ff0e073d93ac0b4be762bca0424d69bd57b22ba914133f87671a29498b268c2911e793215463ca2164e38059456107dcb29beedfd6277e2b41a11d1c6f1361b19875c9384f04f9c53c1856d71f360a8fafe05f7aef750ec0cf2bfcfa971c017ad071b69a18fdaf970b384d4c889cfa5a0397dbe89543a5c6302645d6edf959aa60709ce0225fe6c3266c7ef62157ac8e78fddcd8a1f2ca5b58128218d19276885515775326aeeee0226cc810843eb05144bf8e2fe3340cf60b32cafd96d23cd7d0d3adcbdfec9a2a3d88307c362633b1c5637608ea8476d900b3f836a9734b5ecaf5e82983577128d3f74b903b0e3bf64326c1b564ae42aeeb0c07702b63a9ff74a2af6b45e5185a53f36c17bc29dfbc0ea28ca5cca43a15d751e9887ad3e6a87faacb6a278c4c8a8d21b9a77b9776f33102a6e645e99cc5cbc543ed0674282c2b9f8e5d14c2599aa9ac8f81438c77f2b9368bdac82edcdc5366f39adec9e9a3fbd55b79abc16d2ebff26b7d0c88f18b486e5836333575e3fc7808cb423b44781c57965767862922b4ff32d9bae76296843a46f430211c27ef9db168430026a5691623284dfd459dbdd1f1a6ec9bfad666507e6eacb1e2a7866da2e12e6d596d0bbb150500590013d9288af20596447f97bf1744eb9cfb244d8fca269b1fb71e14de664be4e95d83fff1b8abcfebcf3e78c1c66d28f260fb0c19f9fbcd2abbdd7dd7246e49dc25d954bf25f810a2ff6f9069dfdc62e7170fe3b0964b2ac95024256dfa3e7a426be5bb5f707fd82c2b3afec5d5dcf5bbb8fcb6dbc1b59f6c5330966c70d8b016956903a4278817414ba3652a102d7e7e37ecc79400267fc3bf7601c0731f87d479c33f100735e748874155267f708cea49d549e93cf7a398b20373dc90ad9afd56d9c77cd24e2c4a18f7130b366c7fe5b26bc4d11ca1ed1b98fa0b4d7396f82ae6593f4575d19f4d8fd586c991129e5cbe15c8bacc89c3ee15ca471dea966b5c48ede0d3ba2a7e28c75c04e6a4aa49a61f4e391ffe78eb5e40a5ef349f3aa4d15f2291cc86ec7e47ae301bf0b6083dae44b695820a893d46732553ef15ed1c16d28268d52a7e3a7e7c009d0c0708a356d3310c1ebcbcca4d7acf433e34bfc9fc115498142dcc725e7a16879c75e4c2f01c6c98b39619f3248bf530e6ee593467e38cf4026cfdc4db6296565722d587f3c580750b1453ecc141c0461495551297d88ae034acbd4f5e80ce198e6640c4c1e9501529988109cef006eb2090a6fcd974d7f60290b78f1a8ce3051ac2d69636c3219f0a6ad8c254764396a1684b2fd9805b1853525f2e640e513197283cc4d4073ac033e0539a88f08aabe1423cd40b8a7e073437d812b57a5d39a0531dcbe13f4466e89efc66c2a1e4b39a3e0b3073c9d44e6cf9b85f4df5c4e03628d05bc0f94ec04234c9eca4ed17463f190406834b02888728f625371cda75d15ec19efebd59f00ab659eb94eb88bcb2110862a369ad599610c1530fcc118f5b82205bc5215fe3623ac8ec297d8ff4eee75ace20731c5d505e6605c26203b7f754164c9463f0a6eefe3a2880b8e06e7bc66bb2adcc1a3f9b0325f5ec31d12a25f1f73c2aa6bb3a7680d786a082a63b13cce1822fa6a4b085a871ae3409eecbc1fd8661b5d52bb2b8b72f23e24a225075f272ed2ba0c6c5c693811a0ef8db6da7cfe7c966c647f0187ad223eedb1012a5b7af103e98464ac768c79b21ca45b12a52cf261de0d367442cda71c4b8ee39c94ded1b22ba06c13836cb467ebab4efea07bdf1e3de8da56a0ee6d4f848011253cc21fac10700003513d3167b7a73e0d752b861c49814bc5410ebe53a0264f76068c91ee6ec9e2daa343482b2f0f06e605c5aaf81f2a3cd570efc2094b4bc452f9526f1bbe7b22b694fb8109a5a987fabf6250912d6099e67da9cac79e8b6f2cce4702d1f17cbc5d06c38b8a48155ec758369c185ded839fb58cd736fbb74105fe5baf44e7e3ed06843f23601b60a43b1f88fd29e9b3f58479f9b95392a39d5ba1a31ee4441ca2d1fb57c0a8678a07a724b7a65b2ab16d1da197f435bce3ef003fce27fa2f0a67c9dd6c930a4bcf59e79e57b010000006fe34972958c28b56642d14ea89bf4d7d6f7fcbcf4fda8bd08fc9fe424de4359112b11f81fbdc1505658363697713ff6e1f8ca3c4be34a79993a9091f6017cda6c7489ae5c07062555231427c3eb42a049f42d22a060983b044a7d34ab5d2b5386cca79af72396a48aad6b8dcd7855410fc6106e4a165994f26efff1e7ea0aa8f560333b5dfdb2a0d899b0fda955155f90c75effd3c9535d88508e836feb7807d57b2a57cca42d3d08fe7de60d2a33376f49bdacdd3f814bd0927f417f15ad62a10b302f1cb390aaf82b0bc6af46bbf990b6ada45ef83ce13029d167c65134e7b82b59ddfdc367e61c40defd2732ccebb1d4000f6c742df964e1fb390c255d2b1dfc745c6ab34af8096b5b67aa179e3f341854f7a69f7bf47664c832037ec7a78f8e27209e3f20f833fb6e8c0fc4a40920a5ad2b0618982ff72540009d5db82f0f5bcaed2a27f35d1e50eaa0cf8e48c7a2d43c25d0264db750a7f33b44a4bfaae576cf9ee7594ed204513899566564ed8bbc97ed18b1d8868f926a5c70ac06fbac1eade46792186be7bf8ffa3301239edd093449b7d77192782b5111c14169d2b4a1b3443ad62e4abdf11aac6a5b89a5b20ab0ad0abd949b9d64582c67ffce018e7e46de4091fcc77a65b971fc67c8d9cbf0c341ca764b1056ee5014d9865059616a525a1d46ae2fad159afe86dd1df9b8246411827e19535ca0aa9f83050b06e70aa2737f27e93d584a9cef878a642e9361efaa5d20bd8da901fa2e064656f686d3b3ea31d1d850ae9196b7764548f5c6450a32a717e09b6b7e75d43fbbda76e43a24f186d5578933f408bfa28e0435cde525fb91e71d92d704cc5a9b5e3db7aaec46d2b1f8dcb3f921f69bd7397c96a1e132c39c8f1656cea4365c779abf76199cb5b6aada022edec5c901cdafa2e7f3765af9c8b20cb1a6785085fcb0dc901367b89051bdfdc6b68c5215fd04e2b3c7e1c454a4d21132953b25c50995af0f7159a5a8d0a1621f4808f126a5bd40ddc79fed90f49925ee367a57a05c070fbe39fe2c213e7c1724a907ecfa69efe6e021c06a262471a4377f3c9809e9fee4f375e27c31b6afbb2151da86b7cab63c7b4fa4b77fb30172b9d0d78b1c0535ec0639c4910b5eeecbb5b8b5c8aa74c140e7ad347812e36db3097a7ff85c09ab2c0020202307f50efefcdb497b9c060ca68c4be54a9165b4cebc6b2e2e14e5ffb9213142418faedcdf26fd326b7672399e71cfffe3ed712ced5317c254f9199ee10c24c802d102bd8749513d3145201ca4e01bc7c8bbcf430afa541ec5665f86dfb143be648521bb0f2b029018201444787f644f8c88b79e754e6ea9c797babdaec72a9680abadf3a41684cdd57c2b6e833acc0846be5aa927f1b1b36562d2acb9ecfb758455230d050daec6748ba280a5edc86d48e3f8af0f8f4ffb18ae3cd3c19a82d504a4fd52bb62289ae8026572a497fe268f87ef4b4b5886aa07eeb698b7cbf99683f710afc9ed1f8a488883ce0eb8f7fd055b82a9fe21a409caa231c41ba151008e9658919c611e157d7f3926a5e4248532a6860e615b9c86e9fea212128d96ed58c9b84ef22706071eb69f492e4d8321ed9faf6c6a8928f86172bdc930244583ea15be497d9ce4ae79cb3e6293a8512ffaa9e8e358f3c7c7117001fb92891a40b84f9126cc3def5cde67f463bbac9668b9f56c3e4ee72fceebb47e52fc226bab213d8193516e7064459fd1365350a95c5a1c3ac44a73bbba2a4c17ebe49dd781bff1995cd706b77bb533117594ad63566f4c0730beab85ff4c713b7f10b95480fe99a0f676c51ca11116b21e87887b462aa9770e85509e4e60f198148115f0a3ce6028516a946178d1acacf7767f6be7277891369eff67762aa58f928d48b7231e44d899cea8289003349117a53d61bc27b207fdc91c9db61e677d1e1a1bc6a1b6e8564130b335233db4b5de8d62324e6d0ccb2b08c2ff922324eb8c506711142d4b8d7a21223ef0a3d534fdb0de58be95cd827152f71bdd0a82766b62b4c87536f0b7e7df343c4263187da887de6e65d11d0360e2376c1d71c367ae85edeed8f767d24c644b1a9b455ded1dc3cc224f99936a6ee66931c45e5e3db2427719ab2d5cd9c20d9bb0ec004b69bccb00649f3d8e34a3572c257de114b9f027d76bc7db9007175cc03b9e2061b6b3fe7409e009b5371544e56fe438cbd361e5b11efbf2d79d1c250a1e73ca8c601c4f4d1e3761290950421c48c7daa45965e472f5ef3c4b8597444dc5dc01cd25358055b5000617f3e7291da3413e3f0853b1271366612405c35ff1b785b984d921b518425628a533a29ab65d3c11f44c6daa86f8b6457ebb9419274c481aa6f3fa4547641670aff58b9cc62c0993d49a509f02dee755ee5f1fd2710c995c43a91c4f873afa1bbdff19427cba2641052a8f361ecbc72e8a6cf587e83f8bd3110c95fb080edc77a6d43cd58c447b0e02261e4109500c6458dce70acb17aa8f9dc1d15b94a61354164031b5d563c25d0246fc45e6401cefceb501e1468903e5d677759dbe3f24bd48ce55ff8b8f26529fb3b2d669202a1e8a498984b449b4830a0126b18f0e78182c9ce78fe0c448c0e27845b926cfde28fa85e156fa98fefaeb19ed1247c9643b447b4342c94c114d3c4c35eed4d5b49aa70e6aad45bfb557f15e8fdb2d6e3d10d8338a13fe3f187751985b37a5bb10b750f79e36fc2e2ee9bdecc3ed156e202ed7b45a94809d77edaa398042fc6a825a4848c334c557303d24eb3f8e01be06995ceb283c70272b00da61c3381628f0e372fe2fcc779ff7daf7e4b7f2686c39d3fab674b8867b62b0bf9d5cfd0c1d3b270521f55f147de75142ffd7fc9ac7e5dae7ca2fdf26a9222d060823852409dd040cfd1f66f218c6dbdaaacddab34b123af22f97384d64fac64d84fd638c96378c8f9532a11927d48440bc777ff8b8b9be88f930f3b579a713c0bc449dca3a3bd5f2efa98240ccc594299e44451dc60c6c5c9edd0d7b777912b3dc40c57e0ea5f4425cd7047e686c7304f04ba9f7b5de6ad2bd524f1d29f8802a524441fa286015adf4589431710aa4d76de8a956dc1d39c0a13abb7fc309d24222d036e204ab6bb46ef8a7595d9e4512e0b9d5f8fd719a4e3072e1d806967045789c67a1681f2a9f1f4b19f4f5e1afdafc17db7a6d5196161499e62ab4b0ec27648f3eeb1fb2b78f8ecf9b05cf9509a3b9e2a361238deb1c91bdbc8b1d11bbeb939fd9da811cd439069da0ecc00665d72357aac01f259a0325409b201859cc0569e0eba67a7a9ca7e8b78078d9370bd3e37f0571680ede60cb6bbfe69435d6ab5efd80cf051d119a7004fc0b600844d49218d844de8f521524a47ee50229c7da25e42a8639b5db225e7f23967f5d4f8a297aff04a3cbedc2985b6393a5ba0b26b6c7b4ca22d369b35b410799d1ad02825104d34f73408db1948438597931ed1c1c260e78340517bfa2f734537dbdf5ec303518ff4640efe7f7b1c2f46babdb9247ce8eabad9718a8b9ddb7a18d5e87ced554c9d6de78f85d293349590c6c32483534bc968b24a28eb54b9515589d6dd8eb51a5ad0b4d896ce92250397cbc404323fcdf0ee47ed634e0c58213bc5b35a72b21a098e11b79c061430dc817c1e0c79a5b6ed3b002979933f1b83a17f250b1bd5c4958df4d75531ca03efbda89f6a92fe08c23ad9014ff562a7f3dcde578d6825b9847b5df04dbca4f2aa52d8e0f4cf8183ce121e39b50358a9796acde0372a8ff97769874a80ab997cd889145aad4888c06963c2f5b82f53a748a6729fbc79d35c06d84e05c62e44ff78040e56ebfc6efcf0d8b49337d5a17c4041f0d5a8b616244d585a162b69db073accd9071d12df5b326a43b834bbffc2f2a60deafcbddf1c6438a1769d6fb09fbe1990e89da12164ef237f326edb5be64bb64b143a030de8a99b3c5e543c871cb581e2be090a92134aa587701f864907cadd7c1ce20fcf8f5dc7f7ecd06a6c19d89a92ca0ad4393c208b80bba990c7a3702a9c79bddde75d5db244719ac32191b6ceb041ab541fb47680a97dc0422b8a50d91e32cb08cd341b0b099aca5bd12b69d4f89d10b755b351a6489180b786a3bebac926532a4a2d85b07bce6c090d1aaaff079e36d5394a612f1351b90c13a0fa6bf9d188d548dfe6fa51a9026edb52009c03ed45ac51d05c58a957bcc67e05a588985ba00d79f33ae9cdd5f5721d9fdc72ee6e880708be87e8a60c3c035c146f2091d1b9a4c2cfa56f292fe1ba62290d4e56c05669291bbe917f3cac51802a2cc8e9c90dadfe666c233c5a5bb71ee17deec51ce60c73f57bf9ecb84873afcc44815131810c6c1217bea485ef9aa2785e859b25315ef8aa3a274982786e45d622ae831fb76010d69a181b069e4cc55d4436edb10d1119b0c6000c6d5cff7c72f740a59dc0507e7a952b69403c62673f122c9d1264fac6ce2262e86cd8d6a402672f88530fc2d16f31736dd497a4e853253ac8d5aff8d1376895e9f5519b2490cc2a2412ba0c99cec855f668837310035e92fb646486de1b0acffb91ae7516df3eeef381456b55e65baa58e71461c928687e699d2b21814805591382e95e1b970aaa53259917f070281f2336b7d570249d838b3f1a32753c336864e15f4561badf8fee034a29c52ff3fca7456ae140f83e3b2fd5b57c9aef3f20c664200d235f236ec47dd2fc20b14dc6000812237aea992d987e5460679e8c5b76d931ef6d951e6c7087e3106b6ce2db9de6f228fdf3ffc38710c0e8d5000a195a79d1fa2301038f5b27c40b09c34c025e5099d40c2204ea0eae985263c9101cab88d6857a320c9e497f22348a24861a5fb8d734e08cad09f9933748ff01eab22f17756f58688dc1b486a397563ee9ad0784b8833cdb5f7c6bcf76d9c1105f71c3c6aabefd70dc6cd5c66d31caf916145ac5ed7fa070b4277c0448ab1eb78c943be9aeab0587d321a4bcb7754f070881178f8be668b686124899fac252519f4b60ec42db766a908755040463125c26850177402a977246d36d23afac0a11889d54640bd8f6f670d686cfd33f6fc5d90cf6cbd63d9d0fd201dd4c74dbbab899f3c23c0b7e37ea0b2aff421327200d0da58b5893a4186ae3652cc6e11c2c2a0e52184a3872532acce98c94cebf4f31333663a620f0dba0ffd89c3124380075bd28caa6d449a050b3661b8fbaf4747b77c4928b1378fdc8c7a7b38ade1aeec44bdfacc8271d0b132b2029b0f3582f9919f5c8cd543abc9caf6b82b197cd482c3ef61a64743506342bf50a3c1ff544563bb8b2002911ee1fad698f4ac133ffed5bfe81239c918207a03c7a8bd71a0a502aea78d38e970e3ab2abf754b598acb79cf276792aa08724d0ba24f2a694912ab795b3f45f52dec50d9bfbc99ae27e1d2c2216afec6709d6513a64b29ef58255bbe18478c5d4f15f74ea63a1e15487752eec8fd019f1d4a7aa25277664754bd2d7cd3a7a018b92c56d965a1974885363757286da9e055ef7fac17876f0a64c1026a597733b897a9155ecbf420159ae8e5209aa83a3544fff1fb4566f2d54f95e3bbd30dcca5f24397e4bd47ff01292f0d6fe9dd47a810e0c25382fa69b4987d1afd9b69ef125110ad6b240eaa9c85829a2646f9ab7874bc02bfa8346cc9190943e9d46b44880670b1e2aa3a29e83be5472d7418885a353faade6e8b18f4b588607bbb758588d1e2f11a9dfa1c4d61be50249f1ee32e6ff8c0c7722aaec1bc79654a4772efc578bd6a14c79abcc77a4e09c8b6c6ea35cd3ab31e35268fb55db843176f8042f8ce7be0ddd4ead6dbdad0ef9e7cb2323db5cc48119a72b27306b8ff6366c0bc682a85ab9e2cf2238b6d6eb2e38a97d5577e6334cb2aa6e7c86e489e876f9d7053577a5cb57f52812fab7c4bd7b19a34c228ffb67dcac9281612f778b58c580c140542200fd00cb3ad81d93420df93c5af2493f646d8de797102fa0a65247317882fbf171520f00b2c7638623b823ff11444fdde453570f99f9099b60061a908b83383ba8b82bb78edd074dccf9342afdf8d11a6129ba6ea7030f3629056264f1736c2b926171b6dc7e1fa455a473de656390495f3b6ad2f9f46f35eacb075628ff739ef78f28ba683448068c7f18fb63f28ba7dbbb78999100dde0a94e8b8570817c7114c13e139ceb333782b29a84a5b19497fa785915c7680dd7f972cb59ba22161f60886e5cb3c3e808726cbf96bc4da78914eee565c6d9d18e70d22cf8c0244cf3cf488c3550eaa400bc0f26d64e0f1bc8d0301a841d954073a641f3ef883d81f4d5db8e9df708e64e640b38df7295f7fe573863653086bae5507c880ab7fdb7a6c5ce77027ffa7395233d3ce536d77ae6c2e9c8ffb6fee78a3bcb3b5f888bd595caa3a5586948776b950a89cde4db8247ffff27491c882b430afdd60e7a22324f6635a9aa7139f3e624c6d9ece60f7f8153b2080cf0544fbf8e1c436503766e670b902604ab521e11aa5a65cedd64cfaf898ac5f55c08c87693c323517bcb0d99c28f5e072d4f6540c7ead70138d47c1a67fd72bd6ef5613af33a0af311c3d0a631ca2a2dfbe35d1021eb610e40b9be128683235a788b5a4cacf99babee382458d59e8aa1dd7bba7e09dd30c055a3df8ed721a1778b2c6ed587a403566325cd19962edd7831caa44a6b716517bad502130e7cf6a5ce5288dc84c0170f622ae0b1e1166a9c2c0771d91df9f9dd82ae210469602ce38964746c1c1d04321aae7d464eb801dbea7ec39505457e778208774d72673626c998b002c46a9b4b1e390d9344f0ca62212a1b6d41043a2100b35196bce42d40caa0ea9a486bf8526fd1f0f0d362c2cac463ea7377a20b54b9435442ca529fc00da4fd7e27c4eaf14215a06857b54254c26346956fd7fe215a5ce57ec38cedf50a3c759e563a4fd87494f00e7bd9b44f3b7e99c6ef67187056a21d2fe1ac9d24125b1947eb293189fdc448b591af4d9b8eb091d6bbb5e50fae79d000044e282bb2ab6c63cc9562b151c214e45015354e62be63e1881238b907f7bdb791ff44a4e03fa29dbd26db2f49d0f4729b7cd9ba69a65b0b493466d35d09b3f590c67c31660d95e2ab4af2c9f1df91f04ce5a57dde2d75206b42e3423126774d76593c2f713ae279d7092506b513fd5d18f0f52d3fafd7141dfd4a0de1063754dba865faf8dc0f6be9d90ef21ec86a275533f6ad4b4e360dc775413f29eab8b3daac6279b9abfe163ea2f183e09ed91ef67fbb090875109288a182cfdcc46d90678efe5edceda6518335e678438cac4bb47d376f3f0e12aa55301735d7f42653c073d6a4a37b2e17d332dc1be6b50918c007b14886307cc39250e81efecd63d24067a49994572725a9df1760caac13a28f5255556b27ec245e93969b85cdec7cd1c2d2a433d3f9572b93054a7ce8adff81bc1d30884d5fc4791e251bd907e37af5bec74235c3e2f804e4e0450b715289942b7859ad207bafcfec1b586dc15e7911fe6d20aa3d02fcd47e9956780e300d7c53c17dfa15754deb4c20efebc7270bda0fa6b37fc88c6be4250cac38c1b8186b364482026ab52d65d3a691903fccc39772277011bfaa421adba76bed9731077bec885ce88d40f36bbd2a839c67dc4b862c968491b877d4fd13fc90f8da57a29121e12f78e85af765cd66e72ba513593fe1cdf20019985b065d828707d8e509c6834eab188deea5c9ee97955f4b07d37b6fc7beed73be94887d423a349f35bb8782bc670ceaec870d97f061bda02ae73f6d575f81e0b6326eae6c1b3085cc584686120e12dd9ad8ce44036bec8a189f9", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x9, 0x0, {0x0, 0x1003d, 0x0, 0xc, 0x0, 0x100, 0x10000, 0x2, 0x0, 0x2000, 0xfffffffc, r6, 0x0, 0x7, 0x57}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
creat(&(0x7f00000001c0)='./file0/file0\x00', 0x1)

