last executing test programs:

8m24.037098488s ago: executing program 32 (id=483):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, 0x0, 0x4010)

7m47.087019008s ago: executing program 2 (id=571):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
socket$inet6(0xa, 0x2, 0x5)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0xfffffff5}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x5c, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'rose0\x00'}]}]}]}], {0x14, 0x10}}, 0xd8}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

7m44.871920371s ago: executing program 2 (id=574):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYRES16=r2, @ANYRES8=r2], 0x1043)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1142, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0x2, 0x4ce, 0x5, 0x9dff, 0xf, "000300eb00cbe600"})
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x17)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0xa)

7m39.383809408s ago: executing program 2 (id=582):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5}]}}}]}]}], {0x14}}, 0x6c}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7m38.23672066s ago: executing program 2 (id=588):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x92)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

7m37.650149841s ago: executing program 2 (id=592):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000580), 0x1, 0xba6, &(0x7f0000000c00)="$eJzs3M1rXFUUAPDzXj7bRicVEeumEZEWxGlaSbFFsJWKGxeCboWGdFJCph8kkZo0i4n+A6KuBTeCWpQu7LobBbdutG4tLoQisVEQ0cibjyQ2M0naTvJq8vvBzbt3zpvcc/KYeffCTALYsQayH2nEvog4nUQU6o+nEdFd7fVGVGrnLczPjvwxPzuSxOLi678mkUTE7fnZkcbvSurHPfVBb0R891ISj7y7et7J6Znx4XK5NFEfH5o6d/HQ5PTMs2Pnhs+WzpbOHz76/NCRoaODx4baVuufP5249vuTr/xc+euzv6/89sEnSZyIvnpsZR3tMhADS3+TlTojYrjdk+Wko17PyjqTznWelG5yUgAAtJSuWMM9FoXoiOXFWyG+/j7X5AAAAIC2WOyIWAQAAAC2ucT+HwAAALa5xucAbs/PjjRavp9I2Fq3TkZEf63+hXqrRTqjUj32RldE7L6dxMqvtSa1p923gYi4+eOxL7MWm/Q95LVU5iLi8WbXP6nW31/9Fvfq+tOIGGzD/AN3jP9P9Z9ow/x51w/AznT9ZO1Gtvr+ly6tf6LJ/a+zyb3rXuR9/2us/xZWrf+W6+9osf57bYNzXP70o0utYln9L1x7+YtGy+bPjvdV1F24NRfxRGez+pOl+pMW9Z/e4ByFfy6VWsXyrn/x44gD0bz+hmTt/090aHSsXBqs/Ww6x9y3Q5+3mj/v+rPrv7tF/etd/4sbnOPNU6eutoqtX3/6S3fyRrXXXX/k7eGpqYnDEd3Jq6sfP7J2Lo1zGr8jq//gU2u//pvVn70nVOp/h2wvMFc/ZuN37pjzxSuXv1qr/mzvl+f1P3OP1/+9Dc7x9DfvH2wVW7n/zVo2/82kthcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIY0IvoiSYtL/TQtFiP2RMSjsTstX5icemb0wlvnz2SxiP7oSkfHyqXBiCjUxkk2PlztL4+P3DF+LiL2RsSHhV3VcXHkQvlM3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwZE9E9EWSFiMijYiFQpoWi3lnBQAAALRdf94JAAAAAJvO/h8AAAC2P/t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANtne/ddvJBFROb6r2jLd9VhXrpkBmy3NOwEgNx15JwDkpjPvBIDc3OUe33IBtqFknXhvy0hP23MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MF1YN/1G0lEVI7vqrZMdz3W1fQZ+7cwO2AzpXknAOSmY61g59blAWw9L3HYuZrv8YGdJFkn3rt8TuW/kZ5NywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAB09ftSVpMSLSaj9Ni8WIhyKiP7qS0bFyaTAiHo6IHwpdPdm4J++kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLvJ6Znx4XK5NKGjo5NvJ3kw0qh18n5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD5PTM+PD5XJpYjLvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC8TU7PjA+Xy6WJDXSu3s3JKzp51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DQAA//+LYA3r")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@metacopy_on}]})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x8820, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0)
stat(&(0x7f0000000300)='./file7\x00', &(0x7f0000000340))

7m36.321043778s ago: executing program 2 (id=599):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x48b, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")

7m21.007787806s ago: executing program 33 (id=599):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x48b, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")

6m55.558955482s ago: executing program 0 (id=720):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000200)=ANY=[@ANYBLOB='c '], 0xa)

6m55.12181703s ago: executing program 0 (id=725):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x336)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
close(0x3)

6m54.673683859s ago: executing program 0 (id=728):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
rt_sigqueueinfo(0x0, 0x9, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x23)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x10000002, 0x0, 0x0, 0x41100, 0x54, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x13141, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x10, 0xb7}, 0x94)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r7)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6)

6m53.393363454s ago: executing program 0 (id=731):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x18, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)

6m52.312767045s ago: executing program 0 (id=737):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000740)={[{@test_dummy_encryption}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@noauto_da_alloc}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2df1, 0x4000, 0x4, 0x0, 0x54)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)

6m50.252136505s ago: executing program 0 (id=744):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$loop(0x0, 0x81, 0x101000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(r5, 0x0, 0x8000018)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000001840)=ANY=[@ANYBLOB="696f636861727365743d42000000000000006d65636173653d312c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c666d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6769643d2a575415629829e5c89da02870a932a755a7", @ANYRESHEX=0x0, @ANYBLOB=',umask=00000000000000000000003,errors=continue,gid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00002000000000020000000,\x00'], 0x1, 0x152c, &(0x7f0000000300)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP1ptcFkmSS5JckiRJktwSkiY5kpAYcksakpBchuQyhFwnJo37/X5JSJImSUJyS9b/M+HvdOr86vxOJ7/Pmef7+ezPrOfd+1l77fd533evvd+Z+abT4OoNa1SpT0Twb8ELPxIBIBYA+gPANQAQAECZuDJxmeuzS0z893bC/lwPp1zpEbArieuftXH9szauf9bG9c/auP5ZG9c/a+P6Z21cf8aysk1T81/LS9Zd+P5/Vsbn//8iGSVGf7GmxPWdAWL+aArX/7/T7CZ/bDuu/3+t4I9sxPXP2rj+WVXslR4A+z+A3/9ZQbZ/uobrn7Vx/RnLyq70/ecrvUAkaz8HV/r1xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsazjtL1MAcKl9pcfFGGOMMcYYY4yxP4/PdqVHwBhjjDHGGGOMsf88BAESFAQQA9kgFrJDDhAAcDXkgmsgAtdCHFwHueF6yAN5IR/kh3goAAVBgwELBCEUghsgCjdCYbgJikBRKAbFwUEJKAk3Qym4BUrDrVAGboOycDuUg/JQASrCHVAJ7oTKcBdUgbuhKlSD6lAD7oGacC/UgvugNtwPdeABqAsPQj14COrDw9AAHoGG8Cg0gsegMTSBptAMmv+v8l+EbvASdIcekAg9oRe8DL2hD/SFftAfXoEB8CoMhNcgCQbBYHgdhsAbMBTehGEwHEbAWzAS3oZRMBrGwFhIhnEwHt6BCfAuTIRJMBmmQApMhWnwHkyHGTAT3odZMBvmwFyYB/MhFT6ABbAQ0uBDWAQfQToshiWwFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLbAVtsF22AEfw074BHbBbtgDn8Je+OxfzD/1D/mdERBQoECFCmMwBmMxFnNgDsyJOTEX5sIIRjAO4zA35sY8mAfzYT6Mx3gsiAXRoEFCwkJYCKMYxcJYGItgESyGxdChw5JYEkvhLVgaS2MZLINlsSyWw/JYHitiRayElbAyVsYqWAWrYlWsjtXxHrwHe2ItrIW1sTbWwTqXbk9hfayPDbABNsSG2AgbYWNsjE2xKTbH5tgCW2BLbImtsTW2wTbYFttiAiZgO2yH7bE9dsAO2BE7YifshJ2xC3bJeDEb4Ev4EvbAqqIn9sJe2BuTsvXFftgPX8EB+Cq+iq9hEg7Cwfg6vo5v4FA8icNwOI7AEVhJvI2jcDSSGIvJmIzjcTxOwAk4ESfhJJyCKTgVp+E0nI4zcAa+j7NwNs7GuTgX52MqpuICXIhpmIaL8BSm42JcgktxGS7HZbgSV+FKXINrcQ2ux/W4ETfiZtyMW3Erbsft+DEqAPwEd+NuTMK9uBf34T7cj/vxAB7ADMzAg3gQD+EhPIyH8QgewaN4DI/jMTyBJ/AknsLTeBrP4lk8h8/Hf9Xg46Krk0BkUkKJGBEjYkWsyCFyiJwip8glcomIiIg4ESdyi9wij8gj8ol8Il7Ei4KioDDCCBJhDACIqIiKwqKwKCKKiGKimHDCiZKipCglSonSorQoI24TZcXtopwoL1q5iqKiqCRau8riLlFFVBFVRTVRXdQQNURNUVPUErVEbVFb1BF1RF3xoKgnemJffFhkVqahGISNxGBsLJoIefETrIUYii1FK9FaPCmG4zBsK1q4BPGMaCdGYXvxNzEanxMdxVjsJF4QnUUX0VW8KLqJlq676CEmYk/RS0zB3qKP6Cv6ielYTbyPs7JXF6+JJDFIDBavi/n4hhgq3hTDxHAxQrwlRoq3xSgxWowRY0WyGCfGi3fEBPGumCgmicliikgRU8U08Z6YLmaImeJ9MUvMFnPEXDFPzBep4gOxQCwUaeJDsUh8JNLFYrFELBXLxHKxQqwUq8RqsUasFevEerFBbBSbxGaxRWwV28R2sUN8LHaKT8QusVvsEZ+KveIzsU98LvaLL8QB8aXIEF+Jg+JrcUh8Iw6Lb8UR8Z04Ko6J4+J7cUL8IE6KU+K0OCPOih/FOfGTOC+8AIlSSCmVDGSMzCZjZXaZQ14lc8rg4rN7rYyT18nc8nqZR+aV+WR+GS8LyIJSSyOtJBnKQvIGGZU3ysLyJllEFpXFZHHpZAlZUt4sS8lbZGl5qywjb5Nl5e2ynCwvK8iK8g5ZSd4pIXJhH1VlNVld1pD3yES4V9aS98na8n5ZRz4g68oHZT35kKwvH5YN5COyoXxUNpKPycayiWwqm8nm8nHZQj4hW8pWsrV8UraRT8m28mmZIJ+R7aS/+BJ5TnaUz8tO8gXZWXaRXeVP8rz0srvsIaEnyF7yZdlb9pF9ZT/ZX74iB8hX5UD5mkySg+Rg+bocIt+QQ+WbcpgcLkfIt+RI+bYcJUfLMXKsTJbj5Hj5jpwg35UT5SQ5WU6RKXKq7Huxp5lS/m7+O7+RP/DnvW+Um+RmuUVuldvkdrlDfix3yp1yl9wl98g9cq/cK/fJfXK/3C8PyAMyQ2bIg/KgPCQPycPysDwij8ij8pg8I7+XJ+QP8qQ8JU/JM/KsPCvPXXwOQKESSiqlAhWjsqlYlV3lUFepnOpqlUtdoyLqWhWnrlO51fUqj8qr8qn8Kl4VUAWVVkZZRSpUhdQNKqpuxIsvGFVMFVdOlVAl1c3/Sr4qrG5SRVTRX+RfGl/iPxlfc9VctVAtVEvVUrVWrVUb1Ua1VW1VgkpQ7VQ71V61Vx1UB9VRdVSdVCfVWXVWXVVX1U11U91Vd5WoElUv9bLqrfqovqqf6q9eUQPUADVQDVRJKkkNVoPVEDVEDVVD1TA1TI1QI9RINVKNUqPUGDVGJatkNV6NVxPUBDVRTVST1WSVolLUNDVNTVfT1Uw1U81Ss9QcNUfNU/NUqkpVC9QClabS1CK1SKWrxWqxWqqWquVquVqpVqrVarVaq9aq9Wq9Sleb1Ca1RW1R29Q2tUPtUDvVTrVL7VJ71B61V+1V+9Q+tV/tVwfUAZWhMtRBdVAdUofUYXVYHVFH1FF1VB1Xx9UJdUKdVCfVaXVanVVn1Tl1Tp1X5zOnfYEIRKACFcQEMUFsEBvkCHIEOYOcQa4gVxAJIkFcEBfkDq4P8gR5g3xB/iA+KBAUDHRgAhuIi0WPBjcGhYObgiJB0aBYUDxwQYmgZHBzUCq4JSgd3BqUCW4Lyga3B+WC8kGFoGJwR1ApuDOoHNwVVAnuDqoG