6m45.940934846s ago: executing program 3 (id=1305):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000200)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x7f, 0xc1, &(0x7f00000001c0), 0x0, 0x1, 0x7f, 0xfffffffe, 0x28, 0x1, 0x0})

6m45.364907144s ago: executing program 3 (id=1306):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r2, 0x10, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0x28}, 0x1, 0x2000000, 0x0, 0x4040000}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c9, 0x12)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x18}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x8, 0xfff8, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6m43.764415474s ago: executing program 3 (id=1307):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x103}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x1c, r6, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x1c}}, 0x8800)

6m42.70696299s ago: executing program 3 (id=1309):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x41, 0x0, 0x2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0/file0/file0/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$inet(r6, 0x0, 0x8090)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000340)}], 0x1)
lseek(0xffffffffffffffff, 0x9, 0x0)
ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=@newtfilter={0x4c, 0x2c, 0xd3f, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff3, 0x10}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x10, 0xf}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40008cc}, 0x20004804)

6m39.76997489s ago: executing program 3 (id=1311):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x100a, 0x4})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, 0x0, &(0x7f00000000c0))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)

6m23.409171544s ago: executing program 32 (id=1311):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x100a, 0x4})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, 0x0, &(0x7f00000000c0))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)

4m45.892170796s ago: executing program 1 (id=1455):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x14, r1, 0x711, 0x70bd27}, 0x14}, 0x1, 0x0, 0x0, 0x4004094}, 0x8894)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r0)

4m45.424057894s ago: executing program 1 (id=1458):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b70800004e9d00047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r5}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa05c09, &(0x7f0000000b80)={[{@grpid}, {@mblk_io_submit}, {@jqfmt_vfsv1}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@nobarrier}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = dup3(r6, r0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x1000000, &(0x7f0000000500)="7f"})

4m40.014051655s ago: executing program 1 (id=1463):
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000480)={{0x0, 0x3, 0x1, 0x4}, 'syz0\x00', 0x10})
ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xee)
ioctl$UI_DEV_CREATE(r1, 0x5501)

4m36.630181091s ago: executing program 1 (id=1468):
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
pipe(&(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r3, 0x29, 0x45, 0x0, &(0x7f0000000200)=0x1e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r1, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
timer_create(0x2, 0x0, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000002180)=ANY=[@ANYBLOB="9feb010018000000"], 0x0, 0x2d}, 0x28)
close(r0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0)
write$P9_RSTATu(r7, &(0x7f00000004c0)={0x232, 0x7d, 0x0, {{0x500, 0xf0, 0x401, 0x5000000, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xffffffffffffffff}}, 0x232)

4m32.007788398s ago: executing program 1 (id=1474):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r2, 0x10, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="28000000010401010000000000"], 0x28}, 0x1, 0x2000000, 0x0, 0x4040000}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c9, 0x12)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x18}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x8, 0xfff8, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m29.579198536s ago: executing program 1 (id=1476):
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0xc6, 0x1e, 0x40, 0x7c9, 0x12, 0xc2f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcb, 0x8e, 0x2f}}]}}]}}, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000000), 0x4)
bind$unix(r0, &(0x7f0000000040)=@abs={0x1}, 0x6e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x8, 0x3}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@newqdisc={0xf0fb1c915450e0f1, 0x24, 0xf0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0x9, 0xffff}, {0x2, 0x5}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x4}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0xf, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4], 0x0, [0x8, 0x4, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0xfffe, 0x3], [0x0, 0x8]}}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @TCA_INGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_prio={{}, {0x0, 0x2, {0x2, "50dcc843149aafbf97145189da7719b6"}}}]}, 0xac}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a300000"], 0x122}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_80211_join_ibss(&(0x7f00000002c0)='wlan0\x00', &(0x7f0000000380)=@random="c12fd58c", 0x4, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000300)={0x0, 0x2, 0xffffffffffffffff, 0x7ff})
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
r7 = syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x14b200)
read(r7, 0x0, 0x2)
write$char_usb(r6, &(0x7f0000000040)="e2", 0x918)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

4m14.422449992s ago: executing program 33 (id=1476):
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0xc6, 0x1e, 0x40, 0x7c9, 0x12, 0xc2f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcb, 0x8e, 0x2f}}]}}]}}, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000000), 0x4)
bind$unix(r0, &(0x7f0000000040)=@abs={0x1}, 0x6e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x8, 0x3}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@newqdisc={0xf0fb1c915450e0f1, 0x24, 0xf0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0x9, 0xffff}, {0x2, 0x5}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x4}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0xf, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x4], 0x0, [0x8, 0x4, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0xfffe, 0x3], [0x0, 0x8]}}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @TCA_INGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_prio={{}, {0x0, 0x2, {0x2, "50dcc843149aafbf97145189da7719b6"}}}]}, 0xac}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a300000"], 0x122}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_80211_join_ibss(&(0x7f00000002c0)='wlan0\x00', &(0x7f0000000380)=@random="c12fd58c", 0x4, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000300)={0x0, 0x2, 0xffffffffffffffff, 0x7ff})
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
r7 = syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x14b200)
read(r7, 0x0, 0x2)
write$char_usb(r6, &(0x7f0000000040)="e2", 0x918)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

3m37.417151611s ago: executing program 2 (id=1538):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$sysctl(r4, &(0x7f0000000180)='5\x00', 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800})
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb030000e1000000b500ffffff0000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

3m36.364389266s ago: executing program 2 (id=1539):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b70800004e9d00047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r5}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa05c09, &(0x7f0000000b80)={[{@grpid}, {@mblk_io_submit}, {@jqfmt_vfsv1}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@nobarrier}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = dup3(r6, r0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x1000000, &(0x7f0000000500)="7f"})

3m33.630648519s ago: executing program 2 (id=1543):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x250040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
shutdown(0xffffffffffffffff, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = syz_io_uring_setup(0x5e9, &(0x7f0000000480)={0x0, 0x9e6e, 0x1000, 0x2}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000240)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r4, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

3m21.980032369s ago: executing program 2 (id=1556):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r2, 0x10, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="28000000010401010000000000"], 0x28}, 0x1, 0x2000000, 0x0, 0x4040000}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c9, 0x12)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m20.155497168s ago: executing program 2 (id=1557):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x1c, 0x6, 0x0, @local, @local, {[], {{0xfffe, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x200, {[@fastopen={0x1e, 0x8, "351f3275786f"}]}}}}}}}}, 0x0)

3m19.2716576s ago: executing program 2 (id=1560):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800004e9d00047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r5}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa05c09, &(0x7f0000000b80)={[{@grpid}, {@mblk_io_submit}, {@jqfmt_vfsv1}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@nobarrier}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = dup3(r6, r0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x1000000, &(0x7f0000000500)="7f"})

3m2.829505701s ago: executing program 34 (id=1560):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
gettid()
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800004e9d00047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r5}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa05c09, &(0x7f0000000b80)={[{@grpid}, {@mblk_io_submit}, {@jqfmt_vfsv1}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@nobarrier}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = dup3(r6, r0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x1000000, &(0x7f0000000500)="7f"})

14.518344496s ago: executing program 0 (id=1874):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x560f, &(0x7f0000000100)={0x1, 0x1, 0x19, 0x1f, 0xbb, 0x0})
r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0xa080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(r1, 0x3, 0x2b)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r5)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
r8 = timerfd_create(0x1, 0x0)
timerfd_settime(r8, 0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0x989680}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r9, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}, {&(0x7f0000000240)}, {0x0}], 0x3, &(0x7f0000000000)=[@dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x18, 0x14001}], 0x1, 0x4044040)
read$FUSE(r5, &(0x7f0000002d40)={0x2020}, 0x2020)

12.733616951s ago: executing program 0 (id=1879):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x41, 0x0, 0x2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$inet(r6, 0x0, 0x8090)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000340)}], 0x1)
lseek(0xffffffffffffffff, 0x9, 0x0)
ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=@newtfilter={0x4c, 0x2c, 0xd3f, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff3, 0x10}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x10, 0xf}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40008cc}, 0x20004804)

10.801446929s ago: executing program 0 (id=1883):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x89901)
sendfile(r1, r1, 0x0, 0x200000)
ioctl$sock_proto_private(r0, 0x89e1, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1f3ffc00e2c84759d7d9fd9283c99837740684c16abb86b2d1fa8f4317d06a89834cca941105bebe30e047af0f8ba7f462e9b3147e04e849971bc8f40294507f1a4e84d01959ffcbf780f5aea14d6ccd746ffb08b7424954c36d0731ea8e6fc1000614ad19db3a898fdf6974a48966c92e84b7a1352b6e078492e25e00"/140, @ANYRES16=r3], 0x98}, 0x1, 0x0, 0x0, 0x4000804}, 0x8000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004300)={0x50, 0x0, r5, {0x7, 0x26, 0x6caff549, 0xfffffffff323ca46, 0x0, 0xfffc, 0x1, 0x80, 0x0, 0x0, 0x1, 0x10001}}, 0x50)
creat(&(0x7f00000001c0)='./file0/file0\x00', 0x1)

9.696746419s ago: executing program 5 (id=1886):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x88}}, 0x0)

9.382309875s ago: executing program 5 (id=1888):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x560f, &(0x7f0000000100)={0x1, 0x1, 0x19, 0x1f, 0xbb, 0x0})
r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0xa080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(r1, 0x3, 0x2b)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r5)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0x989680}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r8, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}, {&(0x7f0000000240)}, {0x0}], 0x3, &(0x7f0000000000)=[@dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x18, 0x14001}], 0x1, 0x4044040)
read$FUSE(r5, &(0x7f0000002d40)={0x2020}, 0x2020)

8.22038119s ago: executing program 5 (id=1890):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x89901)
sendfile(r2, r2, 0x0, 0x200000)
ioctl$sock_proto_private(r0, 0x89e1, 0x0)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r4, r4, 0x1, 0x2, &(0x7f0000000240)='\x00\x00', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
socket$packet(0x11, 0x2, 0x300)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18}, './file0\x00'})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="30000000100001000000ce6bb90929", @ANYRESHEX=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

8.177765943s ago: executing program 0 (id=1891):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB="000106"], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000440)={0x1c, &(0x7f0000000880)=ANY=[@ANYBLOB="2005a0000000b332a87d764eba668dab008cb8bad1098f010435a03654ee7524a1fb12197dc41b9dc9bfd6f728111da4930515228347"], 0x0, 0x0})

7.404506806s ago: executing program 6 (id=1892):
recvmmsg(0xffffffffffffffff, 0x0, 0x4a, 0x12141, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x44000)
r0 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
syz_usb_disconnect(r0)

6.733701051s ago: executing program 5 (id=1893):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000800)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
pipe2$9p(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, 0x0, &(0x7f00000003c0))
setsockopt$sock_int(r1, 0x1, 0x2d, &(0x7f0000000180)=0x80, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
fsopen(&(0x7f0000000000)='bpf\x00', 0x0)
timer_create(0x1, 0x0, &(0x7f0000000040)=<r4=>0x0)
timer_settime(r4, 0x0, 0x0, 0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{}, {0x77359400}}, 0x0)

5.537914958s ago: executing program 4 (id=1895):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(0xffffffffffffffff, &(0x7f0000002240)=""/102400, 0x19000)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000080)={0x1, 0x0, 0x1, &(0x7f0000000000)={0x1f, "06c4ce00000000006eb5e52829e7cc839300000400"}})
r0 = open(0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000480)=ANY=[@ANYBLOB])
socket$packet(0x11, 0x2, 0x300)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r2}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_FLUSH(r4, 0x0, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020032000b35d25a806f8c6394f90424fc602f0009000a740200053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
socket$nl_route(0x10, 0x3, 0x0)

5.39418215s ago: executing program 4 (id=1896):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x150)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setparam(r0, &(0x7f0000000280)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
socket(0xa, 0x5, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
setrlimit(0xf, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x18)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))

5.216127264s ago: executing program 6 (id=1897):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x9c}}, 0x0)

5.114576723s ago: executing program 6 (id=1898):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x560f, &(0x7f0000000100)={0x1, 0x1, 0x19, 0x1f, 0xbb, 0x0})
r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0xa080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(r1, 0x3, 0x2b)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r5)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0x989680}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r8, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}, {&(0x7f0000000240)}, {0x0}], 0x3, &(0x7f0000000000)=[@dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x18, 0x14001}], 0x1, 0x4044040)
read$FUSE(r5, &(0x7f0000002d40)={0x2020}, 0x2020)

2.94265052s ago: executing program 4 (id=1899):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f0000000040))
sendmsg$nl_generic(r3, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x3b, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0x4000000)

2.70391661s ago: executing program 0 (id=1900):
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r0 = socket(0x6, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x1fffffffffffffed, &(0x7f0000000040)=ANY=[@ANYRES64=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f0000000340))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'gre0\x00', &(0x7f0000000380)={'gre0\x00', 0x0, 0x7, 0x7, 0x0, 0x317, {{0x2d, 0x4, 0x3, 0x5, 0xb4, 0x66, 0x0, 0x8, 0x4, 0x0, @empty, @multicast1, {[@cipso={0x86, 0x14, 0x3, [{0x6, 0xe, "d14c095cfa9bbde56915b8e8"}]}, @ssrr={0x89, 0x7, 0xba, [@local]}, @rr={0x7, 0x13, 0xcb, [@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @empty]}, @ssrr={0x89, 0x17, 0x21, [@initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010102, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback]}, @lsrr={0x83, 0xf, 0x54, [@broadcast, @local, @empty]}, @end, @cipso={0x86, 0x49, 0x1, [{0x5, 0x4, "a419"}, {0x7, 0xa, "39cdab15986e06e7"}, {0x6, 0x3, 'o'}, {0x0, 0x7, "d6e213014b"}, {0x0, 0xd, "cc132aa4143f6cef7a191b"}, {0x0, 0x11, "acbabc80460fe3d5abfeba44664b65"}, {0x6, 0xd, "c3daa2b0f2b43143330e1e"}]}]}}}}})
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r4=>0x0})
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r4, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4804}, 0x890)
r6 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r7 = dup(r6)
sendmsg$NL80211_CMD_SET_PMKSA(r7, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
munmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000)