1YLqQY3gnqBmcG9QK7gvqB3cH9QJHgjqBg8G9YKHgvrBw0GD4JGgYfBo0Ch4LGgcNAmaBs2C5n9q/96fzPuE66576ETdU/fSL+veuo/uq/vp/voVPUC/qgfq13SSHqQH69f1EP2GHqrf1MP0cD1Cv6VH6rf1KD1aj9FjdbIep8frd/QE/a6eqCfpyXqKTtFT9TT9np6uZ+iZ+n09S8/Wc/RcPU/P16n6A71AL9Rp+kO9SH+k0/VivUQv1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q3+sd+pP9C69W+/Rn+q9+jO9T3+u98d+oQ/oL3WG/kof1F/rQ/obfVh/q4/o7/RRfUwf19/rE/oHfVKf0qf1GX1W/6jP6Z/0ee0zJ/eZp3ejjDIxJsbEmliTw+QwOU1Ok8vkMhETMXEmzuQ2uU0ek8fkM/lMvIk3BU1Bk4kMmUKmkImaqClsCpsipogpZooZZ5wpaUqaUqaUKW1KmzKmjClryppyppypYCqYO8wd5k5zp7nL3GXuNnebaqaaqWFqmJqmpqllapnaprapY+qYuqauqWfqmfqmvmlgGpiGpqFpZBqZxqaxaWqamuamuWlhWpiWpqVpbVqbNqaNaWvamgSTYNqZdqa9aW86mA6mo+loOplOprPpbLqarqab6Wa6m+4m0SSaXqaX6W16m76mr+lv+psBZoAZaAaaJJNkBpvBZogZYoaaoWaYGW5GZE5UzdtmlBltxpixJtkkm/FmvJlgJpiJZqKZbCabFJNipplpZrqZbmaamWaWmWXmmDlmnplnUk2qWWAWmDSTZhaZRSbdpJslZolZZpaZFWaFWWVWmTVmjVkH68wGs8FsMpvMFrPFbDPbzA6zw+w0O80us8vsMXvMXrPX7DP7zH6z3xwwB0yGyTAHzUFzyBwyh81hc8QcMUfNUXPcHDcnzAlz0pw0p81pc9bkvXi+9CbWZrc57FU2p73a5rLX2H+M89n8Nt4WsAWttnls3l/ExlpbxBa1xWxx62wJW9Le/Ku4nC1vK9iK9g5byd5pK/8qrmnvtbXsfba2vd/WsPf8Iq5jH7B17aO2HiKAbWIb2Ga2oX3UNrKP2ca2iW1qm9k29inb1j5tE+wztp199lfxArvQrrKr7Rq71u6yu+1pe8Yest/Ys/ZH2932sP3tK3aAfdUOtK/ZJDvoV/EI+5Ydad+2o+xoO8aO/VU82U6xKXaqnWbfs9PtjF/FqfYDO8um2Tl2rp1n5/8cZ44pzX5oF9mPbLoNYIldapfZ5XaFXfn/x7rUrrcb7Ea7035it9itdpvdbndcmgjb3XaP/dTutZ/Zg/Zru99+YQ/YwzbDfvVznHl8h+239oj9zh61x+xx+709YX9Ql7Izj/17+5M9b70FQgKSpCigGMpGsZSdctBVlJOuplx0DUXoWoqj6yg3XU95KC/lo/wUTwWoIGkyZIkopEJ0A0XpRro0vGJUnByVoJJ0M5WiW6g03Upl6DYqS7dTOSpPFagi3UGV6E6qTHdRFbqbqlI1qk416B6qSfdSLbqPatP9VIceoLr0INWjh6g+PUwN6BFqSI9SI3qMGlMTakrNqDk9Ti3oCWpJrag1PUlt6ClqS09TAj1D7ehZak9/ow70HHWk56kTvUCdqQt1pRepG71E3akHJVJP6kUvU2/qQ32pH/WnV2gAvUoD6TVKokE0mF6nIfQGDaU3aRgNpxH0Fo2kt2kUjaYxNJaSaRyNp3doAr1LE2kSTaYplEJTaRq9R9NpBs2k92kWzaY5NJfm0XxKpQ9oAS2kNPqQFtFHlE6LaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtDHtJM+oV20m/bQp7SXPqN99Dntpy/oAH1JGfQVHaSv6RB9Q4fpW9+DvqOjdIyO0/d0gn6gk3SKTtMZOks/0jn6ic6TJwgxFKEMVRiEMWG2MDbMHuYIrwpzhleHucJrwkh4bRgXXhfmDq8P84R5w3xh/jA+LBAWDHVoQhtSGIaFwhvCaHhjWDi8KSwSFg2LhcVDF5YIS4Y3h6XCW8LS4a1hmfC2sGx4e1guLB8+en/F8I6wUnhnWDm8K6wS3h1WDauF1cMa4T1hzfDesFZ4X1g7vD8sHT4Q1g0fDOuFD4X1w4fDBuEjYcPw0bBR+FjYOGwSNg2bhc3Dx8MW4RNhy7BV2Dp8MmwTPhW2DZ8OE8Jnwnbhsz+vf2DhP1+fGPYMe4Uvhy+H3t8n50XnR1OjH0QXRBdG06IfRhdFP4qmRxdHl0SXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3Rr2vkQ0cOuGkUy5wMS6bi3XZXQ53lcvprna53DUu4q51ce46l9td7/K4vC6fy+/iXQFX0GlnnHXkQlfI3eCi7kZX2N3kiriirpgr7pwr4Uq6Zq65a+5auCdcS9fKtXbXXnyfPe2eds+4du5Z1979zXVwz7mO7nn3vHvBdXZdXFf3ouvmxuW6sG2i6+V6ud6ut+vr+rr+rr8b4Aa4gW6gS3JJbrAb7Ia4IW6oG+qGuWFuhBvhRrqRbpQb5ca4MS7ZJbvxbryb4Ca4iW6im+wmuxSX4qa5aW66m+4qzbiwlzlujpvn5rlUl+oWuMw5Y5pb5Ba5dJfulrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvlrLnTq9rp9bp/b7/a7A+5Ll+G+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZccGRcZH3knMiHybmRiZFJkcmRKJCUyNTIt8l5kemRGZGbk/cisyOzInMjcyLzI/Ehq5IPIgsjCSFrkw8iiyEeR9MjiyJLI0siyyPKI9wW2hNkzT55Rf6Mv7G/yRXxRX8wX986X8CX9zb6Uv8WX9rf6Mv42X9bf7sv58r6Cf8w39k18U9/MN/eP+xb+Cd/St/Kt/ZO+jX/Kt/VP+wT/jG/nn/Xt/d98B/+c7+if9538C76z7+K7+hd9N/+S7+57+ETf0/fyL/vevo/v6/v5/v4VP8C/6gf613ySH+QH+9f9EP+GH+rf9MP8cD8i5i0/8tIlMoz1yX6cH+/f8RP8u36in+Qn+yk+xU/10/x7frqf4Wf69/0sP9vP8XP9PD/fp/oP/AK/0Kf5D/0i/5FP94sv3VT2K/xKv8qv9mv8Wr/Or/cb/Ea/yW/2W/xWv81v9zv8x36n/8Tv8rv9Hv+p3+s/8/v8536//8If8F/6DP+VP+i/9of8N/6w/9Yf8d/5o/6YP+6/9yf8D/6kP+VP+zP+rP/Rn/M/+fP8N2uMMcYYY3/IuMtN8cs1F27n9/yNHPF3G/cCgKu35s/4+/WZM8p1eS60+4j4NhEAeKZHp4cvLVWrJiYmXtw2XUJww1yAS98EZYqBy/FiaA1PQQK0glK/Of4+ostZ+p3+o7cB5Pi7nFi4HF/u/3MATPyN/h9/csSCsuHpuP+h/7kARW64nJN5EXApXgytf76/0gpK/5Px523xO+PP/kUyQMu/y8kJl+PL4y8JT8CzkPCLLRljjDHGGGOMsQv6iAodLl1/XvqNz9+6Po9Xl3OyweX4967PL1H/ofEzxhhjjDHGGGPs9z3XpevTjycktOrwrzcq/6+y/nCjEfyneubGbza8B7j0iAKAf7NDgMyG/CuPYvNfsq+ki2+df1y17IwP4P9GKf+MxhX+YGKMMcYYY4z96S5P+n/5OH9fzxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM/XX+in8ndqWPkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/l8AAAD//+cx/7A=")