2.619246516s ago: executing program 6 (id=1901):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x89901)
sendfile(r2, r2, 0x0, 0x200000)
ioctl$sock_proto_private(r0, 0x89e1, 0x0)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r4, r4, 0x1, 0x2, &(0x7f0000000240)='\x00\x00', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
socket$packet(0x11, 0x2, 0x300)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18}, './file0\x00'})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="30000000100001000000ce6bb90929", @ANYRESHEX=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

2.45126998s ago: executing program 5 (id=1902):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x89901)
sendfile(r1, r1, 0x0, 0x200000)
ioctl$sock_proto_private(r0, 0x89e1, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1f3ffc00e2c84759d7d9fd9283c99837740684c16abb86b2d1fa8f4317d06a89834cca941105bebe30e047af0f8ba7f462e9b3147e04e849971bc8f40294507f1a4e84d01959ffcbf780f5aea14d6ccd746ffb08b7424954c36d0731ea8e6fc1000614ad19db3a898fdf6974a48966c92e84b7a1352b6e078492e25e00"/140, @ANYRES16=r3], 0x98}, 0x1, 0x0, 0x0, 0x4000804}, 0x8000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004300)={0x50, 0x0, r5, {0x7, 0x26, 0x6caff549, 0xfffffffff323ca46, 0x0, 0xfffc, 0x1, 0x80, 0x0, 0x0, 0x1, 0x10001}}, 0x50)
creat(&(0x7f00000001c0)='./file0/file0\x00', 0x1)

2.312164661s ago: executing program 4 (id=1903):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(0x0, 0x1)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

1.110116779s ago: executing program 0 (id=1904):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x41, 0x0, 0x2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$inet(r6, 0x0, 0x8090)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000340)}], 0x1)
lseek(0xffffffffffffffff, 0x9, 0x0)
ioctl$MEDIA_IOC_SETUP_LINK(0xffffffffffffffff, 0xc0347c03, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=@newtfilter={0x4c, 0x2c, 0xd3f, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff3, 0x10}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x10, 0xf}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40008cc}, 0x20004804)

859.75795ms ago: executing program 6 (id=1905):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(0xffffffffffffffff, &(0x7f0000002240)=""/102400, 0x19000)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000080)={0x1, 0x0, 0x1, &(0x7f0000000000)={0x1f, "06c4ce00000000006eb5e52829e7cc839300000400"}})
r0 = open(0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000480)=ANY=[@ANYBLOB])
socket$packet(0x11, 0x2, 0x300)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r2}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_FLUSH(r4, 0x0, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020032000b35d25a806f8c6394f90424fc602f0009000a740200053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
socket$nl_route(0x10, 0x3, 0x0)

311.195324ms ago: executing program 4 (id=1906):
syz_emit_vhci(&(0x7f00000022c0)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x5, 0x0, 0xa}}}, 0x8)

141.292099ms ago: executing program 6 (id=1907):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x9c}}, 0x0)

59.594585ms ago: executing program 5 (id=1908):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x8a883, 0x2)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x6)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0)