6m34.931848233s ago: executing program 34 (id=744):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$loop(0x0, 0x81, 0x101000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(r5, 0x0, 0x8000018)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000001840)=ANY=[@ANYBLOB="696f636861727365743d42000000000000006d65636173653d312c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c666d61736b3d30303030303030303030303030303030303030303030352c696f636861727365743d63703836302c6769643d2a575415629829e5c89da02870a932a755a7", @ANYRESHEX=0x0, @ANYBLOB=',umask=00000000000000000000003,errors=continue,gid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00002000000000020000000,\x00'], 0x1, 0x152c, &(0x7f0000000300)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP1ptcFkmSS5JckiRJktwSkiY5kpAYcksakpBchuQyhFwnJo37/X5JSJImSUJyS9b/M+HvdOr86vxOJ7/Pmef7+ezPrOfd+1l77fd533evvd+Z+abT4OoNa1SpT0Twb8ELPxIBIBYA+gPANQAQAECZuDJxmeuzS0z893bC/lwPp1zpEbArieuftXH9szauf9bG9c/auP5ZG9c/a+P6Z21cf8aysk1T81/LS9Zd+P5/Vsbn//8iGSVGf7GmxPWdAWL+aArX/7/T7CZ/bDuu/3+t4I9sxPXP2rj+WVXslR4A+z+A3/9ZQbZ/uobrn7Vx/RnLyq70/ecrvUAkaz8HV/r1xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsazjtL1MAcKl9pcfFGGOMMcYYY4yxP4/PdqVHwBhjjDHGGGOMsf88BAESFAQQA9kgFrJDDhAAcDXkgmsgAtdCHFwHueF6yAN5IR/kh3goAAVBgwELBCEUghsgCjdCYbgJikBRKAbFwUEJKAk3Qym4BUrDrVAGboOycDuUg/JQASrCHVAJ7oTKcBdUgbuhKlSD6lAD7oGacC/UgvugNtwPdeABqAsPQj14COrDw9AAHoGG8Cg0gsegMTSBptAMmv+v8l+EbvASdIcekAg9oRe8DL2hD/SFftAfXoEB8CoMhNcgCQbBYHgdhsAbMBTehGEwHEbAWzAS3oZRMBrGwFhIhnEwHt6BCfAuTIRJMBmmQApMhWnwHkyHGTAT3odZMBvmwFyYB/MhFT6ABbAQ0uBDWAQfQToshiWwFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLbAVtsF22AEfw074BHbBbtgDn8Je+OxfzD/1D/mdERBQoECFCmMwBmMxFnNgDsyJOTEX5sIIRjAO4zA35sY8mAfzYT6Mx3gsiAXRoEFCwkJYCKMYxcJYGItgESyGxdChw5JYEkvhLVgaS2MZLINlsSyWw/JYHitiRayElbAyVsYqWAWrYlWsjtXxHrwHe2ItrIW1sTbWwTqXbk9hfayPDbABNsSG2AgbYWNsjE2xKTbH5tgCW2BLbImtsTW2wTbYFttiAiZgO2yH7bE9dsAO2BE7YifshJ2xC3bJeDEb4Ev4EvbAqqIn9sJe2BuTsvXFftgPX8EB+Cq+iq9hEg7Cwfg6vo5v4FA8icNwOI7AEVhJvI2jcDSSGIvJmIzjcTxOwAk4ESfhJJyCKTgVp+E0nI4zcAa+j7NwNs7GuTgX52MqpuICXIhpmIaL8BSm42JcgktxGS7HZbgSV+FKXINrcQ2ux/W4ETfiZtyMW3Erbsft+DEqAPwEd+NuTMK9uBf34T7cj/vxAB7ADMzAg3gQD+EhPIyH8QgewaN4DI/jMTyBJ/AknsLTeBrP4lk8h8/Hf9Xg46Krk0BkUkKJGBEjYkWsyCFyiJwip8glcomIiIg4ESdyi9wij8gj8ol8Il7Ei4KioDDCCBJhDACIqIiKwqKwKCKKiGKimHDCiZKipCglSonSorQoI24TZcXtopwoL1q5iqKiqCRau8riLlFFVBFVRTVRXdQQNURNUVPUErVEbVFb1BF1RF3xoKgnemJffFhkVqahGISNxGBsLJoIefETrIUYii1FK9FaPCmG4zBsK1q4BPGMaCdGYXvxNzEanxMdxVjsJF4QnUUX0VW8KLqJlq676CEmYk/RS0zB3qKP6Cv6ielYTbyPs7JXF6+JJDFIDBavi/n4hhgq3hTDxHAxQrwlRoq3xSgxWowRY0WyGCfGi3fEBPGumCgmicliikgRU8U08Z6YLmaImeJ9MUvMFnPEXDFPzBep