0s ago: executing program 4 (id=1909):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x560f, &(0x7f0000000100)={0x1, 0x1, 0x19, 0x1f, 0xbb, 0x0})
r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0xa080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$setsig(r1, 0x3, 0x2b)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r5)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0x989680}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r8, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000700)=[{&(0x7f00000000c0)='l', 0x1}, {&(0x7f0000000240)}, {0x0}], 0x3, &(0x7f0000000000)=[@dstaddrv4={0x18, 0x84, 0x7, @broadcast}], 0x18, 0x14001}], 0x1, 0x4044040)
read$FUSE(r5, &(0x7f0000002d40)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.209' (ED25519) to the list of known hosts.
[   69.548317][ T5776] cgroup: Unknown subsys name 'net'
[   69.717621][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.305734][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.447297][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[   71.453943][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[   72.884602][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.893155][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.908786][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.921669][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.930936][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.938348][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.963365][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.971829][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.979354][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.989767][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   73.021071][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   73.031463][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   73.048262][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   73.051036][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   73.062406][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   73.070790][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   73.070817][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   73.079205][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   73.092701][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   73.100880][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.101961][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   73.116765][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   73.129806][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   73.142000][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   73.605696][ T5792] chnl_net:caif_netlink_parms(): no params data found
[   73.624186][ T5789] chnl_net:caif_netlink_parms(): no params data found
[   73.697898][ T5785] chnl_net:caif_netlink_parms(): no params data found
[   73.812745][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   73.825466][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.832861][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.840178][ T5789] bridge_slave_0: entered allmulticast mode
[   73.848339][ T5789] bridge_slave_0: entered promiscuous mode
[   73.888308][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.895762][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.903013][ T5789] bridge_slave_1: entered allmulticast mode
[   73.909875][ T5789] bridge_slave_1: entered promiscuous mode
[   73.917291][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.924694][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.931965][ T5792] bridge_slave_0: entered allmulticast mode
[   73.938869][ T5792] bridge_slave_0: entered promiscuous mode
[   74.006012][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.013612][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.021520][ T5792] bridge_slave_1: entered allmulticast mode
[   74.028436][ T5792] bridge_slave_1: entered promiscuous mode
[   74.051473][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.063092][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.098144][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.106014][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.113248][ T5785] bridge_slave_0: entered allmulticast mode
[   74.120177][ T5785] bridge_slave_0: entered promiscuous mode
[   74.142449][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.164054][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.171301][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.178453][ T5785] bridge_slave_1: entered allmulticast mode
[   74.186060][ T5785] bridge_slave_1: entered promiscuous mode
[   74.207520][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.228266][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.235466][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.243492][ T5788] bridge_slave_0: entered allmulticast mode
[   74.252021][ T5788] bridge_slave_0: entered promiscuous mode
[   74.273394][ T5789] team0: Port device team_slave_0 added
[   74.282906][ T5789] team0: Port device team_slave_1 added
[   74.298976][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.306643][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.313904][ T5788] bridge_slave_1: entered allmulticast mode
[   74.322542][ T5788] bridge_slave_1: entered promiscuous mode
[   74.366931][ T5792] team0: Port device team_slave_0 added
[   74.387694][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.411863][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.418855][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.445459][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.460312][ T5792] team0: Port device team_slave_1 added
[   74.481544][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.492972][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.515542][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.523025][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.549070][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.596814][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.622302][ T5785] team0: Port device team_slave_0 added
[   74.628863][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.636424][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.663586][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.676145][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.683201][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.709151][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.737072][ T5785] team0: Port device team_slave_1 added
[   74.798208][ T5789] hsr_slave_0: entered promiscuous mode
[   74.806195][ T5789] hsr_slave_1: entered promiscuous mode
[   74.827606][ T5788] team0: Port device team_slave_0 added
[   74.858656][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.865693][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.892048][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.904927][ T5788] team0: Port device team_slave_1 added
[   74.927633][ T5792] hsr_slave_0: entered promiscuous mode
[   74.934455][ T5792] hsr_slave_1: entered promiscuous mode
[   74.941058][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.948851][ T5792] Cannot create hsr debugfs directory
[   74.957775][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.965431][ T5787] Bluetooth: hci0: command tx timeout
[   74.971534][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.997498][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.056083][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.063392][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.089774][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.103016][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.109988][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.135996][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.201622][ T5787] Bluetooth: hci3: command tx timeout
[   75.207288][ T5787] Bluetooth: hci1: command tx timeout
[   75.213387][ T5791] Bluetooth: hci2: command tx timeout
[   75.264643][ T5785] hsr_slave_0: entered promiscuous mode
[   75.271726][ T5785] hsr_slave_1: entered promiscuous mode
[   75.278086][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   75.285917][ T5785] Cannot create hsr debugfs directory
[   75.357392][ T5788] hsr_slave_0: entered promiscuous mode
[   75.364065][ T5788] hsr_slave_1: entered promiscuous mode
[   75.370535][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   75.378144][ T5788] Cannot create hsr debugfs directory
[   75.656998][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.686612][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.698515][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.719931][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.807419][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.820080][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.845741][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.856551][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.924449][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   75.943672][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   75.956641][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   75.997472][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   76.058193][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   76.077215][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   76.087506][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   76.102801][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.123460][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   76.160131][ T5792] 8021q: adding VLAN 0 to HW filter on device team0
[   76.207394][  T998] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.214781][  T998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.231594][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.238706][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.306175][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.353572][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   76.366809][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.423710][ T5785] 8021q: adding VLAN 0 to HW filter on device team0
[   76.437107][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.444352][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.484924][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.492107][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.505719][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.512890][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.526722][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.533862][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.670156][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.720097][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   76.756963][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.764197][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.830232][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.837402][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.889079][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.054023][ T5791] Bluetooth: hci0: command tx timeout
[   77.059354][ T5792] veth0_vlan: entered promiscuous mode
[   77.108044][ T5792] veth1_vlan: entered promiscuous mode
[   77.166534][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.210103][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.240236][ T5792] veth0_macvtap: entered promiscuous mode
[   77.274166][ T5792] veth1_macvtap: entered promiscuous mode
[   77.282447][ T5791] Bluetooth: hci2: command tx timeout
[   77.282958][ T5798] Bluetooth: hci3: command tx timeout
[   77.295531][ T5787] Bluetooth: hci1: command tx timeout
[   77.332289][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.351692][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.381440][ T5785] veth0_vlan: entered promiscuous mode
[   77.393665][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.411367][ T5792] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.420174][ T5792] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.429944][ T5792] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.438820][ T5792] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.469263][ T5785] veth1_vlan: entered promiscuous mode
[   77.498236][ T5789] veth0_vlan: entered promiscuous mode
[   77.544368][ T5788] veth0_vlan: entered promiscuous mode
[   77.564829][ T5789] veth1_vlan: entered promiscuous mode
[   77.586973][ T5788] veth1_vlan: entered promiscuous mode
[   77.644120][ T5785] veth0_macvtap: entered promiscuous mode
[   77.656069][ T5785] veth1_macvtap: entered promiscuous mode
[   77.661072][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.674876][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.731770][  T998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.734226][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.739607][  T998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.762507][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.774963][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.797895][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.808792][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.824155][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.834908][ T5788] veth0_macvtap: entered promiscuous mode
[   77.852703][ T5788] veth1_macvtap: entered promiscuous mode
[   77.875242][ T5789] veth0_macvtap: entered promiscuous mode
[   77.892253][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.906140][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.915388][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.924421][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.958273][ T5789] veth1_macvtap: entered promiscuous mode
[   77.981752][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.994325][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.013440][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.029688][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.051457][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.111689][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.135229][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.192501][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.267170][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.319501][ T5831] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[   78.329589][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.349747][ T5875] fuse: Bad value for 'fd'
[   78.367805][ T5831] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[   78.515355][ T5831] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   78.720609][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.839512][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   78.848715][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.941910][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   78.950587][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.958810][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   79.044299][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   79.053011][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   79.099701][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.140171][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.205047][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.205087][ T5787] Bluetooth: hci0: command tx timeout
[   79.243169][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.298561][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.316706][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.361126][ T5787] Bluetooth: hci1: command tx timeout
[   79.366663][ T5787] Bluetooth: hci3: command tx timeout
[   79.370596][ T5798] Bluetooth: hci2: command tx timeout
[   79.377820][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.388613][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.399153][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.409922][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.418729][ T5876] fido_id[5876]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[   79.423505][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.486685][ T1118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.499184][ T1118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.528019][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.542373][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.552250][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.563786][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.575759][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.596388][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.621466][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.721835][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.733975][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.743971][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.757797][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.812422][ T1077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.838151][ T1077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.860124][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.869697][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.493660][ T1077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.521777][ T1077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.743893][ T1118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.784464][ T1118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.280387][ T5798] Bluetooth: hci0: command tx timeout
[   81.442017][ T5798] Bluetooth: hci3: command tx timeout
[   81.447492][ T5798] Bluetooth: hci2: command tx timeout
[   81.453023][ T5798] Bluetooth: hci1: command tx timeout
[   82.047802][ T5893] sched: RT throttling activated
[   82.085759][ T1077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.404225][ T5898] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   82.620414][ T1077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.440873][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   83.570887][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   83.867579][ T5917] fuse: Bad value for 'fd'
[   85.051824][ T5927] syz.1.12 uses obsolete (PF_INET,SOCK_PACKET)
[   86.665481][ T5942] netlink: 196 bytes leftover after parsing attributes in process `syz.3.18'.
[   86.692480][ T5942] netlink: 196 bytes leftover after parsing attributes in process `syz.3.18'.
[   86.714667][ T5942] netlink: 19 bytes leftover after parsing attributes in process `syz.3.18'.
[   87.385613][   T55] cfg80211: failed to load regulatory.db
[   89.343516][   T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   95.527195][    T9] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0
[   95.807514][    T9] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0
[   96.184766][    T9] hid-generic 0005:16BF:5505.0002: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   96.419623][ T6015] fido_id[6015]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[  107.640721][   T55] hid-generic 0005:16BF:5505.0003: unknown main item tag 0x0
[  107.654077][   T55] hid-generic 0005:16BF:5505.0003: unknown main item tag 0x0
[  107.679401][   T55] hid-generic 0005:16BF:5505.0003: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  108.816821][ T6107] fido_id[6107]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[  111.527553][ T6146] IPVS: Error joining to the multicast group
[  115.187665][ T6191] binder_alloc: 6190: binder_alloc_buf, no vma
[  117.113097][ T6208] syz.3.89[6208]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  119.396018][ T6230] binder_alloc: 6229: binder_alloc_buf, no vma
[  122.369767][ T6260] binder: BINDER_SET_CONTEXT_MGR already set
[  122.390478][ T6260] binder: 6258:6260 ioctl 4018620d 200000004a80 returned -16
[  123.720510][   T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  123.916663][   T23] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[  123.933954][   T23] usb 1-1: config 0 has no interface number 0
[  123.945742][   T23] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  123.958231][   T23] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  123.987918][   T23] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  123.999427][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.007626][   T23] usb 1-1: Product: syz
[  124.011916][   T23] usb 1-1: Manufacturer: syz
[  124.016548][   T23] usb 1-1: SerialNumber: syz
[  124.026668][   T23] usb 1-1: config 0 descriptor??
[  124.036444][ T6267] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  124.048826][   T23] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  124.068954][   T23] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  124.384867][    C1] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22
[  125.166214][   T23] usb 1-1: USB disconnect, device number 2
[  125.272381][   T23] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  125.501999][   T23] cyberjack 1-1:0.69: device disconnected
[  128.613860][ T6341] netlink: 20 bytes leftover after parsing attributes in process `syz.2.128'.
[  132.885213][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  133.259917][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  133.343470][   T23] hid-generic 0005:16BF:5505.0004: unknown main item tag 0x0
[  133.369256][   T23] hid-generic 0005:16BF:5505.0004: unknown main item tag 0x0
[  133.396552][   T23] hid-generic 0005:16BF:5505.0004: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  134.538277][ T6405] Zero length message leads to an empty skb
[  134.964369][ T6413] netlink: 32 bytes leftover after parsing attributes in process `syz.2.146'.
[  135.852202][ T6419] binder_alloc: 6418: binder_alloc_buf, no vma
[  140.983152][ T5909] hid-generic 0005:16BF:5505.0005: unknown main item tag 0x0
[  141.010427][ T5909] hid-generic 0005:16BF:5505.0005: unknown main item tag 0x0
[  141.035306][ T5909] hid-generic 0005:16BF:5505.0005: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  142.194603][ T6441] fido_id[6441]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[  146.062097][   T55] hid-generic 0005:16BF:5505.0006: unknown main item tag 0x0
[  146.164087][   T55] hid-generic 0005:16BF:5505.0006: unknown main item tag 0x0
[  146.333649][   T55] hid-generic 0005:16BF:5505.0006: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  147.957899][ T6483] fido_id[6483]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[  150.430780][ T6498] syz.1.171 (6498) used greatest stack depth: 17416 bytes left
[  155.200720][ T5919] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  155.610752][    C1] raw-gadget.0 gadget.3: ignoring, device is not running
[  155.790322][ T5919] usb 4-1: device descriptor read/64, error -32
[  156.951828][ T5919] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  157.500319][ T5919] usb 4-1: Using ep0 maxpacket: 16
[  160.358902][ T5919] usb 4-1: device descriptor read/all, error -71
[  160.399462][ T5919] usb usb4-port1: attempt power cycle
[  164.057297][ T5909] hid-generic 0005:16BF:5505.0007: unknown main item tag 0x0
[  164.272036][ T5909] hid-generic 0005:16BF:5505.0007: unknown main item tag 0x0
[  164.377281][ T5909] hid-generic 0005:16BF:5505.0007: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  164.510905][ T6614] fido_id[6614]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[  167.783934][ T6642] veth0_to_team: entered promiscuous mode
[  172.987277][ T6682] loop3: detected capacity change from 0 to 4096
[  174.015592][ T6681] binder: 6675:6681 ioctl c0306201 2000000002c0 returned -14
[  174.030631][ T5778] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  179.475304][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.235'.
[  179.557586][ T6728] team1: entered promiscuous mode
[  179.562850][ T6728] team1: entered allmulticast mode
[  180.863832][ T6735] loop2: detected capacity change from 0 to 4096
[  181.281796][ T6735] binder: 6721:6735 ioctl c0306201 2000000002c0 returned -14
[  182.010836][ T5778] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  188.817343][ T6793] binder: BINDER_SET_CONTEXT_MGR already set
[  188.828502][ T6793] binder: 6791:6793 ioctl 4018620d 200000004a80 returned -16
[  189.018493][ T6802] loop3: detected capacity change from 0 to 4096
[  189.067128][ T6802] binder: 6794:6802 ioctl c0306201 2000000002c0 returned -14
[  193.301024][ T6828] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  194.340946][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  194.348075][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  195.209564][ T6848] binder: BINDER_SET_CONTEXT_MGR already set
[  195.225840][ T6848] binder: 6847:6848 ioctl 4018620d 200000004a80 returned -16
[  195.594861][ T6853] loop3: detected capacity change from 0 to 4096
[  196.400625][ T5103] Bluetooth: hci3: command 0x0406 tx timeout
[  196.407020][   T50] Bluetooth: hci1: command 0x0406 tx timeout
[  196.413308][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[  198.185322][ T6853] binder: 6849:6853 ioctl c0306201 2000000002c0 returned -14
[  201.835298][ T6885] binder: BINDER_SET_CONTEXT_MGR already set
[  201.843612][ T6885] binder: 6883:6885 ioctl 4018620d 200000004a80 returned -16
[  202.202828][ T6892] loop2: detected capacity change from 0 to 4096
[  203.122944][ T6892] binder: 6888:6892 ioctl c0306201 2000000002c0 returned -14