4gOxQCwUaeJDsUh8JNLFYrFELBXLxHKxQqwUq8RqsUasFevEerFBbBSbxGaxRWwV28R2sUN8LHaKT8QusVvsEZ+KveIzsU98LvaLL8QB8aXIEF+Jg+JrcUh8Iw6Lb8UR8Z04Ko6J4+J7cUL8IE6KU+K0OCPOih/FOfGTOC+8AIlSSCmVDGSMzCZjZXaZQ14lc8rg4rN7rYyT18nc8nqZR+aV+WR+GS8LyIJSSyOtJBnKQvIGGZU3ysLyJllEFpXFZHHpZAlZUt4sS8lbZGl5qywjb5Nl5e2ynCwvK8iK8g5ZSd4pIXJhH1VlNVld1pD3yES4V9aS98na8n5ZRz4g68oHZT35kKwvH5YN5COyoXxUNpKPycayiWwqm8nm8nHZQj4hW8pWsrV8UraRT8m28mmZIJ+R7aS/+BJ5TnaUz8tO8gXZWXaRXeVP8rz0srvsIaEnyF7yZdlb9pF9ZT/ZX74iB8hX5UD5mkySg+Rg+bocIt+QQ+WbcpgcLkfIt+RI+bYcJUfLMXKsTJbj5Hj5jpwg35UT5SQ5WU6RKXKq7Huxp5lS/m7+O7+RP/DnvW+Um+RmuUVuldvkdrlDfix3yp1yl9wl98g9cq/cK/fJfXK/3C8PyAMyQ2bIg/KgPCQPycPysDwij8ij8pg8I7+XJ+QP8qQ8JU/JM/KsPCvPXXwOQKESSiqlAhWjsqlYlV3lUFepnOpqlUtdoyLqWhWnrlO51fUqj8qr8qn8Kl4VUAWVVkZZRSpUhdQNKqpuxIsvGFVMFVdOlVAl1c3/Sr4qrG5SRVTRX+RfGl/iPxlfc9VctVAtVEvVUrVWrVUb1Ua1VW1VgkpQ7VQ71V61Vx1UB9VRdVSdVCfVWXVWXVVX1U11U91Vd5WoElUv9bLqrfqovqqf6q9eUQPUADVQDVRJKkkNVoPVEDVEDVVD1TA1TI1QI9RINVKNUqPUGDVGJatkNV6NVxPUBDVRTVST1WSVolLUNDVNTVfT1Uw1U81Ss9QcNUfNU/NUqkpVC9QClabS1CK1SKWrxWqxWqqWquVquVqpVqrVarVaq9aq9Wq9Sleb1Ca1RW1R29Q2tUPtUDvVTrVL7VJ71B61V+1V+9Q+tV/tVwfUAZWhMtRBdVAdUofUYXVYHVFH1FF1VB1Xx9UJdUKdVCfVaXVanVVn1Tl1Tp1X5zOnfYEIRKACFcQEMUFsEBvkCHIEOYOcQa4gVxAJIkFcEBfkDq4P8gR5g3xB/iA+KBAUDHRgAhuIi0WPBjcGhYObgiJB0aBYUDxwQYmgZHBzUCq4JSgd3BqUCW4Lyga3B+WC8kGFoGJwR1ApuDOoHNwVVAnuDqoG1YLqQY3gnqBmcG9QK7gvqB3cH9QJHgjqBg8G9YKHgvrBw0GD4JGgYfBo0Ch4LGgcNAmaBs2C5n9q/96fzPuE66576ETdU/fSL+veuo/uq/vp/voVPUC/qgfq13SSHqQH69f1EP2GHqrf1MP0cD1Cv6VH6rf1KD1aj9FjdbIep8frd/QE/a6eqCfpyXqKTtFT9TT9np6uZ+iZ+n09S8/Wc/RcPU/P16n6A71AL9Rp+kO9SH+k0/VivUQv1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q3+sd+pP9C69W+/Rn+q9+jO9T3+u98d+oQ/oL3WG/kof1F/rQ/obfVh/q4/o7/RRfUwf19/rE/oHfVKf0qf1GX1W/6jP6Z/0ee0zJ/eZp3ejjDIxJsbEmliTw+QwOU1Ok8vkMhETMXEmzuQ2uU0ek8fkM/lMvIk3BU1Bk4kMmUKmkImaqClsCpsipogpZooZZ5wpaUqaUqaUKW1KmzKmjClryppyppypYCqYO8wd5k5zp7nL3GXuNnebaqaaqWFqmJqmpqllapnaprapY+qYuqauqWfqmfqmvmlgGpiGpqFpZBqZxqaxaWqamuamuWlhWpiWpqVpbVqbNqaNaWvamgSTYNqZdqa9aW86mA6mo+loOplOprPpbLqarqab6Wa6m+4m0SSaXqaX6W16m76mr+lv+psBZoAZaAaaJJNkBpvBZogZYoaaoWaYGW5GZE5UzdtmlBltxpixJtkkm/FmvJlgJpiJZqKZbCabFJNipplpZrqZbmaamWaWmWXmmDlmnplnUk2qWWAWmDSTZhaZRSbdpJslZolZZpaZFWaFWWVWmTVmjVkH68wGs8FsMpvMFrPFbDPbzA6zw+w0O80us8vsMXvMXrPX7DP7zH6z3xwwB0yGyTAHzUFzyBwyh81hc8QcMUfNUXPcHDcnzAlz0pw0p81pc9bkvXi+9CbWZrc57FU2p73a5rLX2H+M89n8Nt4WsAWttnls3l/ExlpbxBa1xWxx62wJW9Le/Ku4nC1vK9iK9g5byd5pK/8qrmnvtbXsfba2vd/WsPf8Iq5jH7B17aO2HiKAbWIb2Ga2oX3UNrKP2ca2iW1qm9k29inb1j5tE+wztp199lfxArvQrrKr7Rq71u6yu+1pe8Yest/Ys/ZH2932sP3tK3aAfdUOtK/ZJDvoV/EI+5Ydad+2o+xoO8aO/VU82U6xKXaqnWbfs9PtjF/FqfYDO8um2Tl2rp1n5/8cZ44pzX5oF9mPbLoNYIldapfZ5XaFXfn/x7rUrrcb7Ea7035it9itdpvdbndcmgjb3XaP/dTutZ/Zg/Zru99+YQ/YwzbDfvVznHl8h+239oj9zh61x+xx+709YX9Ql7Izj/17+5M9b70FQgKSpCigGMpGsZSdctBVlJOuplx0DUXoWoqj6yg3XU95KC/lo/wUTwWoIGkyZIkopEJ0A0XpRro0vGJUnByVoJJ0M5WiW6g03Upl6DYqS7dTOSpPFagi3UGV6E6qTHdRFbqbqlI1qk416B6qSfdSLbqPatP9VIceoLr0INWjh6g+PUwN6BFqSI9SI3qMGlMTakrNqDk9Ti3oCWpJrag1PUlt6ClqS09TAj1D7ehZak9/ow70HHWk56kTvUCdqQt1pRepG71E3akHJVJP6kUvU2/qQ32pH/WnV2gAvUoD6TVKokE0mF6nIfQGDaU3aRgNpxH0Fo2kt2kUjaYxNJaSaRyNp3doAr1LE2kSTaYplEJTaRq9R9NpBs2k92kWzaY5NJfm0XxKpQ9oAS2kNPqQFtFHlE6LaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtDHtJM+oV20m/bQp7SXPqN99Dntpy/oAH1JGfQVHaSv6RB9Q4fpW9+DvqOjdIyO0/d0gn6gk3SKTtMZOks/0jn6ic6TJwgxFKEMVRiEMWG2MDbMHuYIrwpzhleHucJrwkh4bRgXXhfmDq8P84R5w3xh/jA+LBAWDHVoQhtSGIaFwhvCaHhjWDi8KSwSFg2LhcVDF5YIS4Y3h6XCW8LS4a1hmfC2sGx4e1guLB8+en/F8I6wUnhnWDm8K6wS3h1WDauF1cMa4T1hzfDesFZ4X1g7vD8sHT4Q1g0fDOuFD4X1w4fDBuEjYcPw0bBR+FjYOGwSNg2bhc3Dx8MW4RNhy7BV2Dp8MmwTPhW2DZ8OE8Jnwnbhsz+vf2DhP1+fGPYMe4Uvhy+H3t8n50XnR1OjH0QXRBdG06IfRhdFP4qmRxdHl0SXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3Rr2vkQ0cOuGkUy5wMS6bi3XZXQ53lcvprna53DUu4q51ce46l9td7/K4vC6fy+/iXQFX0GlnnHXkQlfI3eCi7kZX2N3kiriirpgr7pwr4Uq6Zq65a+5auCdcS9fKtXbXXnyfPe2eds+4du5Z1979zXVwz7mO7nn3vHvBdXZdXFf3ouvmxuW6sG2i6+V6ud6ut+vr+rr+rr8b4Aa4gW6gS3JJbrAb7Ia4IW6oG+qGuWFuhBvhRrqRbpQb5ca4MS7ZJbvxbryb4Ca4iW6im+wmuxSX4qa5aW66m+4qzbiwlzlujpvn5rlUl+oWuMw5Y5pb5Ba5dJfulrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvlrLnTq9rp9bp/b7/a7A+5Ll+G+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZccGRcZH3knMiHybmRiZFJkcmRKJCUyNTIt8l5kemRGZGbk/cisyOzInMjcyLzI/Ehq5IPIgsjCSFrkw8iiyEeR9MjiyJLI0siyyPKI9wW2hNkzT55Rf6Mv7G/yRXxRX8wX986X8CX9zb6Uv8WX9rf6Mv42X9bf7sv58r6Cf8w39k18U9/MN/eP+xb+Cd/St/Kt/ZO+jX/Kt/VP+wT/jG/nn/Xt/d98B/+c7+if9538C76z7+K7+hd9N/+S7+57+ETf0/fyL/vevo/v6/v5/v4VP8C/6gf613ySH+QH+9f9EP+GH+rf9MP8cD8i5i0/8tIlMoz1yX6cH+/f8RP8u36in+Qn+yk+xU/10/x7frqf4Wf69/0sP9vP8XP9PD/fp/oP/AK/0Kf5D/0i/5FP94sv3VT2K/xKv8qv9mv8Wr/Or/cb/Ea/yW/2W/xWv81v9zv8x36n/8Tv8rv9Hv+p3+s/8/v8536//8If8F/6DP+VP+i/9of8N/6w/9Yf8d/5o/6YP+6/9yf8D/6kP+VP+zP+rP/Rn/M/+fP8N2uMMcYYY3/IuMtN8cs1F27n9/yNHPF3G/cCgKu35s/4+/WZM8p1eS60+4j4NhEAeKZHp4cvLVWrJiYmXtw2XUJww1yAS98EZYqBy/FiaA1PQQK0glK/Of4+ostZ+p3+o7cB5Pi7nFi4HF/u/3MATPyN/h9/csSCsuHpuP+h/7kARW64nJN5EXApXgytf76/0gpK/5Px523xO+PP/kUyQMu/y8kJl+PL4y8JT8CzkPCLLRljjDHGGGOMsQv6iAodLl1/XvqNz9+6Po9Xl3OyweX4967PL1H/ofEzxhhjjDHGGGPs9z3XpevTjycktOrwrzcq/6+y/nCjEfyneubGbza8B7j0iAKAf7NDgMyG/CuPYvNfsq+ki2+df1y17IwP4P9GKf+MxhX+YGKMMcYYY4z96S5P+n/5OH9fzxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM/XX+in8ndqWPkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/l8AAAD//+cx/7A=")

3m56.760288746s ago: executing program 6 (id=1054):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0xffffffe8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

3m55.03796229s ago: executing program 6 (id=1056):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x43d3, 0x40, 0x0, 0x235})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000a80)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000bc0)={@hyper})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r4, 0x7b2, &(0x7f0000000000)={&(0x7f0000000c00)=[0x0, 0x2, 0x8f1, 0x7, 0x7, 0x5, 0x80000001, 0x0, 0xb, 0x80000001, 0x2, 0x1, 0xf2, 0xa13, 0x2, 0x200, 0x7f, 0x49e, 0x1ff, 0xffffffff, 0xf, 0x805, 0x7, 0x8, 0x3f, 0x18c, 0x4, 0x9, 0xf946, 0xfffffff7, 0x2, 0x7fff, 0x7, 0x52, 0x1, 0x6, 0x9, 0x95, 0x57bd173f, 0x8497, 0xffffaf84, 0x2866, 0xb, 0x2, 0x1000, 0xfa7, 0x6, 0x2, 0x2, 0x688, 0x0, 0x3, 0x401, 0x62, 0x119e, 0x2, 0x3b, 0x91, 0x101, 0x3, 0x3, 0x8000, 0x7, 0x6, 0x0, 0x7, 0x5, 0x5, 0x1, 0x5fc5, 0x3, 0x8, 0xffffffff, 0x7264, 0x1, 0x4, 0xfe3, 0x2, 0x1, 0xfffffffd, 0x100, 0x10000, 0x9, 0x1ff, 0x3, 0x7, 0x25, 0x3b, 0x7, 0x8, 0x1f, 0x8, 0x80000001, 0x34, 0x7f, 0xfffffffc, 0x7, 0x7fff, 0x4, 0x0, 0xf1, 0x3, 0x8, 0x40, 0xd33f, 0xc2, 0xd42, 0x7fff, 0x2, 0x0, 0x8, 0xd584, 0x4, 0x1, 0xffffffff, 0x7f, 0x80, 0x4, 0x4, 0x6, 0x4, 0x10001, 0x54, 0x800000, 0x1, 0xffffffdf, 0x5, 0x6, 0x7ff, 0x4fa0, 0x4, 0xfffffffa, 0x101, 0x5, 0x7fffffff, 0xfffffff5, 0x9, 0x9759, 0x1, 0x7, 0x5, 0xc000000, 0x8, 0x10001, 0x9, 0x8000, 0x6, 0xa0, 0x3, 0x936f, 0x9aa, 0x6, 0x107, 0x3, 0x9, 0xfa28, 0xffffffff, 0xe, 0x1, 0x10001, 0x8, 0x2700, 0x4, 0x6, 0x3, 0x2, 0x6, 0xd2, 0x2, 0x2, 0x6, 0x5, 0x400, 0xc6, 0x4, 0x4, 0x3, 0x8, 0x1, 0xffffffff, 0x7, 0x5527, 0x9, 0x0, 0x10a, 0x7ff, 0x7, 0x5, 0x5, 0x3, 0x1, 0x9, 0x0, 0x6, 0x6, 0x1, 0x10001, 0x3, 0x6b6, 0x86f, 0x0, 0x7, 0xffffffc0, 0x80000000, 0xf089, 0xffffffff, 0x4, 0x4, 0x9, 0x401, 0x1, 0x1, 0xa000, 0x8, 0x6, 0x7, 0x40000000, 0x8001, 0x0, 0x9, 0x8, 0x1, 0x9, 0xcc0, 0x8f, 0x10, 0x4, 0x4, 0x6, 0x2, 0x380, 0xe460, 0x5, 0x7, 0xa2d, 0x7, 0x80000001, 0x6, 0x10, 0x477a, 0x0, 0xa4e6, 0x0, 0x6, 0x3, 0x1, 0x6, 0x5, 0xfffffff9, 0x963, 0x83, 0x6b5, 0x8, 0x0, 0x6, 0x6, 0x1ff, 0x6, 0x10, 0xc, 0x40, 0x8, 0xfffffffc, 0x0, 0x885, 0x2, 0x7, 0x8, 0x1ff, 0x0, 0x4, 0x0, 0x4, 0x8f2, 0xb, 0xffffff58, 0xfffffff7, 0xe, 0x9, 0x81, 0x8, 0x9, 0x80000001, 0x85e, 0x4, 0x0, 0x81, 0x35, 0xd79c, 0x0, 0x3, 0x6, 0x1, 0x7, 0x8, 0xf, 0x4, 0x1, 0x400000d, 0x3, 0x3, 0x3ff, 0x3, 0xbba5, 0x2, 0xfb1, 0x192, 0xe043, 0xfffffff8, 0x10000, 0xb7a5, 0x59f6, 0x0, 0x8, 0x7, 0x3, 0x3, 0x8, 0x200, 0x9, 0x0, 0x0, 0x7, 0x21d6, 0x2, 0x0, 0xf, 0x10000, 0x81, 0x7, 0x8, 0x444a, 0x80000000, 0x2, 0x1, 0x0, 0xe, 0x2, 0x5, 0xffffffff, 0x6, 0x7, 0x2, 0x2, 0x519, 0x3ff, 0x3, 0x80e, 0x1caf, 0xfff, 0x1, 0x9, 0x0, 0xae, 0x7, 0x1, 0x328, 0x400, 0x3, 0xf, 0x51, 0x101, 0x3, 0x5, 0x33, 0x400, 0x1d, 0x4, 0x7, 0x0, 0x8, 0xf7, 0x8000, 0x5, 0x9, 0x6, 0x0, 0x2, 0x84, 0xa, 0xfffffffa, 0x5, 0x7ff, 0x4636, 0x1, 0xffff, 0x1, 0xa, 0x7, 0x1, 0x6, 0x81, 0x3, 0x1, 0x7, 0x7, 0x3, 0x6, 0x5, 0xfffffff1, 0x9900000, 0x7, 0xfffff000, 0x80, 0x80, 0x2, 0x3, 0x4, 0xfffffeff, 0x40, 0x8, 0x2, 0x40, 0x1, 0x0, 0xc, 0x0, 0x8, 0x1000, 0x9, 0x6f, 0x9c, 0x0, 0xbf3, 0x45a5, 0x5, 0x1000, 0x3, 0x4, 0x80000000, 0x4, 0x0, 0x2, 0x3, 0x7, 0xe, 0x6, 0xe9e, 0x8001, 0x4, 0x9, 0x9, 0x4000000, 0x4, 0x1, 0x3, 0x3377, 0xffffffff, 0x7, 0x80000000, 0xbb, 0x9, 0x1, 0x1e8d9990, 0x7, 0x1, 0x0, 0x2, 0xfffffe01, 0x7, 0x7, 0x1, 0x10001, 0xa, 0xc8c3, 0x8, 0x740f, 0xa87, 0x0, 0x3, 0x0, 0x4, 0x9, 0x1, 0x802, 0xfffffff9, 0x6, 0x0, 0x3, 0x200, 