[  210.180762][ T6926] loop3: detected capacity change from 0 to 4096
[  210.420353][ T6926] binder: 6923:6926 ioctl c0306201 2000000002c0 returned -14
[  214.753637][ T6942] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  215.581636][ T6955] input: syz1 as /devices/virtual/input/input5
[  217.765498][ T6963] loop1: detected capacity change from 0 to 4096
[  218.368623][ T6963] binder: 6960:6963 ioctl c0306201 2000000002c0 returned -14
[  222.497581][ T6998] binder: BINDER_SET_CONTEXT_MGR already set
[  222.505905][ T6998] binder: 6997:6998 ioctl 4018620d 200000004a80 returned -16
[  222.857609][ T6999] block nbd2: shutting down sockets
[  226.561054][ T7024] binder: BINDER_SET_CONTEXT_MGR already set
[  226.625774][ T7024] binder: 7023:7024 ioctl 4018620d 200000004a80 returned -16
[  228.760313][ T1191] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  230.792678][ T1191] usb 3-1: unable to get BOS descriptor or descriptor too short
[  230.820973][ T1191] usb 3-1: config 1 has an invalid interface number: 201 but max is 1
[  230.833019][ T1191] usb 3-1: config 1 has no interface number 1
[  230.839304][ T1191] usb 3-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  230.854270][ T1191] usb 3-1: config 1 interface 0 has no altsetting 0
[  230.867005][ T1191] usb 3-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  230.876819][ T1191] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.895964][ T1191] usb 3-1: Product: syz
[  230.900631][ T1191] usb 3-1: Manufacturer: syz
[  230.906811][ T1191] usb 3-1: SerialNumber: syz
[  231.884216][ T7060] binder: 7059:7060 ioctl c0306201 0 returned -14
[  232.438138][ T1191] smsusb:smsusb_probe: board id=8, interface number 0
[  232.512664][ T1191] smsusb:smsusb_probe: board id=8, interface number 201
[  232.702902][ T1191] usb 3-1: USB disconnect, device number 2
[  235.314642][ T7085] loop1: detected capacity change from 0 to 4096
[  235.386607][ T7066] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  236.725622][ T7102] binder: 7101:7102 ioctl c0306201 0 returned -14
[  241.851380][ T7136] binder: 7134:7136 ioctl c0306201 0 returned -14
[  241.982871][ T7138] binder: BINDER_SET_CONTEXT_MGR already set
[  241.988918][ T7138] binder: 7137:7138 ioctl 4018620d 200000004a80 returned -16
[  244.124026][   T28] audit: type=1326 audit(1756638153.218:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.2.352" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5238d8ebe9 code=0x0
[  245.692997][ T7165] capability: warning: `syz.3.358' uses 32-bit capabilities (legacy support in use)
[  250.829887][ T7216] loop0: detected capacity change from 0 to 4096
[  250.875111][ T7216] binder: 7209:7216 ioctl c0306201 2000000002c0 returned -14
[  255.765312][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  255.772615][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  260.267727][ T7303] binder: BINDER_SET_CONTEXT_MGR already set
[  260.279584][ T7303] binder: 7302:7303 ioctl 4018620d 200000004a80 returned -16
[  260.643818][ T7312] loop1: detected capacity change from 0 to 4096
[  260.671989][ T7312] binder: 7310:7312 ioctl c0306201 2000000002c0 returned -14
[  264.622780][ T7335] loop3: detected capacity change from 0 to 4096
[  264.681970][ T7066] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  264.702329][ T7335] binder: 7334:7335 ioctl c0306201 2000000002c0 returned -14
[  264.813833][ T7339] fuse: Unknown parameter 'grou00000000000000000000'
[  265.263611][ T5851] hid-generic 0005:16BF:5505.0008: unknown main item tag 0x0
[  265.367793][ T5851] hid-generic 0005:16BF:5505.0008: unknown main item tag 0x0
[  265.579700][ T5851] hid-generic 0005:16BF:5505.0008: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  266.586719][ T7356] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  267.612968][ T7362] loop3: detected capacity change from 0 to 4096
[  267.686178][ T7362] binder: 7361:7362 ioctl c0306201 2000000002c0 returned -14
[  267.867735][ T7364] fuse: Unknown parameter 'grou00000000000000000000'
[  271.209332][ T7396] fuse: Bad value for 'fd'
[  274.221587][ T7429] fuse: Unknown parameter 'group_i00000000000000000000'
[  276.344415][ T7452] binder: 7449:7452 ioctl 4018620d 0 returned -22
[  276.412279][ T7454] binder: BINDER_SET_CONTEXT_MGR already set
[  276.435927][ T7454] binder: 7450:7454 ioctl 4018620d 200000004a80 returned -16
[  276.447123][ T7456] fuse: Unknown parameter 'group_i00000000000000000000'
[  281.394947][ T7488] binder: 7487:7488 ioctl 4018620d 0 returned -22
[  281.450750][ T7490] fuse: Unknown parameter 'group_i00000000000000000000'
[  284.253037][ T7511] loop3: detected capacity change from 0 to 4096
[  285.864137][ T7510] binder: 7508:7510 ioctl c0306201 2000000002c0 returned -14
[  286.751033][ T7517] binder: 7516:7517 ioctl 4018620d 0 returned -22
[  286.924734][ T7521] fuse: Unknown parameter 'group_id00000000000000000000'
[  288.960945][ T7546] loop3: detected capacity change from 0 to 4096
[  288.969223][ T7539] netlink: 'syz.0.492': attribute type 9 has an invalid length.
[  288.976996][ T7539] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.492'.
[  288.989991][ T7546] binder: 7543:7546 ioctl c0306201 2000000002c0 returned -14
[  290.460730][ T7555] binder: 7554:7555 ioctl c0306201 0 returned -14
[  290.591313][ T7557] fuse: Unknown parameter 'group_id00000000000000000000'
[  293.264741][ T7582] loop1: detected capacity change from 0 to 4096
[  293.343219][ T7582] binder: 7577:7582 ioctl c0306201 2000000002c0 returned -14
[  294.663904][ T7596] fuse: Unknown parameter 'group_id00000000000000000000'
[  295.047508][ T7600] binder: 7599:7600 ioctl c0306201 0 returned -14
[  297.257704][ T7625] netlink: 'syz.1.513': attribute type 9 has an invalid length.
[  297.266054][ T7625] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.513'.
[  298.256429][ T7678] loop1: detected capacity change from 0 to 4096
[  298.333414][ T7678] binder: 7674:7678 ioctl c0306201 2000000002c0 returned -14
[  299.212030][ T7683] fuse: Bad value for 'user_id'
[  301.807164][ T7691] binder: 7690:7691 ioctl c0306201 0 returned -14
[  303.714077][    T9] libceph: connect (1)[c::]:6789 error -101
[  303.749146][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  303.777957][ T7698] ceph: No mds server is up or the cluster is laggy
[  304.052741][ T1191] libceph: connect (1)[c::]:6789 error -101
[  304.086505][ T1191] libceph: mon0 (1)[c::]:6789 connect error
[  304.583666][ T7722] netlink: 196 bytes leftover after parsing attributes in process `syz.0.527'.
[  304.594585][ T7722] netlink: 196 bytes leftover after parsing attributes in process `syz.0.527'.
[  304.603812][ T7722] netlink: 19 bytes leftover after parsing attributes in process `syz.0.527'.
[  305.800236][ T5919] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  306.842008][ T7733] fuse: Bad value for 'user_id'
[  306.960701][ T5919] usb 1-1: config 127 has an invalid interface number: 127 but max is 0
[  306.986232][ T5919] usb 1-1: config 127 has no interface number 0
[  307.001271][ T5919] usb 1-1: New USB device found, idVendor=1bc7, idProduct=9201, bcdDevice=12.f5
[  307.068053][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.304954][ T5919] usb 1-1: string descriptor 0 read error: -71
[  307.409959][ T5919] option 1-1:127.127: GSM modem (1-port) converter detected
[  307.507318][ T5919] usb 1-1: USB disconnect, device number 3
[  307.571207][ T5919] option 1-1:127.127: device disconnected
[  312.783131][ T7765] fuse: Bad value for 'user_id'
[  317.213696][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  317.310334][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  318.922883][ T7801] fuse: Bad value for 'fd'
[  319.594237][ T7812] loop3: detected capacity change from 0 to 4096
[  320.043164][ T7812] binder: 7802:7812 ioctl c0306201 2000000002c0 returned -14
[  321.632887][ T7830] fuse: Bad value for 'fd'
[  324.244591][ T7847] loop0: detected capacity change from 0 to 4096
[  328.239335][ T7849] binder: 7844:7849 ioctl c0306201 2000000002c0 returned -14
[  329.392452][ T7066] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  329.691058][ T7857] fuse: Bad value for 'fd'
[  330.822172][ T7872] netlink: 196 bytes leftover after parsing attributes in process `syz.0.574'.
[  330.832032][ T7872] netlink: 196 bytes leftover after parsing attributes in process `syz.0.574'.
[  330.841123][ T7872] netlink: 19 bytes leftover after parsing attributes in process `syz.0.574'.
[  332.487857][ T7886] loop3: detected capacity change from 0 to 4096
[  333.863025][ T7886] binder: 7875:7886 ioctl c0306201 2000000002c0 returned -14
[  335.034035][ T7892] binder: 7891:7892 ioctl c0306201 0 returned -14
[  336.772785][ T7916] binder: 7914:7916 ioctl c0306201 0 returned -14
[  338.418013][ T7941] binder: 7940:7941 ioctl c0306201 0 returned -14
[  342.060334][ T7979] netlink: 32 bytes leftover after parsing attributes in process `syz.1.611'.
[  344.919219][ T7989] netlink: 'syz.0.615': attribute type 9 has an invalid length.
[  344.928732][ T7989] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.615'.
[  350.374490][ T8036] netlink: 'syz.3.629': attribute type 9 has an invalid length.
[  350.382211][ T8036] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.629'.
[  352.655938][ T8064] binder: BINDER_SET_CONTEXT_MGR already set
[  352.734640][ T8064] binder: 8063:8064 ioctl 4018620d 200000004a80 returned -16
[  355.322077][ T8096] netlink: 'syz.2.648': attribute type 9 has an invalid length.
[  355.329753][ T8096] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.648'.
[  360.852311][ T8167] loop3: detected capacity change from 0 to 4096
[  362.197032][ T8167] binder: 8163:8167 ioctl c0306201 2000000002c0 returned -14
[  365.147513][ T8191] loop0: detected capacity change from 0 to 1024
[  365.158081][ T8191] =======================================================
[  365.158081][ T8191] WARNING: The mand mount option has been deprecated and
[  365.158081][ T8191]          and is ignored by this kernel. Remove the mand
[  365.158081][ T8191]          option from the mount to silence this warning.
[  365.158081][ T8191] =======================================================
[  365.466126][ T8191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  365.485884][ T8191] ext4 filesystem being mounted at /166/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  367.226177][ T8198] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  368.343669][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  370.732085][ T8242] loop0: detected capacity change from 0 to 1024
[  370.898147][ T8242] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  370.950003][ T8242] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  371.228426][ T8247] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  373.806568][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  374.965389][ T8284] loop1: detected capacity change from 0 to 4096
[  375.361689][ T8284] binder: 8279:8284 ioctl c0306201 2000000002c0 returned -14
[  378.520908][ T8305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.704'.
[  378.587666][ T8305] team1: entered promiscuous mode
[  378.592838][ T8305] team1: entered allmulticast mode
[  379.335099][ T8307] loop3: detected capacity change from 0 to 1024
[  379.371421][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  379.377857][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  379.581783][ T8307] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  379.598679][ T8307] ext4 filesystem being mounted at /193/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  381.134009][ T8335] loop0: detected capacity change from 0 to 4096
[  381.464023][ T8313] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  385.182410][ T8338] binder: 8331:8338 ioctl c0306201 2000000002c0 returned -14
[  386.465321][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  388.625832][ T8365] loop3: detected capacity change from 0 to 1024
[  388.649683][ T8365] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  388.662295][ T8365] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  390.161824][ T8379] loop1: detected capacity change from 0 to 4096
[  391.150344][ T8368] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  392.902500][ T8379] binder: 8375:8379 ioctl c0306201 2000000002c0 returned -14
[  395.573867][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  398.069647][ T8418] loop2: detected capacity change from 0 to 4096
[  399.216282][ T8418] binder: 8411:8418 ioctl c0306201 2000000002c0 returned -14
[  400.426953][ T8426] loop3: detected capacity change from 0 to 1024
[  400.521830][ T8426] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  400.563181][ T8426] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  404.834394][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  405.502308][ T8498] fuse: Unknown parameter '0x0000000000000003'
[  407.208721][ T8512] loop1: detected capacity change from 0 to 1024
[  407.329209][ T8512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  407.372256][ T8512] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  407.970234][ T8525] loop0: detected capacity change from 0 to 4096
[  408.188124][ T8525] binder: 8520:8525 ioctl c0306201 2000000002c0 returned -14
[  409.088951][ T8528] fuse: Unknown parameter '0x0000000000000003'
[  409.869580][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  409.922671][ T8532] netlink: 'syz.2.767': attribute type 9 has an invalid length.
[  409.930999][ T8532] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.767'.
[  411.268049][ T8556] fuse: Unknown parameter '0x0000000000000003'
[  412.086895][ T8563] loop1: detected capacity change from 0 to 1024
[  412.244311][ T8563] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  412.290708][ T8563] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  414.662924][ T8589] fuse: Unknown parameter '0x0000000000000003'
[  414.716026][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  415.210619][ T8592] block nbd1: Device being setup by another task
[  415.530940][ T8590] block nbd1: shutting down sockets
[  417.370465][ T8613] loop1: detected capacity change from 0 to 1024
[  417.406108][ T8615] fuse: Unknown parameter '0x0000000000000003'
[  417.527108][ T8613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  417.567265][ T8613] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  420.709777][ T8646] fuse: Unknown parameter '0x0000000000000003'
[  420.781893][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  420.864929][ T8645] block nbd3: shutting down sockets
[  424.037684][ T8674] loop1: detected capacity change from 0 to 1024
[  424.128210][ T8674] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  424.651769][ T8674] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  425.680668][ T8677] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  426.505699][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  430.015471][ T8719] loop2: detected capacity change from 0 to 1024
[  430.243983][ T8719] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  430.267610][ T8719] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  431.520351][ T8725] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  432.886008][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  432.959622][ T8737] netlink: 'syz.1.830': attribute type 9 has an invalid length.
[  432.967414][ T8737] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.830'.
[  436.899563][ T8767] loop1: detected capacity change from 0 to 1024
[  437.591585][ T8767] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  437.788238][ T8767] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  440.093868][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  440.100378][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  440.184113][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  443.391962][ T8832] loop1: detected capacity change from 0 to 1024
[  443.436886][ T8832] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  443.461089][ T8832] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  443.854440][ T8835] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  447.654546][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  450.215205][ T8893] netlink: 'syz.2.875': attribute type 9 has an invalid length.
[  450.223159][ T8893] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.875'.
[  462.980406][ T8980] netlink: 'syz.2.902': attribute type 9 has an invalid length.
[  462.988083][ T8980] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.902'.
[  470.600141][ T9036] netlink: 'syz.2.919': attribute type 9 has an invalid length.
[  470.607908][ T9036] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.919'.
[  475.169689][ T9083] netlink: 'syz.3.932': attribute type 9 has an invalid length.
[  475.177662][ T9083] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.932'.
[  479.338330][ T9115] ieee802154 phy0 wpan0: encryption failed: -22
[  480.096619][ T9117] netlink: 'syz.2.942': attribute type 9 has an invalid length.
[  480.104442][ T9117] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.942'.
[  486.475244][ T9164] netlink: 'syz.1.954': attribute type 9 has an invalid length.
[  486.496412][ T9164] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.954'.
[  489.759484][ T9190] loop0: detected capacity change from 0 to 1024
[  489.864298][ T9190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  490.023307][ T9190] ext4 filesystem being mounted at /240/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  490.390237][ T9193] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  494.942366][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  497.770856][ T9250] netlink: 68 bytes leftover after parsing attributes in process `syz.3.984'.
[  498.019098][ T9268] loop1: detected capacity change from 0 to 1024
[  498.306403][ T9268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  498.318801][ T9268] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  501.202065][ T9275] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  501.526815][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  501.533244][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  501.536036][ T9313] netlink: 68 bytes leftover after parsing attributes in process `syz.0.997'.
[  504.563110][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  505.604950][ T9344] netlink: 'syz.0.1006': attribute type 9 has an invalid length.
[  505.614313][ T9344] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.1006'.
[  506.953723][ T9355] binder: BINDER_SET_CONTEXT_MGR already set
[  506.959873][ T9355] binder: 9354:9355 ioctl 4018620d 200000004a80 returned -16
[  508.483937][ T9368] loop2: detected capacity change from 0 to 1024
[  509.140758][ T9368] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  509.424739][ T9368] ext4 filesystem being mounted at /279/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  512.059511][ T9399] overlayfs: failed to resolve './file1': -2
[  512.076649][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  512.088945][ T9399] netlink: 'syz.1.1022': attribute type 9 has an invalid length.
[  512.097290][ T9399] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.1022'.
[  513.601398][ T5787] Bluetooth: hci3: unexpected event for opcode 0x2023
[  513.856174][ T9433] loop1: detected capacity change from 0 to 1024
[  514.075915][ T9433] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  514.573721][ T9433] ext4 filesystem being mounted at /230/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  516.459211][ T9451] overlayfs: failed to resolve './file1': -2
[  516.650373][ T9450] netlink: 'syz.0.1035': attribute type 9 has an invalid length.
[  516.658171][ T9450] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.1035'.
[  517.407170][ T9439] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  518.011424][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  519.097271][ T9485] team0: No ports can be present during mode change
[  520.247438][ T9501] loop1: detected capacity change from 0 to 1024
[  521.256268][ T9501] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  521.319452][ T9501] ext4 filesystem being mounted at /232/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  521.954155][ T9516] overlayfs: failed to resolve './file1': -2
[  522.053402][ T9516] netlink: 'syz.2.1054': attribute type 9 has an invalid length.
[  522.061386][ T9516] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1054'.
[  523.802658][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  523.884360][ T9531] loop0: detected capacity change from 0 to 1024
[  523.929873][ T9531] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  524.011082][ T9531] ext4 filesystem being mounted at /260/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  524.130214][   T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  524.320249][   T27] usb 3-1: Using ep0 maxpacket: 8
[  524.333575][   T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 19, changing to 8
[  524.353380][   T27] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[  524.393038][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.489856][   T27] usb 3-1: config 0 descriptor??
[  524.919054][   T27] asus 0003:0B05:17E0.0009: item fetching failed at offset 3/11
[  524.932433][   T27] asus 0003:0B05:17E0.0009: Asus hid parse failed: -22
[  524.963673][   T27] asus: probe of 0003:0B05:17E0.0009 failed with error -22
[  525.239094][   T27] usb 3-1: USB disconnect, device number 3
[  525.440404][ T9510] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  526.098705][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  528.945862][ T9566] netlink: 'syz.1.1067': attribute type 9 has an invalid length.
[  528.953711][ T9566] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.1067'.
[  530.396673][ T9594] loop3: detected capacity change from 0 to 1024
[  530.511488][ T9594] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  530.531193][ T9594] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  532.579556][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  532.741031][ T9612] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  532.896910][ T9624] bridge_slave_0: left allmulticast mode
[  532.902785][ T9624] bridge_slave_0: left promiscuous mode
[  532.909627][ T9624] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.000132][ T5787] Bluetooth: hci0: command 0x0406 tx timeout
[  535.288454][ T9624] bridge_slave_1: left allmulticast mode
[  535.305706][ T9624] bridge_slave_1: left promiscuous mode
[  535.328414][ T9624] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.388055][ T9624] bond0: (slave bond_slave_0): Releasing backup interface
[  535.467342][ T9624] bond0: (slave bond_slave_1): Releasing backup interface
[  535.504261][ T9624] team0: Port device team_slave_0 removed
[  535.557781][ T9624] team0: Port device team_slave_1 removed
[  535.587517][ T9624] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  535.598579][ T9624] batman_adv: batadv0: Removing interface: batadv_slave_0
[  535.722589][ T9624] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  535.761027][ T9624] batman_adv: batadv0: Removing interface: batadv_slave_1
[  538.298930][ T9659] netlink: 'syz.3.1091': attribute type 9 has an invalid length.
[  538.312775][ T9659] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.1091'.
[  538.958480][ T9667] fuse: Bad value for 'fd'
[  539.345738][ T9675] bridge_slave_0: left allmulticast mode
[  539.351992][ T9675] bridge_slave_0: left promiscuous mode
[  539.358405][ T9675] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.491073][ T9675] bridge_slave_1: left allmulticast mode
[  540.496956][ T9675] bridge_slave_1: left promiscuous mode
[  540.503400][ T9675] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.936569][ T9675] bond0: (slave bond_slave_0): Releasing backup interface
[  542.050599][ T9675] bond0: (slave bond_slave_1): Releasing backup interface
[  542.103819][ T9675] team0: Port device team_slave_0 removed
[  542.271799][ T9675] team0: Port device team_slave_1 removed
[  542.291558][ T9675] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  542.323508][ T9675] batman_adv: batadv0: Removing interface: batadv_slave_0
[  542.372809][ T9675] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  542.381816][ T9675] batman_adv: batadv0: Removing interface: batadv_slave_1
[  544.177575][ T9707] overlayfs: failed to resolve './file0': -2
[  544.715380][ T9707] netlink: 'syz.2.1106': attribute type 9 has an invalid length.
[  544.723313][ T9707] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1106'.
[  545.700296][ T5851] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  545.927989][ T5851] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  546.508539][ T5851] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  546.598273][ T5851] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  546.670146][ T5851] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.262291][ T9740] loop3: detected capacity change from 0 to 4096
[  547.573374][ T9740] binder: 9733:9740 ioctl c0306201 2000000002c0 returned -14
[  547.859967][ T5851] usb 2-1: usb_control_msg returned -32
[  547.890971][ T5851] usbtmc 2-1:16.0: can't read capabilities
[  549.901982][ T5851] usb 2-1: USB disconnect, device number 2
[  553.099860][ T9779] loop3: detected capacity change from 0 to 4096
[  554.064444][ T9779] binder: 9772:9779 ioctl c0306201 2000000002c0 returned -14
[  558.869885][ T9805] netlink: 'syz.0.1134': attribute type 11 has an invalid length.
[  559.011929][ T9805] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1134'.
[  559.470552][ T9813] bridge_slave_0: left allmulticast mode
[  559.476297][ T9813] bridge_slave_0: left promiscuous mode
[  559.482574][ T9813] bridge0: port 1(bridge_slave_0) entered disabled state
[  563.326424][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  563.347204][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  563.829136][ T9813] bridge_slave_1: left allmulticast mode
[  563.836192][ T9813] bridge_slave_1: left promiscuous mode
[  563.842326][ T9813] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.809125][ T9813] bond0: (slave bond_slave_0): Releasing backup interface
[  565.849312][ T9813] bond0: (slave bond_slave_1): Releasing backup interface
[  565.898025][ T9813] team0: Port device team_slave_0 removed
[  565.925418][ T9813] team0: Port device team_slave_1 removed
[  565.942277][ T9813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  565.951896][ T9813] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.968282][ T9813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  565.976453][ T9813] batman_adv: batadv0: Removing interface: batadv_slave_1
[  569.083347][ T9872] loop2: detected capacity change from 0 to 4096
[  572.286263][ T9877] binder: BINDER_SET_CONTEXT_MGR already set
[  572.308648][ T9877] binder: 9876:9877 ioctl 4018620d 200000004a80 returned -16
[  575.173705][    T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  576.442252][    T8] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  576.552028][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.733447][    T8] usb 3-1: Product: syz
[  576.778552][    T8] usb 3-1: Manufacturer: syz
[  576.920061][    T8] usb 3-1: SerialNumber: syz
[  576.967000][    T8] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  577.068085][ T1191] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  577.411130][ T9885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  577.481692][ T9885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  578.580172][ T5919] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  578.580461][ T1191] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  578.803254][ T5919] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  578.836157][ T5919] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  578.850717][ T5919] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  578.869519][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.950981][ T1191] ath9k_htc: Failed to initialize the device
[  579.243181][ T9914] loop3: detected capacity change from 0 to 4096
[  581.021227][ T5919] usb 1-1: usb_control_msg returned -32
[  581.027255][ T5919] usbtmc 1-1:16.0: can't read capabilities
[  581.030275][ T9914] binder: 9910:9914 ioctl c0306201 2000000002c0 returned -14
[  581.046442][ T1191] usb 3-1: ath9k_htc: USB layer deinitialized
[  581.300505][ T5919] usb 3-1: USB disconnect, device number 4
[  581.436542][ T1191] usb 1-1: USB disconnect, device number 4
[  586.710284][ T5909] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  587.674613][ T5909] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  587.688813][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.741653][ T5909] usb 1-1: Product: syz
[  587.746042][ T5909] usb 1-1: Manufacturer: syz
[  587.750912][ T5909] usb 1-1: SerialNumber: syz
[  587.864518][ T5909] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  587.895850][ T5790] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  588.081752][ T9961] overlayfs: failed to resolve './file1': -2
[  588.145626][ T9962] netlink: 'syz.1.1175': attribute type 9 has an invalid length.
[  588.153735][ T9962] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.1175'.
[  588.641600][ T9947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.680641][ T9947] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  588.970173][ T5790] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  589.014217][ T5790] ath9k_htc: Failed to initialize the device
[  589.085118][ T5790] usb 1-1: ath9k_htc: USB layer deinitialized
[  589.770033][ T5909] usb 1-1: USB disconnect, device number 5
[  594.913338][T10007] overlayfs: failed to resolve './file1': -2
[  594.925672][T10007] netlink: 'syz.2.1186': attribute type 9 has an invalid length.
[  594.933609][T10007] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1186'.
[  596.518139][   T55] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  597.488171][   T55] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  597.506674][   T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.533706][   T55] usb 4-1: Product: syz
[  597.537967][   T55] usb 4-1: Manufacturer: syz
[  597.544629][   T55] usb 4-1: SerialNumber: syz
[  597.588634][   T55] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  597.607379][ T5909] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  598.532311][   T55] usb 4-1: USB disconnect, device number 6
[  598.757393][ T5909] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  598.764907][ T5909] ath9k_htc: Failed to initialize the device
[  598.773370][   T55] usb 4-1: ath9k_htc: USB layer deinitialized
[  601.682331][T10056] loop3: detected capacity change from 0 to 4096
[  601.771728][T10056] binder: 10049:10056 ioctl c0306201 2000000002c0 returned -14
[  606.501792][T10095] loop3: detected capacity change from 0 to 4096
[  606.857453][T10095] binder: 10087:10095 ioctl c0306201 2000000002c0 returned -14
[  610.494611][T10109] overlayfs: failed to resolve './file1': -2
[  610.587935][T10107] netlink: 'syz.3.1215': attribute type 9 has an invalid length.
[  610.595774][T10107] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.1215'.
[  610.668155][T10113] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1217'.
[  616.394754][T10151] binder: 10150:10151 ioctl 4018620d 0 returned -22
[  617.598415][T10159] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  621.035783][   T65] Bluetooth: hci4: Frame reassembly failed (-84)
[  623.042548][ T5787] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  623.049176][ T5791] Bluetooth: hci4: command 0x1003 tx timeout
[  624.126063][T10211] binder: BINDER_SET_CONTEXT_MGR already set
[  624.132217][T10211] binder: 10209:10211 ioctl 4018620d 200000004a80 returned -16
[  624.598927][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  624.605457][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  629.674473][T10252] binder: BINDER_SET_CONTEXT_MGR already set
[  629.720523][T10252] binder: 10251:10252 ioctl 4018620d 200000004a80 returned -16
[  629.910205][    T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  631.600359][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  631.667457][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  631.690039][    T8] usb 2-1: New USB device found, idVendor=06a3, idProduct=0cfa, bcdDevice= 0.00
[  631.705252][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.719305][    T8] usb 2-1: config 0 descriptor??
[  632.983460][    T8] usbhid 2-1:0.0: can't add hid device: -71
[  633.010278][    T8] usbhid: probe of 2-1:0.0 failed with error -71
[  633.032526][    T8] usb 2-1: USB disconnect, device number 3
[  633.083615][T10186] Bluetooth: hci3: unexpected event for opcode 0x2042
[  633.390091][ T5824] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  633.455841][T10280] binder: BINDER_SET_CONTEXT_MGR already set
[  633.465850][T10280] binder: 10279:10280 ioctl 4018620d 200000004a80 returned -16
[  633.582072][ T5824] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  633.607086][ T5824] usb 4-1: config 0 has no interface number 0
[  633.629139][ T5824] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  633.678271][ T5824] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  634.855982][ T5824] usb 4-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  634.940074][ T5824] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  634.971826][ T5824] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.011996][ T5824] usb 4-1: config 0 descriptor??
[  636.250184][ T5824] usb 4-1: can't set config #0, error -71
[  636.260231][ T5824] usb 4-1: USB disconnect, device number 7
[  637.122490][T10186] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  637.148024][T10186] Bluetooth: hci3: Injecting HCI hardware error event
[  637.156977][T10186] Bluetooth: hci3: hardware error 0x00
[  638.237677][T10317] binder: 10316:10317 ioctl c0306201 0 returned -14
[  639.520113][T10186] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  640.788252][T10333] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  642.548811][T10335] loop2: detected capacity change from 0 to 4096
[  644.765858][T10341] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  644.787062][ T1077] Bluetooth: hci4: Frame reassembly failed (-84)
[  646.840196][T10186] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  647.951063][T10365] binder: 10364:10365 ioctl c0306201 0 returned -14
[  648.018708][T10365] binder: BINDER_SET_CONTEXT_MGR already set
[  648.084963][T10365] binder: 10364:10365 ioctl 4018620d 200000004a80 returned -16
[  651.136294][T10379] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  651.485828][T10387] loop1: detected capacity change from 0 to 4096
[  653.043174][T10387] binder: 10384:10387 ioctl c0306201 2000000002c0 returned -14
[  656.651302][T10403] binder: 10402:10403 ioctl c0306201 0 returned -14
[  661.937578][ T7666] Bluetooth: hci4: Frame reassembly failed (-84)
[  662.047735][T10428] usb usb1: usbfs: process 10428 (syz.3.1305) did not claim interface 0 before use
[  662.060559][T10428] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  663.920195][ T5791] Bluetooth: hci4: command 0x1003 tx timeout
[  663.940333][T10186] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  674.722262][T10480] loop0: detected capacity change from 0 to 4096
[  677.097738][T10480] binder: 10474:10480 ioctl c0306201 2000000002c0 returned -14
[  678.050161][ T7066] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  685.647073][T10508] bridge_slave_0: left allmulticast mode
[  685.653064][T10508] bridge_slave_0: left promiscuous mode
[  685.659122][T10508] bridge0: port 1(bridge_slave_0) entered disabled state
[  686.343199][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  686.352516][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  687.088005][T10508] bridge_slave_1: left allmulticast mode
[  687.113145][T10508] bridge_slave_1: left promiscuous mode
[  687.118868][T10508] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.043165][T10508] bond0: (slave bond_slave_0): Releasing backup interface
[  688.087660][T10508] bond0: (slave bond_slave_1): Releasing backup interface
[  688.301686][T10508] team0: Port device team_slave_0 removed
[  688.351871][T10508] team0: Port device team_slave_1 removed
[  688.358279][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  688.381014][ T5791] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  688.391556][ T5791] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  688.423957][ T5791] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  688.433370][ T5791] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  688.443757][ T5791] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  688.445843][T10508] batman_adv: batadv0: Removing interface: batadv_slave_0
[  688.460231][ T5791] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  688.521456][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  688.529664][T10508] batman_adv: batadv0: Removing interface: batadv_slave_1
[  688.742992][T10530] loop2: detected capacity change from 0 to 4096
[  688.820137][ T5909] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  690.480185][T10186] Bluetooth: hci4: command tx timeout
[  692.029029][T10530] binder: 10523:10530 ioctl c0306201 2000000002c0 returned -14
[  693.201315][ T5909] usb 2-1: device not accepting address 4, error -71
[  693.209513][T10186] Bluetooth: hci4: command tx timeout
[  695.281140][T10186] Bluetooth: hci4: command tx timeout
[  695.521130][ T1077] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.028160][ T1077] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.355712][ T1077] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.418170][T10521] chnl_net:caif_netlink_parms(): no params data found
[  696.637691][ T1077] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.761803][T10566] program syz.2.1342 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  697.059739][T10573] loop1: detected capacity change from 0 to 4096
[  698.036064][T10186] Bluetooth: hci4: command tx timeout
[  698.064515][T10573] binder: 10565:10573 ioctl c0306201 2000000002c0 returned -14
[  699.282285][T10521] bridge0: port 1(bridge_slave_0) entered blocking state
[  699.326163][T10521] bridge0: port 1(bridge_slave_0) entered disabled state
[  699.347011][T10521] bridge_slave_0: entered allmulticast mode
[  699.607140][T10521] bridge_slave_0: entered promiscuous mode
[  699.641139][T10521] bridge0: port 2(bridge_slave_1) entered blocking state
[  699.664186][T10521] bridge0: port 2(bridge_slave_1) entered disabled state
[  699.683526][T10521] bridge_slave_1: entered allmulticast mode
[  699.722763][T10521] bridge_slave_1: entered promiscuous mode
[  701.751229][T10521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  701.773389][T10521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  703.303848][   T28] audit: type=1326 audit(1756638612.258:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10588 comm="syz.0.1347" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4d5e38ebe9 code=0x0
[  703.454807][T10521] team0: Port device team_slave_0 added
[  703.497861][T10521] team0: Port device team_slave_1 added
[  704.018991][T10521] batman_adv: batadv0: Adding interface: batadv_slave_0
[  704.182044][T10521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.576370][T10521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  704.648780][T10521] batman_adv: batadv0: Adding interface: batadv_slave_1
[  704.655883][T10521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.713440][T10521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  705.063071][T10521] hsr_slave_0: entered promiscuous mode
[  705.073646][T10521] hsr_slave_1: entered promiscuous mode
[  705.092803][T10521] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  705.110198][T10521] Cannot create hsr debugfs directory
[  705.845207][T10627] loop2: detected capacity change from 0 to 4096
[  705.913237][T10627] binder: 10619:10627 ioctl c0306201 2000000002c0 returned -14
[  707.303234][T10521] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  707.362177][T10521] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  708.474665][T10521] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  708.532555][T10521] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  709.492478][T10521] 8021q: adding VLAN 0 to HW filter on device bond0
[  709.576710][ T1077] hsr_slave_0: left promiscuous mode
[  709.601081][ T1077] hsr_slave_1: left promiscuous mode
[  710.017493][ T1077] veth1_macvtap: left promiscuous mode
[  710.060244][ T1077] veth0_macvtap: left promiscuous mode
[  710.070479][ T1077] veth1_vlan: left promiscuous mode
[  710.083139][ T1077] veth0_vlan: left promiscuous mode
[  715.807539][ T1077] bond0 (unregistering): Released all slaves
[  716.229006][T10521] 8021q: adding VLAN 0 to HW filter on device team0
[  716.305048][ T7654] bridge0: port 1(bridge_slave_0) entered blocking state
[  716.312266][ T7654] bridge0: port 1(bridge_slave_0) entered forwarding state
[  716.358228][ T7654] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.365545][ T7654] bridge0: port 2(bridge_slave_1) entered forwarding state
[  716.457851][T10521] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  716.468434][T10521] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  719.365301][T10746] loop1: detected capacity change from 0 to 4096
[  719.704807][T10746] binder: 10739:10746 ioctl c0306201 2000000002c0 returned -14
[  720.377271][T10756] netlink: set zone limit has 8 unknown bytes
[  720.445411][T10521] 8021q: adding VLAN 0 to HW filter on device batadv0
[  722.243750][T10521] veth0_vlan: entered promiscuous mode
[  722.268028][T10521] veth1_vlan: entered promiscuous mode
[  722.969066][T10521] veth0_macvtap: entered promiscuous mode
[  723.027910][T10521] veth1_macvtap: entered promiscuous mode
[  724.642867][T10797] loop0: detected capacity change from 0 to 4096
[  724.972589][T10521] batman_adv: batadv0: Interface activated: batadv_slave_0
[  725.306059][T10797] binder: 10791:10797 ioctl c0306201 2000000002c0 returned -14
[  725.594676][T10521] batman_adv: batadv0: Interface activated: batadv_slave_1
[  725.691767][T10521] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  725.788793][T10521] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  725.868963][T10521] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  725.914332][T10521] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  726.612830][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.632695][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  729.161414][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  729.169281][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  735.204728][T10869] bridge_slave_0: left allmulticast mode
[  735.234020][T10869] bridge_slave_0: left promiscuous mode
[  735.272638][T10869] bridge0: port 1(bridge_slave_0) entered disabled state
[  736.424765][T10869] bridge_slave_1: left allmulticast mode
[  736.430842][T10869] bridge_slave_1: left promiscuous mode
[  736.439835][T10869] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.589669][T10891] loop0: detected capacity change from 0 to 4096
[  738.999231][T10869] bond0: (slave bond_slave_0): Releasing backup interface
[  739.055823][T10869] bond0: (slave bond_slave_1): Releasing backup interface
[  739.164040][T10869] team0: Port device team_slave_0 removed
[  739.245530][T10869] team0: Port device team_slave_1 removed
[  739.405671][T10869] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  739.420139][T10869] batman_adv: batadv0: Removing interface: batadv_slave_0
[  739.997544][T10869] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  740.014767][T10869] batman_adv: batadv0: Removing interface: batadv_slave_1
[  740.032689][T10874] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551615)
[  740.195198][T10903] binder: 10902:10903 ioctl 4018620d 0 returned -22
[  745.494741][T10942] usb usb1: usbfs: process 10942 (syz.4.1408) did not claim interface 0 before use
[  745.550182][T10942] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  745.746418][T10946] loop0: detected capacity change from 0 to 4096
[  747.131696][T10946] binder: 10941:10946 ioctl c0306201 2000000002c0 returned -14
[  747.347495][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  747.370063][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  748.572941][T10950] fuse: Bad value for 'fd'
[  752.217570][T10967] block nbd4: shutting down sockets
[  752.408188][T10963] binder: 10962:10963 ioctl 4018620d 0 returned -22
[  755.730186][T10994] loop1: detected capacity change from 0 to 4096
[  756.814137][T10994] binder: 10989:10994 ioctl c0306201 2000000002c0 returned -14
[  758.422373][T11004] fuse: Bad value for 'fd'
[  759.255893][T11006] binder: 11005:11006 ioctl 4018620d 0 returned -22
[  764.537277][T11065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1432'.
[  764.547569][T11061] binder: 11059:11061 ioctl c0306201 0 returned -14
[  764.776951][T11074] loop1: detected capacity change from 0 to 4096
[  766.152121][T11074] binder: 11055:11074 ioctl c0306201 2000000002c0 returned -14
[  773.854412][    T8] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  774.220953][    T8] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  775.742461][T11101] fido_id[11101]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  775.878035][T11111] binder: 11110:11111 ioctl c0306201 0 returned -14
[  776.133794][T11116] loop2: detected capacity change from 0 to 4096
[  777.253702][T11116] binder: 11112:11116 ioctl c0306201 2000000002c0 returned -14
[  778.801753][T11125] vlan0: entered promiscuous mode
[  780.037529][T11125] team0: Port device vlan0 added
[  782.436259][T11172] loop1: detected capacity change from 0 to 4096
[  784.262803][T11172] binder: 11165:11172 ioctl c0306201 2000000002c0 returned -14
[  784.598863][ T7066] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  785.595246][T11177] binder: BINDER_SET_CONTEXT_MGR already set
[  786.048824][T11177] binder: 11176:11177 ioctl 4018620d 200000004a80 returned -16
[  787.008089][T11177] binder: 11176:11177 ioctl c0306201 0 returned -14
[  789.183679][T11193] input: syz0 as /devices/virtual/input/input6
[  789.859438][T11200] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1466'.
[  792.857171][T11223] loop4: detected capacity change from 0 to 4096
[  798.316500][ T7066] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  798.530047][ T5851] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  798.783789][ T5851] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  798.810306][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.835404][ T5851] usb 2-1: Product: syz
[  800.112708][ T5851] usb 2-1: Manufacturer: syz
[  800.117562][ T5851] usb 2-1: SerialNumber: syz
[  800.159280][ T5851] usb 2-1: config 0 descriptor??
[  801.677292][T11271] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1476'.
[  805.920807][   T55] usb 2-1: USB disconnect, device number 6
[  807.681502][ T5791] Bluetooth: hci2: command 0x0406 tx timeout
[  808.744707][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  808.987678][T11312] loop2: detected capacity change from 0 to 4096
[  809.027387][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  810.859220][T10186] Bluetooth: hci4: command 0x0406 tx timeout
[  816.555753][T11364] loop4: detected capacity change from 0 to 4096
[  816.746041][T11364] binder: 11357:11364 ioctl c0306201 2000000002c0 returned -14
[  816.796008][T10186] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  816.808039][T10186] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  816.817695][T10186] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  816.826140][T10186] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  816.834309][T10186] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  816.843865][T10186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  818.960271][T10186] Bluetooth: hci0: command tx timeout
[  821.700224][T10186] Bluetooth: hci0: command tx timeout
[  821.929049][   T40] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.282338][   T40] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  823.575952][   T40] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  823.770621][T10186] Bluetooth: hci0: command tx timeout
[  823.835108][   T40] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.234907][T11366] chnl_net:caif_netlink_parms(): no params data found
[  825.112166][T11366] bridge0: port 1(bridge_slave_0) entered blocking state
[  825.199182][T11366] bridge0: port 1(bridge_slave_0) entered disabled state
[  825.282047][T11366] bridge_slave_0: entered allmulticast mode
[  825.381727][T11366] bridge_slave_0: entered promiscuous mode
[  825.420883][T11366] bridge0: port 2(bridge_slave_1) entered blocking state
[  825.464797][T11366] bridge0: port 2(bridge_slave_1) entered disabled state
[  825.510635][T11366] bridge_slave_1: entered allmulticast mode
[  825.558670][T11366] bridge_slave_1: entered promiscuous mode
[  825.841060][T10186] Bluetooth: hci0: command tx timeout
[  826.206163][T11366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  826.233790][T11366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  827.174053][T11366] team0: Port device team_slave_0 added
[  827.552689][T11366] team0: Port device team_slave_1 added
[  828.483369][T11366] batman_adv: batadv0: Adding interface: batadv_slave_0
[  828.503519][T11366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  829.380083][T11366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  829.519803][T11366] batman_adv: batadv0: Adding interface: batadv_slave_1
[  829.541731][T11366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  829.630723][T11366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  829.959991][T11480] netlink: 'syz.4.1512': attribute type 10 has an invalid length.
[  830.117439][T11480] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  831.658343][T11366] hsr_slave_0: entered promiscuous mode
[  831.706848][T11366] hsr_slave_1: entered promiscuous mode
[  831.717710][T11366] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  831.727924][T11366] Cannot create hsr debugfs directory
[  833.075631][   T40] hsr_slave_0: left promiscuous mode
[  833.123795][   T40] hsr_slave_1: left promiscuous mode
[  837.261968][   T40] veth1_macvtap: left promiscuous mode
[  837.267662][   T40] veth0_macvtap: left promiscuous mode
[  837.283986][   T40] veth1_vlan: left promiscuous mode
[  837.298137][   T40] veth0_vlan: left promiscuous mode
[  842.075193][   T40] bond0 (unregistering): Released all slaves
[  842.904045][T11579] loop2: detected capacity change from 0 to 4096
[  844.135895][T11523] team0: Port device vlan0 removed
[  845.153635][T11579] binder: 11573:11579 ioctl c0306201 2000000002c0 returned -14
[  845.982784][T11523] bond0: (slave wlan1): Releasing backup interface
[  846.001750][T11305] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  847.956393][T11366] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  848.028155][T11595] binder: 11594:11595 ioctl c0306201 0 returned -14
[  848.048705][T11366] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  848.420835][T11366] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  848.623638][T11366] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  848.989123][T11366] 8021q: adding VLAN 0 to HW filter on device bond0
[  849.113230][T11366] 8021q: adding VLAN 0 to HW filter on device team0
[  849.687904][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.695234][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state
[  850.084408][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state
[  850.091665][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state
[  850.243554][T11366] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  850.266099][T11366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  851.202181][ T5868] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  851.430064][ T5868] usb 5-1: Using ep0 maxpacket: 16
[  851.778097][T11632] loop2: detected capacity change from 0 to 4096
[  851.857824][ T5868] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  851.962080][T11632] binder: 11625:11632 ioctl c0306201 2000000002c0 returned -14
[  852.254611][ T5868] usb 5-1: config 0 interface 0 has no altsetting 0
[  852.290078][ T5868] usb 5-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  853.434229][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.445706][ T5868] usb 5-1: config 0 descriptor??
[  853.556197][T11366] 8021q: adding VLAN 0 to HW filter on device batadv0
[  853.770107][ T5868] usbhid 5-1:0.0: can't add hid device: -71
[  853.776169][ T5868] usbhid: probe of 5-1:0.0 failed with error -71
[  854.395681][ T5868] usb 5-1: USB disconnect, device number 2
[  854.437619][T11645] binder: 11644:11645 ioctl c0306201 0 returned -14
[  856.547345][T11366] veth0_vlan: entered promiscuous mode
[  857.968981][T11366] veth1_vlan: entered promiscuous mode
[  858.087201][T11687] process 'syz.0.1549' launched './file2' with NULL argv: empty string added
[  858.200794][T11366] veth0_macvtap: entered promiscuous mode
[  858.214629][T11366] veth1_macvtap: entered promiscuous mode
[  858.592889][T11366] batman_adv: batadv0: Interface activated: batadv_slave_0
[  858.624623][T11366] batman_adv: batadv0: Interface activated: batadv_slave_1
[  858.696964][T11366] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  858.750959][T11366] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  858.790061][T11366] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  858.845726][T11366] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  859.220408][ T6307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  859.228316][ T6307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  859.246982][T11697] binder: 11696:11697 ioctl c0306201 0 returned -14
[  859.381683][T11702] loop0: detected capacity change from 0 to 4096
[  861.261930][T11702] binder: 11698:11702 ioctl c0306201 2000000002c0 returned -14
[  862.388843][ T7666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  862.444956][ T7666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.998611][T11753] loop2: detected capacity change from 0 to 4096
[  870.490507][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  870.497441][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  870.615188][T11653] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  870.633372][T11753] binder: 11733:11753 ioctl c0306201 2000000002c0 returned -14
[  876.947342][ T5868] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  877.161331][ T5868] usb 5-1: Using ep0 maxpacket: 8
[  877.188094][ T5868] usb 5-1: config 0 has an invalid interface number: 150 but max is 0
[  877.216892][ T5868] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  877.290334][ T5868] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  877.385085][ T5868] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  877.472414][ T5868] usb 5-1: config 0 has no interface number 0
[  877.529308][ T5868] usb 5-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  877.672706][ T5868] usb 5-1: config 0 interface 150 has no altsetting 0
[  877.718149][ T5868] usb 5-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  877.769962][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.832867][ T5868] usb 5-1: config 0 descriptor??
[  882.039280][ T5868] usb 5-1: USB disconnect, device number 3
[  887.175920][T11869] syz.0.1584: attempt to access beyond end of device
[  887.175920][T11869] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  887.190360][T11869] SQUASHFS error: Failed to read block 0x0: -5
[  887.196646][T11869] unable to read squashfs_super_block
[  888.192536][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  888.202335][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  888.210737][    T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  888.218577][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  888.228458][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  888.236807][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  888.244825][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  888.450218][    T8] usb 6-1: Using ep0 maxpacket: 8
[  888.473854][T11862] binder: 11859:11862 ioctl 4018f50b 0 returned -22
[  888.506131][    T8] usb 6-1: unable to get BOS descriptor or descriptor too short
[  888.534337][    T8] usb 6-1: unable to read config index 0 descriptor/start: -71
[  888.560252][    T8] usb 6-1: can't read configurations, error -71
[  888.614142][ T1126] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.786422][ T1126] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.889588][ T1126] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.966276][ T1126] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  889.386482][T11875] chnl_net:caif_netlink_parms(): no params data found
[  890.327893][ T5791] Bluetooth: hci1: command tx timeout
[  891.677790][T11875] bridge0: port 1(bridge_slave_0) entered blocking state
[  891.708103][T11875] bridge0: port 1(bridge_slave_0) entered disabled state
[  892.168146][T11875] bridge_slave_0: entered allmulticast mode
[  892.244523][T11875] bridge_slave_0: entered promiscuous mode
[  892.396786][T11875] bridge0: port 2(bridge_slave_1) entered blocking state
[  892.413426][ T5791] Bluetooth: hci1: command tx timeout
[  892.419058][T11875] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.472094][T11875] bridge_slave_1: entered allmulticast mode
[  892.506634][T11875] bridge_slave_1: entered promiscuous mode
[  894.358238][T11875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  894.420229][T11875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  894.481382][ T5791] Bluetooth: hci1: command tx timeout
[  894.595082][T11938] dvmrp0: entered allmulticast mode
[  894.824028][T11875] team0: Port device team_slave_0 added
[  894.832427][T11875] team0: Port device team_slave_1 added
[  894.948716][T11875] batman_adv: batadv0: Adding interface: batadv_slave_0
[  895.038727][T11875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  895.088472][T11875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  895.210673][T11875] batman_adv: batadv0: Adding interface: batadv_slave_1
[  895.242584][T11875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  895.350924][T11875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  896.559938][T10186] Bluetooth: hci1: command tx timeout
[  896.693999][T11875] hsr_slave_0: entered promiscuous mode
[  896.781792][T11875] hsr_slave_1: entered promiscuous mode
[  901.200840][ T1126] hsr_slave_0: left promiscuous mode
[  901.231125][ T1126] hsr_slave_1: left promiscuous mode
[  901.597898][ T1126] veth1_macvtap: left promiscuous mode
[  901.616452][ T1126] veth0_macvtap: left promiscuous mode
[  901.640155][ T1126] veth1_vlan: left promiscuous mode
[  901.649052][ T1126] veth0_vlan: left promiscuous mode
[  904.179020][ T1126] bond0 (unregistering): Released all slaves
[  905.687410][T12026] bridge_slave_0: left allmulticast mode
[  905.693581][T12026] bridge_slave_0: left promiscuous mode
[  905.699700][T12026] bridge0: port 1(bridge_slave_0) entered disabled state
[  906.290812][T12026] bridge_slave_1: left allmulticast mode
[  906.296983][T12026] bridge_slave_1: left promiscuous mode
[  907.466408][T12026] bridge0: port 2(bridge_slave_1) entered disabled state
[  907.488890][T12026] bond0: (slave bond_slave_0): Releasing backup interface
[  907.509407][T12026] bond0: (slave bond_slave_1): Releasing backup interface
[  907.563306][T12026] team0: Port device team_slave_0 removed
[  907.597690][T12026] team0: Port device team_slave_1 removed
[  907.619799][T12026] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  907.633573][T12026] batman_adv: batadv0: Removing interface: batadv_slave_0
[  907.647270][T12026] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  907.658549][T12026] batman_adv: batadv0: Removing interface: batadv_slave_1
[  907.709238][T11875] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  907.733976][T12041] tipc: Started in network mode
[  907.739005][T12041] tipc: Node identity 8ece925098ef, cluster identity 4711
[  907.752734][T12041] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  907.762739][T11875] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  907.788392][T11875] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  907.849011][T11875] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  907.922908][T12038] syzkaller0: entered promiscuous mode
[  907.928512][T12038] syzkaller0: entered allmulticast mode
[  908.334145][T12038] tipc: Resetting bearer <eth:syzkaller0>
[  908.380549][T12037] tipc: Resetting bearer <eth:syzkaller0>
[  908.486180][T12037] tipc: Disabling bearer <eth:syzkaller0>
[  909.038826][T11875] 8021q: adding VLAN 0 to HW filter on device bond0
[  909.215554][T11875] 8021q: adding VLAN 0 to HW filter on device team0
[  909.239170][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.246379][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[  910.873932][ T1118] bridge0: port 2(bridge_slave_1) entered blocking state
[  910.881123][ T1118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  911.725940][T11875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  912.215549][T12087] [U] 
[  914.688276][T11875] veth0_vlan: entered promiscuous mode
[  914.766037][T11875] veth1_vlan: entered promiscuous mode
[  914.902920][T11875] veth0_macvtap: entered promiscuous mode
[  917.105594][T11875] veth1_macvtap: entered promiscuous mode
[  917.129141][T11875] batman_adv: batadv0: Interface activated: batadv_slave_0
[  917.251366][T11875] batman_adv: batadv0: Interface activated: batadv_slave_1
[  917.345058][T11875] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  917.357534][T11875] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  917.368289][T11875] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  917.389929][T11875] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  917.576859][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  917.609546][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  917.675863][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  917.685780][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  919.140155][ T5824] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  919.529965][ T5824] usb 6-1: Using ep0 maxpacket: 16
[  919.552389][ T5824] usb 6-1: config index 0 descriptor too short (expected 4495, got 71)
[  919.578789][ T5824] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  919.594513][ T5824] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  919.605153][ T5824] usb 6-1: config 0 has no interface number 0
[  919.618073][ T5824] usb 6-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  920.882893][ T5824] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  920.929950][ T5824] usb 6-1: Product: syz
[  920.934169][ T5824] usb 6-1: Manufacturer: syz
[  920.938787][ T5824] usb 6-1: SerialNumber: syz
[  921.080090][ T5824] usb 6-1: config 0 descriptor??
[  922.232150][ T5824] usb 6-1: Found UVC 0.00 device syz (046c:14e0)
[  922.238599][ T5824] usb 6-1: No valid video chain found.
[  922.320403][ T5824] usb 6-1: USB disconnect, device number 4
[  925.693959][T12184] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  925.703548][T12184] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  925.713646][T12184] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  926.623478][T12193] Bluetooth: hci3: Frame reassembly failed (-84)
[  927.873646][T12218] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1642'.
[  928.651615][T10186] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  931.621125][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  931.645144][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  932.380151][   T55] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  932.570270][   T55] usb 5-1: Using ep0 maxpacket: 8
[  932.605621][   T55] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  932.644074][   T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  932.676673][   T55] pvrusb2: Hardware description: Terratec Grabster AV400
[  932.699920][   T55] pvrusb2: **********
[  932.713084][   T55] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  932.763023][   T55] pvrusb2: Important functionality might not be entirely working.
[  932.784261][   T55] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  932.860142][   T55] pvrusb2: **********
[  932.893263][ T2322] pvrusb2: Invalid write control endpoint
[  933.096623][ T2322] pvrusb2: Invalid write control endpoint
[  933.149420][ T2322] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  933.194569][ T2322] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  933.219974][ T2322] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  933.249933][ T2322] pvrusb2: Device being rendered inoperable
[  933.266395][T12268] pvrusb2: Attempted to execute control transfer when device not ok
[  933.283097][   T55] usb 5-1: USB disconnect, device number 4
[  933.294539][ T2322] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  933.320581][ T2322] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  933.364013][ T2322] pvrusb2: Attached sub-driver cx25840
[  933.400221][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  933.429982][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  934.993575][T12301] binder: BINDER_SET_CONTEXT_MGR already set
[  935.000958][T12301] binder: 12300:12301 ioctl 4018620d 200000004a80 returned -16
[  935.136749][T12297] tipc: Started in network mode
[  935.149963][T12297] tipc: Node identity cefc85010ede, cluster identity 4711
[  935.157360][T12297] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  935.189662][T12294] tipc: Resetting bearer <eth:syzkaller0>
[  936.224744][ T5909] tipc: Node number set to 3223487745
[  936.446822][T12310] overlayfs: missing 'lowerdir'
[  938.865549][T12327] comedi comedi3: pcl711: I/O port conflict (0x4f27,16)
[  941.517726][T12270] Set syz1 is full, maxelem 65536 reached
[  943.755218][T12294] tipc: Disabling bearer <eth:syzkaller0>
[  943.922302][T10186] Bluetooth: hci0: command 0x0406 tx timeout
[  944.255012][T12365] netlink: 'syz.5.1672': attribute type 1 has an invalid length.
[  945.379903][ T5919] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  945.590029][ T5919] usb 5-1: Using ep0 maxpacket: 32
[  945.606310][ T5919] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 42016, setting to 1024
[  945.636800][ T5919] usb 5-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  945.670433][ T5919] usb 5-1: config 0 interface 0 has no altsetting 0
[  945.691640][ T5919] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00
[  945.723437][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.749378][ T5919] usb 5-1: config 0 descriptor??
[  945.769294][T12383] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  947.883518][T12425] bridge_slave_0: left allmulticast mode
[  947.889317][T12425] bridge_slave_0: left promiscuous mode
[  947.895831][T12425] bridge0: port 1(bridge_slave_0) entered disabled state
[  948.864752][T12425] bridge_slave_1: left allmulticast mode
[  948.871685][T12425] bridge_slave_1: left promiscuous mode
[  948.879435][T12425] bridge0: port 2(bridge_slave_1) entered disabled state
[  948.952621][T12425] bond0: (slave bond_slave_0): Releasing backup interface
[  949.035875][T12425] bond0: (slave bond_slave_1): Releasing backup interface
[  949.182067][T12425] team0: Port device team_slave_0 removed
[  949.305889][T12425] team0: Port device team_slave_1 removed
[  949.331946][T12425] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  949.376241][T12425] batman_adv: batadv0: Removing interface: batadv_slave_0
[  949.426615][T12425] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  949.436355][T12425] batman_adv: batadv0: Removing interface: batadv_slave_1
[  949.725333][ T5919] usbhid 5-1:0.0: can't add hid device: -71
[  949.758818][ T5919] usbhid: probe of 5-1:0.0 failed with error -71
[  949.807670][ T5919] usb 5-1: USB disconnect, device number 5
[  949.899409][T12438] Bluetooth: MGMT ver 1.22
[  949.990886][ T1191] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  951.029969][ T1191] usb 6-1: Using ep0 maxpacket: 8
[  951.910221][ T1191] usb 6-1: device descriptor read/all, error -71
[  952.702385][T12470] loop6: detected capacity change from 0 to 1024
[  952.857633][T12470] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  953.012346][T12470] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  956.340108][T12475] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  958.703906][T12534] overlayfs: failed to resolve './file1': -2
[  959.010783][T12539] netlink: 'syz.5.1699': attribute type 9 has an invalid length.
[  959.018570][T12539] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1699'.
[  962.271413][T11875] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  965.742668][T12608] overlayfs: failed to resolve './file1': -2
[  966.081654][T12602] netlink: 'syz.4.1710': attribute type 9 has an invalid length.
[  966.089497][T12602] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.1710'.
[  966.146291][T12612] loop5: detected capacity change from 0 to 1024
[  966.239140][T12612] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  966.266428][T12612] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  970.854594][T12615] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  971.806425][T11366] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  972.188586][T12659] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input7
[  972.588832][T12668] overlayfs: failed to resolve './file1': -2
[  973.017626][T12667] netlink: 'syz.5.1722': attribute type 9 has an invalid length.
[  973.025466][T12667] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1722'.
[  979.284075][T12710] loop0: detected capacity change from 0 to 1024
[  979.481398][T12710] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  979.504401][T12710] ext4 filesystem being mounted at /449/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  979.842704][T12728] overlayfs: failed to resolve './file1': -2
[  979.960414][T12730] netlink: 'syz.4.1733': attribute type 9 has an invalid length.
[  979.968833][T12730] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.1733'.
[  982.965637][T12719] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  985.287020][T12195] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  985.293315][T10186] Bluetooth: hci3: command 0x1003 tx timeout
[  985.456300][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  986.436614][T12790] overlayfs: failed to resolve './file1': -2
[  986.504259][T12792] netlink: 'syz.6.1744': attribute type 9 has an invalid length.
[  986.537654][T12792] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1744'.
[  991.452980][T12826] loop5: detected capacity change from 0 to 1024
[  992.975089][T12826] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  993.080843][T12826] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  993.092347][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  993.098690][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[  993.920040][T12843] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  994.684911][T12865] overlayfs: failed to resolve './file1': -2
[  994.772715][T12866] netlink: 'syz.4.1758': attribute type 9 has an invalid length.
[  994.782735][T12866] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.1758'.
[  999.588743][T11366] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1000.875824][T12909] overlayfs: failed to resolve './file1': -2
[ 1000.942972][T12912] netlink: 'syz.6.1768': attribute type 9 has an invalid length.
[ 1000.970732][T12912] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1768'.
[ 1002.439947][ T1191] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1003.569902][ T1191] usb 6-1: Using ep0 maxpacket: 16
[ 1004.884489][T12779] Bluetooth: hci1: command 0x0405 tx timeout
[ 1005.345696][ T1191] usb 6-1: device descriptor read/all, error -71
[ 1005.527424][T12955] loop6: detected capacity change from 0 to 1024
[ 1005.944448][T12955] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1006.325755][T12955] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1008.649999][T12964] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1008.918447][T12981] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1779'.
[ 1008.955356][T11875] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1010.730698][T12987] overlayfs: failed to resolve './file1': -2
[ 1010.794622][T12987] netlink: 'syz.6.1780': attribute type 9 has an invalid length.
[ 1010.802475][T12987] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1780'.
[ 1011.932134][T13021] loop5: detected capacity change from 0 to 1024
[ 1012.056034][T13021] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1012.330033][T13021] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1013.746105][T13035] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1790'.
[ 1013.795329][T13035] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1790'.
[ 1014.166363][T13025] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1015.019238][T12992] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1015.540400][T12992] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1015.550894][T12992] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1015.569853][T12992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1015.590969][T12992] usb 5-1: config 0 descriptor??
[ 1015.602520][T12992] pwc: Askey VC010 type 2 USB webcam detected.
[ 1016.328374][T12992] pwc: recv_control_msg error -71 req 02 val 2700
[ 1016.338109][T12992] pwc: recv_control_msg error -71 req 02 val 2c00
[ 1016.347955][T12992] pwc: recv_control_msg error -71 req 04 val 1000
[ 1016.357749][T12992] pwc: recv_control_msg error -71 req 04 val 1300
[ 1016.379293][T12992] pwc: recv_control_msg error -71 req 04 val 1400
[ 1016.424488][T12992] pwc: recv_control_msg error -71 req 02 val 2000
[ 1016.454927][T12992] pwc: recv_control_msg error -71 req 02 val 2100
[ 1016.475060][T12992] pwc: recv_control_msg error -71 req 04 val 1500
[ 1016.482460][T12992] pwc: recv_control_msg error -71 req 02 val 2500
[ 1016.489390][T12992] pwc: recv_control_msg error -71 req 02 val 2400
[ 1016.496577][T12992] pwc: recv_control_msg error -71 req 02 val 2600
[ 1016.503649][T12992] pwc: recv_control_msg error -71 req 02 val 2900
[ 1016.510760][T12992] pwc: recv_control_msg error -71 req 02 val 2800
[ 1016.530036][T12992] pwc: recv_control_msg error -71 req 04 val 1100
[ 1016.577130][T12992] pwc: recv_control_msg error -71 req 04 val 1200
[ 1016.622427][T12992] pwc: Registered as video103.
[ 1016.648947][T12992] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input8
[ 1016.708264][T12992] usb 5-1: USB disconnect, device number 6
[ 1016.986476][T13076] overlayfs: failed to resolve './file1': -2
[ 1017.213950][T13080] netlink: 'syz.0.1797': attribute type 9 has an invalid length.
[ 1017.221930][T13080] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.1797'.
[ 1017.450079][T12340] udevd[12340]: setting owner of /dev/input/event5 to uid=0, gid=104 failed: No such file or directory
[ 1018.692621][T11366] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1018.913648][T13096] Bluetooth: MGMT ver 1.22
[ 1022.586386][T13123] overlayfs: failed to resolve './file1': -2
[ 1022.624405][T13123] netlink: 'syz.4.1808': attribute type 9 has an invalid length.
[ 1022.632226][T13123] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.1808'.
[ 1022.807033][T13133] loop6: detected capacity change from 0 to 1024
[ 1022.921272][T13133] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1022.959364][T13133] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1023.080107][T13139] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1029.397670][T13188] overlayfs: failed to resolve './file1': -2
[ 1029.502630][T13188] netlink: 'syz.5.1821': attribute type 9 has an invalid length.
[ 1029.510585][T13188] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1821'.
[ 1030.203201][T11875] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1031.859932][T12449] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1033.159889][T12449] usb 7-1: Using ep0 maxpacket: 32
[ 1033.178499][T12449] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[ 1033.837539][T12449] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1033.882488][T12449] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1033.943794][T12449] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1034.077676][T12449] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1034.112625][T12449] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1035.105230][T12449] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1035.165628][T12449] usb 7-1: Product: syz
[ 1035.227558][T12449] usb 7-1: Manufacturer: syz
[ 1035.236468][T12449] usb 7-1: SerialNumber: syz
[ 1035.271859][T12449] usb 7-1: config 0 descriptor??
[ 1035.303348][T12449] usb 7-1: can't set config #0, error -71
[ 1035.344607][T12449] usb 7-1: USB disconnect, device number 2
[ 1035.512761][T13254] loop5: detected capacity change from 0 to 1024
[ 1035.752689][T13254] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1036.721272][T13254] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1036.774754][T13261] overlayfs: failed to resolve './file1': -2
[ 1036.818621][T13261] netlink: 'syz.0.1834': attribute type 9 has an invalid length.
[ 1036.828076][T13261] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.1834'.
[ 1038.320705][T13264] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1038.763562][T11366] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1041.691247][T13317] overlayfs: upper fs does not support file handles, falling back to index=off.
[ 1042.735479][T12779] Bluetooth: hci4: unexpected event for opcode 0x0c03
[ 1043.323792][T13333] overlayfs: failed to resolve './file1': -2
[ 1043.519722][T13337] loop0: detected capacity change from 0 to 1024
[ 1043.549009][T13331] netlink: 'syz.6.1847': attribute type 9 has an invalid length.
[ 1043.557398][T13331] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1847'.
[ 1043.963989][T13337] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1043.977408][T13337] ext4 filesystem being mounted at /478/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1047.457453][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1047.840140][T13388] netlink: 5884 bytes leftover after parsing attributes in process `syz.5.1857'.
[ 1047.871322][T13388] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1857'.
[ 1047.908327][T13388] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1857'.
[ 1048.054537][T13405] overlayfs: failed to resolve './file1': -2
[ 1048.505172][T13396] netlink: 'syz.6.1861': attribute type 9 has an invalid length.
[ 1048.513213][T13396] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1861'.
[ 1051.389106][T13440] loop4: detected capacity change from 0 to 1024
[ 1051.658578][T13440] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1051.808747][T13440] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1052.559194][T13458] overlayfs: failed to resolve './file1': -2
[ 1052.755772][T13459] netlink: 'syz.6.1872': attribute type 9 has an invalid length.
[ 1052.812383][T13459] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1872'.
[ 1054.575909][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.583028][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.121838][T13448] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1055.943514][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1055.953382][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1055.962643][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1055.971841][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1055.981067][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1055.990225][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1055.999389][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1056.008543][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1056.017705][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1056.026867][T13496] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 1057.650327][T10521] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1057.687260][T13507] overlayfs: failed to resolve './file1': -2
[ 1057.697043][T13507] netlink: 'syz.5.1884': attribute type 9 has an invalid length.
[ 1057.704834][T13507] netlink: 126588 bytes leftover after parsing attributes in process `syz.5.1884'.
[ 1059.830701][T13528] block nbd4: shutting down sockets
[ 1060.809414][    T8] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[ 1060.883923][T13542] loop5: detected capacity change from 0 to 1024
[ 1060.989608][T13542] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1061.002037][T13542] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1061.014970][    T8] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1061.029010][    T8] usb 7-1: config 0 has no interface number 0
[ 1061.036397][    T8] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1061.047998][    T8] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1061.059528][    T8] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1061.069701][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1061.103253][    T8] usb 7-1: config 0 descriptor??
[ 1061.116302][T13540] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1061.154260][    T8] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1061.464636][    T8] usb 7-1: USB disconnect, device number 3
[ 1061.470732][    C0] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1062.023670][T13554] overlayfs: failed to resolve './file1': -2
[ 1062.047955][T13554] netlink: 'syz.4.1895': attribute type 9 has an invalid length.
[ 1062.055806][T13554] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.1895'.
[ 1064.510491][T13547] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1065.114962][T11366] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1067.177259][T13587] overlayfs: failed to resolve './file1': -2
[ 1067.188789][T13587] netlink: 'syz.6.1905': attribute type 9 has an invalid length.
[ 1067.197020][T13587] netlink: 126588 bytes leftover after parsing attributes in process `syz.6.1905'.
[ 1067.574233][T13595] loop7: detected capacity change from 0 to 7
[ 1067.616539][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1067.626034][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1067.636759][T13596] 
[ 1067.639120][T13596] ================================================
[ 1067.645624][T13596] WARNING: lock held when returning to user space!
[ 1067.652174][T13596] syzkaller #0 Not tainted
[ 1067.656600][T13596] ------------------------------------------------
[ 1067.663106][T13596] syz.5.1908/13596 is leaving the kernel with locks still held!
[ 1067.670747][T13596] 1 lock held by syz.5.1908/13596:
[ 1067.675873][T13596]  #0: ffff8880216b9b60 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_set_block_size+0x7c/0x480
[ 1067.722802][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1067.731991][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1067.757792][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1067.766981][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1068.922973][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1068.932305][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1068.943828][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1068.953018][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1068.961612][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1068.970833][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1068.978826][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1068.978862][T13595] ldm_validate_partition_table(): Disk read failed.
[ 1068.988012][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1069.002982][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1069.012167][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1069.020343][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1069.029533][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1069.041623][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1069.050813][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1069.058876][T13595] Dev loop7: unable to read RDB block 0
[ 1069.065047][T13595]  loop7: unable to read partition table
[ 1069.070991][T13595] loop7: partition table beyond EOD, truncated
[ 1069.077210][T13595] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1069.100557][T12341] ==================================================================
[ 1069.108673][T12341] BUG: KASAN: slab-use-after-free in __mutex_lock+0xc47/0xcc0
[ 1069.116165][T12341] Read of size 4 at addr ffff888025711e34 by task udevd/12341
[ 1069.123633][T12341] 
[ 1069.125982][T12341] CPU: 1 PID: 12341 Comm: udevd Not tainted syzkaller #0
[ 1069.133030][T12341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1069.143106][T12341] Call Trace:
[ 1069.146403][T12341]  <TASK>
[ 1069.149358][T12341]  dump_stack_lvl+0x16c/0x230
[ 1069.154069][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1069.159116][T12341]  ? show_regs_print_info+0x20/0x20
[ 1069.164424][T12341]  ? load_image+0x3b0/0x3b0
[ 1069.168952][T12341]  ? __virt_addr_valid+0x469/0x540
[ 1069.174088][T12341]  print_report+0xac/0x220
[ 1069.178518][T12341]  ? __mutex_lock+0xc47/0xcc0
[ 1069.183244][T12341]  kasan_report+0x117/0x150
[ 1069.187773][T12341]  ? __mutex_lock+0xc47/0xcc0
[ 1069.192478][T12341]  __mutex_lock+0xc47/0xcc0
[ 1069.197001][T12341]  ? stack_trace_save+0xe0/0xe0
[ 1069.201861][T12341]  ? arch_stack_walk+0x160/0x190
[ 1069.206798][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1069.211568][T12341]  ? lo_ioctl+0x62f/0x19f0
[ 1069.216000][T12341]  ? mutex_lock_nested+0x20/0x20
[ 1069.220953][T12341]  ? xfd_validate_state+0x6d/0x150
[ 1069.226082][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1069.231128][T12341]  lo_ioctl+0x62f/0x19f0
[ 1069.235384][T12341]  ? lock_release+0xba/0x8b0
[ 1069.239990][T12341]  ? lo_release+0x200/0x200
[ 1069.244507][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1069.249543][T12341]  ? lock_release+0xba/0x8b0
[ 1069.254140][T12341]  ? lock_chain_count+0x20/0x20
[ 1069.258995][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1069.263775][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1069.268547][T12341]  ? lock_release+0xba/0x8b0
[ 1069.273142][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1069.277927][T12341]  ? lock_release+0xba/0x8b0
[ 1069.282529][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1069.287550][T12341]  ? __read_once_word_nocheck+0x9/0x10
[ 1069.293025][T12341]  ? deref_stack_reg+0x1bd/0x240
[ 1069.297969][T12341]  ? is_bpf_text_address+0x28f/0x2a0
[ 1069.303265][T12341]  ? is_bpf_text_address+0x26/0x2a0
[ 1069.308460][T12341]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1069.314535][T12341]  ? kernel_text_address+0xa0/0xd0
[ 1069.319650][T12341]  ? __kernel_text_address+0xd/0x30
[ 1069.324851][T12341]  ? unwind_get_return_address+0x91/0xc0
[ 1069.330497][T12341]  ? stack_trace_save+0xe0/0xe0
[ 1069.335354][T12341]  ? arch_stack_walk+0x160/0x190
[ 1069.340303][T12341]  ? stack_trace_save+0x9c/0xe0
[ 1069.345159][T12341]  ? stack_trace_snprint+0xf0/0xf0
[ 1069.350282][T12341]  ? __stack_depot_save+0x1f/0x630
[ 1069.355396][T12341]  ? do_syscall_64+0x55/0xb0
[ 1069.360008][T12341]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1069.366094][T12341]  ? kasan_set_track+0x5f/0x70
[ 1069.370864][T12341]  ? kasan_set_track+0x4e/0x70
[ 1069.375644][T12341]  ? kasan_save_free_info+0x2e/0x50
[ 1069.380844][T12341]  ? ____kasan_slab_free+0x126/0x1e0
[ 1069.386143][T12341]  ? slab_free_freelist_hook+0x130/0x1b0
[ 1069.391797][T12341]  ? __kmem_cache_free+0xba/0x1f0
[ 1069.396818][T12341]  ? tomoyo_path_number_perm+0x477/0x590
[ 1069.402454][T12341]  ? security_file_ioctl+0x70/0xa0
[ 1069.407571][T12341]  ? __se_sys_ioctl+0x48/0x170
[ 1069.412336][T12341]  ? do_syscall_64+0x55/0xb0
[ 1069.416942][T12341]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1069.423034][T12341]  ? do_vfs_ioctl+0xd31/0x1bb0
[ 1069.427799][T12341]  ? __ia32_compat_sys_ioctl+0x7f0/0x7f0
[ 1069.433436][T12341]  ? lock_release+0xba/0x8b0
[ 1069.438026][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1069.442798][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1069.447825][T12341]  ? slab_free_freelist_hook+0x130/0x1b0
[ 1069.453472][T12341]  ? tomoyo_path_number_perm+0x477/0x590
[ 1069.459117][T12341]  ? __kmem_cache_free+0xba/0x1f0
[ 1069.464148][T12341]  ? blkdev_common_ioctl+0x105b/0x23d0
[ 1069.469608][T12341]  ? tomoyo_path_number_perm+0x4dc/0x590
[ 1069.475244][T12341]  ? blkdev_bszset+0x1f0/0x1f0
[ 1069.480025][T12341]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1069.485486][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1069.490261][T12341]  ? read_lock_is_recursive+0x20/0x20
[ 1069.495640][T12341]  ? __might_sleep+0xe0/0xe0
[ 1069.500246][T12341]  ? lo_release+0x200/0x200
[ 1069.504758][T12341]  blkdev_ioctl+0x58b/0x6f0
[ 1069.509272][T12341]  ? blkdev_compat_ptr_ioctl+0xd0/0xd0
[ 1069.514741][T12341]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1069.519681][T12341]  ? security_file_ioctl+0x80/0xa0
[ 1069.524812][T12341]  ? blkdev_compat_ptr_ioctl+0xd0/0xd0
[ 1069.530293][T12341]  __se_sys_ioctl+0xfd/0x170
[ 1069.534908][T12341]  do_syscall_64+0x55/0xb0
[ 1069.539326][T12341]  ? clear_bhb_loop+0x40/0x90
[ 1069.544006][T12341]  ? clear_bhb_loop+0x40/0x90
[ 1069.548687][T12341]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1069.554591][T12341] RIP: 0033:0x7fca9691d378
[ 1069.559023][T12341] Code: 00 00 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 07 89 d0 c3 0f 1f 40 00 48 8b 15 49 3a 0d
[ 1069.578642][T12341] RSP: 002b:00007ffcb2d71ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1069.587080][T12341] RAX: ffffffffffffffda RBX: 000055c866658050 RCX: 00007fca9691d378
[ 1069.595052][T12341] RDX: 00007ffcb2d71be0 RSI: 0000000080280215 RDI: 0000000000000009
[ 1069.603020][T12341] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 1069.611005][T12341] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 1069.618989][T12341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000009
[ 1069.626974][T12341]  </TASK>
[ 1069.630001][T12341] 
[ 1069.632336][T12341] Allocated by task 13594:
[ 1069.636745][T12341]  kasan_set_track+0x4e/0x70
[ 1069.641340][T12341]  __kasan_slab_alloc+0x6c/0x80
[ 1069.646196][T12341]  slab_post_alloc_hook+0x6e/0x4d0
[ 1069.651318][T12341]  kmem_cache_alloc_node+0x150/0x330
[ 1069.656618][T12341]  dup_task_struct+0x57/0x7c0
[ 1069.661302][T12341]  copy_process+0x549/0x3d70
[ 1069.665904][T12341]  kernel_clone+0x21b/0x840
[ 1069.670439][T12341]  __se_sys_clone3+0x252/0x2c0
[ 1069.675225][T12341]  do_syscall_64+0x55/0xb0
[ 1069.679640][T12341]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1069.685547][T12341] 
[ 1069.687867][T12341] Freed by task 22:
[ 1069.691687][T12341]  kasan_set_track+0x4e/0x70
[ 1069.696275][T12341]  kasan_save_free_info+0x2e/0x50
[ 1069.701305][T12341]  ____kasan_slab_free+0x126/0x1e0
[ 1069.706416][T12341]  slab_free_freelist_hook+0x130/0x1b0
[ 1069.711901][T12341]  kmem_cache_free+0xf8/0x280
[ 1069.716591][T12341]  delayed_put_task_struct+0x10f/0x2b0
[ 1069.722055][T12341]  rcu_core+0xcc4/0x1720
[ 1069.726290][T12341]  handle_softirqs+0x280/0x820
[ 1069.731055][T12341]  run_ksoftirqd+0x9c/0xf0
[ 1069.735489][T12341]  smpboot_thread_fn+0x635/0xa00
[ 1069.740432][T12341]  kthread+0x2fa/0x390
[ 1069.744498][T12341]  ret_from_fork+0x48/0x80
[ 1069.748921][T12341]  ret_from_fork_asm+0x11/0x20
[ 1069.753694][T12341] 
[ 1069.756017][T12341] Last potentially related work creation:
[ 1069.761732][T12341]  kasan_save_stack+0x3e/0x60
[ 1069.766426][T12341]  __kasan_record_aux_stack+0xaf/0xc0
[ 1069.771811][T12341]  call_rcu+0x158/0x930
[ 1069.775971][T12341]  __schedule+0x14da/0x44d0
[ 1069.780477][T12341]  preempt_schedule_irq+0xb5/0x140
[ 1069.785614][T12341]  irqentry_exit+0x67/0x70
[ 1069.790039][T12341]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1069.795502][T12341] 
[ 1069.797822][T12341] Second to last potentially related work creation:
[ 1069.804407][T12341]  kasan_save_stack+0x3e/0x60
[ 1069.809101][T12341]  __kasan_record_aux_stack+0xaf/0xc0
[ 1069.814486][T12341]  task_work_add+0xe4/0x440
[ 1069.818993][T12341]  scheduler_tick+0x2c9/0x6a0
[ 1069.823669][T12341]  update_process_times+0x17b/0x1b0
[ 1069.828874][T12341]  tick_sched_timer+0x3a2/0x580
[ 1069.833732][T12341]  __hrtimer_run_queues+0x4df/0xc40
[ 1069.838947][T12341]  hrtimer_interrupt+0x3c9/0x9c0
[ 1069.843891][T12341]  __sysvec_apic_timer_interrupt+0xfb/0x3b0
[ 1069.849801][T12341]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1069.855457][T12341]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1069.861442][T12341] 
[ 1069.863773][T12341] The buggy address belongs to the object at ffff888025711e00
[ 1069.863773][T12341]  which belongs to the cache task_struct of size 7424
[ 1069.877914][T12341] The buggy address is located 52 bytes inside of
[ 1069.877914][T12341]  freed 7424-byte region [ffff888025711e00, ffff888025713b00)
[ 1069.891718][T12341] 
[ 1069.894039][T12341] The buggy address belongs to the physical page:
[ 1069.900453][T12341] page:ffffea000095c400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25710
[ 1069.910600][T12341] head:ffffea000095c400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1069.919531][T12341] memcg:ffff88802b37b1c1
[ 1069.923766][T12341] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1069.931764][T12341] page_type: 0xffffffff()
[ 1069.936088][T12341] raw: 00fff00000000840 ffff888019a4c500 dead000000000100 dead000000000122
[ 1069.944677][T12341] raw: 0000000000000000 0000000080040004 00000001ffffffff ffff88802b37b1c1
[ 1069.953253][T12341] page dumped because: kasan: bad access detected
[ 1069.959665][T12341] page_owner tracks the page as allocated
[ 1069.965376][T12341] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 10497325827, free_ts 0
[ 1069.984998][T12341]  post_alloc_hook+0x1cd/0x210
[ 1069.989772][T12341]  get_page_from_freelist+0x195c/0x19f0
[ 1069.995338][T12341]  __alloc_pages+0x1e3/0x460
[ 1069.999934][T12341]  alloc_slab_page+0x5d/0x170
[ 1070.004618][T12341]  new_slab+0x87/0x2e0
[ 1070.008691][T12341]  ___slab_alloc+0xc6d/0x12f0
[ 1070.013375][T12341]  kmem_cache_alloc_node+0x1ea/0x330
[ 1070.018663][T12341]  dup_task_struct+0x57/0x7c0
[ 1070.023334][T12341]  copy_process+0x549/0x3d70
[ 1070.027915][T12341]  kernel_clone+0x21b/0x840
[ 1070.032415][T12341]  kernel_thread+0x10d/0x160
[ 1070.037000][T12341]  kthreadd+0x560/0x730
[ 1070.041161][T12341]  ret_from_fork+0x48/0x80
[ 1070.045581][T12341]  ret_from_fork_asm+0x11/0x20
[ 1070.050351][T12341] page_owner free stack trace missing
[ 1070.055716][T12341] 
[ 1070.058046][T12341] Memory state around the buggy address:
[ 1070.063677][T12341]  ffff888025711d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1070.071748][T12341]  ffff888025711d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1070.079810][T12341] >ffff888025711e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1070.087867][T12341]                                      ^
[ 1070.093489][T12341]  ffff888025711e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1070.101546][T12341]  ffff888025711f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1070.109600][T12341] ==================================================================
[ 1070.118984][T12341] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1070.126206][T12341] CPU: 1 PID: 12341 Comm: udevd Not tainted syzkaller #0
[ 1070.133244][T12341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1070.143305][T12341] Call Trace:
[ 1070.146581][T12341]  <TASK>
[ 1070.149512][T12341]  dump_stack_lvl+0x16c/0x230
[ 1070.154197][T12341]  ? show_regs_print_info+0x20/0x20
[ 1070.159400][T12341]  ? load_image+0x3b0/0x3b0
[ 1070.163912][T12341]  panic+0x2c0/0x710
[ 1070.167816][T12341]  ? bpf_jit_dump+0xd0/0xd0
[ 1070.172327][T12341]  ? _raw_spin_unlock_irqrestore+0xa9/0x110
[ 1070.178230][T12341]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 1070.184130][T12341]  ? _raw_spin_unlock+0x40/0x40
[ 1070.188992][T12341]  ? print_memory_metadata+0x314/0x400
[ 1070.194458][T12341]  ? __mutex_lock+0xc47/0xcc0
[ 1070.199143][T12341]  check_panic_on_warn+0x84/0xa0
[ 1070.204079][T12341]  ? __mutex_lock+0xc47/0xcc0
[ 1070.208754][T12341]  end_report+0x6f/0x140
[ 1070.212995][T12341]  kasan_report+0x128/0x150
[ 1070.217497][T12341]  ? __mutex_lock+0xc47/0xcc0
[ 1070.222176][T12341]  __mutex_lock+0xc47/0xcc0
[ 1070.226681][T12341]  ? stack_trace_save+0xe0/0xe0
[ 1070.231543][T12341]  ? arch_stack_walk+0x160/0x190
[ 1070.236485][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1070.241251][T12341]  ? lo_ioctl+0x62f/0x19f0
[ 1070.245675][T12341]  ? mutex_lock_nested+0x20/0x20
[ 1070.250623][T12341]  ? xfd_validate_state+0x6d/0x150
[ 1070.255751][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1070.260782][T12341]  lo_ioctl+0x62f/0x19f0
[ 1070.265036][T12341]  ? lock_release+0xba/0x8b0
[ 1070.269639][T12341]  ? lo_release+0x200/0x200
[ 1070.274169][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1070.279199][T12341]  ? lock_release+0xba/0x8b0
[ 1070.283794][T12341]  ? lock_chain_count+0x20/0x20
[ 1070.288647][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1070.293415][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1070.298197][T12341]  ? lock_release+0xba/0x8b0
[ 1070.302786][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1070.307551][T12341]  ? lock_release+0xba/0x8b0
[ 1070.312177][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1070.317234][T12341]  ? __read_once_word_nocheck+0x9/0x10
[ 1070.322701][T12341]  ? deref_stack_reg+0x1bd/0x240
[ 1070.327657][T12341]  ? is_bpf_text_address+0x28f/0x2a0
[ 1070.332942][T12341]  ? is_bpf_text_address+0x26/0x2a0
[ 1070.338142][T12341]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1070.344217][T12341]  ? kernel_text_address+0xa0/0xd0
[ 1070.349329][T12341]  ? __kernel_text_address+0xd/0x30
[ 1070.354527][T12341]  ? unwind_get_return_address+0x91/0xc0
[ 1070.360171][T12341]  ? stack_trace_save+0xe0/0xe0
[ 1070.365030][T12341]  ? arch_stack_walk+0x160/0x190
[ 1070.369973][T12341]  ? stack_trace_save+0x9c/0xe0
[ 1070.374829][T12341]  ? stack_trace_snprint+0xf0/0xf0
[ 1070.379940][T12341]  ? __stack_depot_save+0x1f/0x630
[ 1070.385047][T12341]  ? do_syscall_64+0x55/0xb0
[ 1070.389630][T12341]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1070.395728][T12341]  ? kasan_set_track+0x5f/0x70
[ 1070.400488][T12341]  ? kasan_set_track+0x4e/0x70
[ 1070.405269][T12341]  ? kasan_save_free_info+0x2e/0x50
[ 1070.410469][T12341]  ? ____kasan_slab_free+0x126/0x1e0
[ 1070.415846][T12341]  ? slab_free_freelist_hook+0x130/0x1b0
[ 1070.421490][T12341]  ? __kmem_cache_free+0xba/0x1f0
[ 1070.426519][T12341]  ? tomoyo_path_number_perm+0x477/0x590
[ 1070.432154][T12341]  ? security_file_ioctl+0x70/0xa0
[ 1070.437270][T12341]  ? __se_sys_ioctl+0x48/0x170
[ 1070.442071][T12341]  ? do_syscall_64+0x55/0xb0
[ 1070.446656][T12341]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1070.452743][T12341]  ? do_vfs_ioctl+0xd31/0x1bb0
[ 1070.457505][T12341]  ? __ia32_compat_sys_ioctl+0x7f0/0x7f0
[ 1070.463151][T12341]  ? lock_release+0xba/0x8b0
[ 1070.467743][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1070.472530][T12341]  ? __lock_acquire+0x7c80/0x7c80
[ 1070.477549][T12341]  ? slab_free_freelist_hook+0x130/0x1b0
[ 1070.483184][T12341]  ? tomoyo_path_number_perm+0x477/0x590
[ 1070.488820][T12341]  ? __kmem_cache_free+0xba/0x1f0
[ 1070.493850][T12341]  ? blkdev_common_ioctl+0x105b/0x23d0
[ 1070.499311][T12341]  ? tomoyo_path_number_perm+0x4dc/0x590
[ 1070.505051][T12341]  ? blkdev_bszset+0x1f0/0x1f0
[ 1070.509823][T12341]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1070.515288][T12341]  ? rcu_is_watching+0x15/0xb0
[ 1070.520097][T12341]  ? read_lock_is_recursive+0x20/0x20
[ 1070.525472][T12341]  ? __might_sleep+0xe0/0xe0
[ 1070.530071][T12341]  ? lo_release+0x200/0x200
[ 1070.534588][T12341]  blkdev_ioctl+0x58b/0x6f0
[ 1070.539098][T12341]  ? blkdev_compat_ptr_ioctl+0xd0/0xd0
[ 1070.544558][T12341]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1070.549490][T12341]  ? security_file_ioctl+0x80/0xa0
[ 1070.554607][T12341]  ? blkdev_compat_ptr_ioctl+0xd0/0xd0
[ 1070.560068][T12341]  __se_sys_ioctl+0xfd/0x170
[ 1070.564670][T12341]  do_syscall_64+0x55/0xb0
[ 1070.569093][T12341]  ? clear_bhb_loop+0x40/0x90
[ 1070.573785][T12341]  ? clear_bhb_loop+0x40/0x90
[ 1070.578478][T12341]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1070.584387][T12341] RIP: 0033:0x7fca9691d378
[ 1070.588811][T12341] Code: 00 00 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 07 89 d0 c3 0f 1f 40 00 48 8b 15 49 3a 0d
[ 1070.608438][T12341] RSP: 002b:00007ffcb2d71ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1070.616861][T12341] RAX: ffffffffffffffda RBX: 000055c866658050 RCX: 00007fca9691d378
[ 1070.624837][T12341] RDX: 00007ffcb2d71be0 RSI: 0000000080280215 RDI: 0000000000000009
[ 1070.632808][T12341] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[ 1070.640785][T12341] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 1070.648760][T12341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000009
[ 1070.656747][T12341]  </TASK>
[ 1070.660181][T12341] Kernel Offset: disabled
[ 1070.664514][T12341] Rebooting in 86400 seconds..