0x438c3538, 0x7ffffeff, 0x2, 0x2fa, 0x2, 0x7, 0xd, 0x1, 0x4, 0x27, 0xffffffff, 0x4, 0x6, 0x3, 0x6, 0xfffffffe, 0x22, 0x22, 0x101, 0x10001, 0x8000, 0x6, 0xc, 0x400, 0x3, 0x5, 0xfffffff9, 0x8, 0xffffffff, 0x4, 0x9, 0x9, 0x7fff, 0x6, 0x8, 0x966, 0x3, 0x7, 0x8, 0x6, 0x8, 0x850b, 0xfffffff7, 0x1, 0x4, 0x81, 0xb, 0xd8, 0x2, 0xdcf9, 0x9, 0x101, 0x1, 0x20000000, 0x604, 0x7c27, 0x80000001, 0xd, 0x8, 0x5, 0x967, 0x4, 0x1, 0x3ecb, 0xb, 0x6, 0x2, 0x8, 0x9, 0x7f, 0x9, 0x5, 0x4800000, 0x2, 0x8, 0x80, 0xd2b, 0x80000009, 0x0, 0xd, 0x3, 0x6, 0x80000000, 0x4, 0x0, 0x3ff, 0x656, 0x80, 0x68, 0x4, 0x3, 0xa, 0x7fb, 0x2, 0x5, 0x6, 0x2, 0x63, 0xfffffe01, 0x6, 0x694, 0xfffffffb, 0xb13, 0x9, 0x4, 0x9, 0x2a, 0x8, 0xb, 0xe, 0x1, 0x7, 0x4, 0x1000200, 0x4, 0x8a, 0x67, 0x3ff, 0x5, 0x559, 0x8, 0x3f50, 0x6, 0x5, 0x1, 0x5, 0x0, 0x1, 0x3, 0xfffffffa, 0xa, 0x40009, 0x3, 0x9, 0x930c, 0x1000, 0x5a, 0x8, 0x8, 0x1, 0x1, 0x2, 0x5, 0x7, 0x1, 0xfffffffc, 0xe, 0x3, 0xd, 0x400, 0x3, 0x0, 0xfc, 0x3, 0x80, 0x2, 0x3, 0x7, 0x9, 0x0, 0x8, 0x4, 0xfffffffb, 0x10001, 0x8, 0x7, 0x7, 0xd, 0x5, 0xfc, 0x6, 0x12c, 0x6, 0x7, 0x2, 0x28, 0x0, 0x5, 0x2, 0x7, 0x8, 0x0, 0x2, 0x100, 0x80000001, 0x10, 0x2, 0x4, 0x100, 0x3ff, 0x200, 0x9, 0x1001, 0x4, 0x72e, 0x7fff, 0x0, 0x178d, 0x2, 0x4, 0x9c, 0x7, 0x3, 0x227, 0x6, 0x3, 0xe, 0x0, 0x7, 0x4, 0x0, 0x5, 0x5, 0x8, 0xfff, 0x80, 0x401, 0xc0000, 0xb0, 0x200080, 0x10000, 0x5, 0x3, 0x547, 0x8, 0x81, 0x1, 0x4, 0x0, 0x9, 0x80002, 0x9, 0x7, 0x7, 0x7, 0x1, 0x7, 0x5, 0xffffffc0, 0x8, 0xb9, 0x6, 0x8, 0x4f57, 0x4, 0xe, 0x9, 0x800, 0x6, 0x4, 0x2, 0x5, 0xb, 0x8, 0x80000001, 0x5, 0x10000, 0x5, 0xfffffffe, 0x3, 0x1, 0x7, 0x8001, 0xda, 0x2, 0xfffffff7, 0x0, 0xb908, 0xb, 0x2, 0x1, 0x7, 0xfffffffa, 0x1, 0x6, 0xfffffff7, 0x4, 0x7, 0x2, 0x6, 0x9, 0x734, 0x7, 0x10002, 0x2195, 0x6, 0xfffffff0, 0x1d624e79, 0x0, 0x8, 0xdb, 0x4, 0x0, 0x0, 0x2, 0x1, 0xe1, 0x9, 0x9, 0xfffffffb, 0x2, 0x4, 0xba2, 0x8, 0x3, 0xfffffff8, 0x8000, 0xe7f5, 0x5, 0x4, 0xff, 0x1001, 0x4, 0x7, 0x48e6, 0x4, 0x1, 0x8000, 0x1, 0x7, 0x2, 0xff, 0xc040000, 0x0, 0x8, 0x3, 0xa, 0x0, 0x40, 0x54e5abd6, 0x101, 0x404, 0x2, 0x0, 0x0, 0x9, 0x1, 0x6, 0x1, 0xffff06a3, 0x6, 0x0, 0x31c1, 0x7, 0x1004, 0x1, 0x1, 0x2, 0x4, 0xf8000000, 0x14000000, 0x62b, 0x8, 0x40, 0x8, 0xfffffffc, 0x3c9f, 0xffff2ddf, 0x8, 0x0, 0xc4, 0x7, 0x80000000, 0x4, 0x3, 0x2, 0xa9e, 0x8000, 0x7, 0x1ff, 0xc, 0x0, 0x0, 0x1, 0x2, 0x80000, 0xde32, 0x1, 0x9, 0xf11e, 0x0, 0x6, 0x9aa4, 0x2, 0x7, 0x7, 0x819d, 0x64f, 0xa, 0x5, 0x3, 0x8, 0xfffffffe, 0x1000, 0x200, 0xff, 0x8, 0x0, 0xffffffff, 0x9, 0x0, 0x9, 0xfffff800, 0x3, 0x3, 0x6, 0x0, 0x7fffffff, 0x3, 0x4, 0x3, 0x3bb6, 0xff, 0x1, 0x10, 0x5, 0x3, 0xff, 0x7, 0x1c0, 0xb585, 0x0, 0x8, 0x9, 0x4, 0x3, 0x101, 0x6, 0x6, 0x1, 0x50e, 0x60f2, 0x7, 0x81, 0x1, 0xb4, 0x7, 0x1, 0x4, 0x6, 0x8, 0x7ff, 0x76ac, 0x10000, 0x84c6, 0x8, 0x3, 0xe, 0x4, 0x2, 0x5, 0x7f, 0x8, 0xc5, 0x2, 0x5, 0x200, 0x1, 0x7fffffff, 0x6, 0x591, 0xcd, 0xfff, 0x0, 0x8, 0x9, 0x98, 0xd, 0x7ff, 0x16adb03, 0x59, 0x9, 0xe, 0x0, 0x9, 0x7, 0x1, 0x101, 0x3, 0x2, 0xb, 0x1, 0x4, 0x7, 0x0, 0x6, 0x9, 0x7, 0x5, 0x8, 0x7ff, 0x84bb, 0x7, 0x3, 0x401, 0x100, 0xf75, 0x8, 0xfff, 0x3ff, 0xbd89, 0x2, 0x7, 0xffffff6a, 0x9, 0x4, 0x1ff, 0x5, 0xadea, 0xc2, 0x9, 0x7, 0x3, 0x7f, 0x0, 0xb, 0x625ba91b, 0x8, 0x2, 0x8, 0x3, 0x400, 0xffffffff, 0xe, 0x1, 0xbcbe, 0x6045, 0x6, 0x5, 0x425, 0x1000, 0x5, 0x8b22, 0x3, 0x2, 0x0, 0x3, 0x8, 0x1, 0x5, 0xf, 0x1, 0xa, 0x4], 0x1, 0x400})
close_range(r3, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0)

3m49.35694009s ago: executing program 6 (id=1069):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYRES16=r2, @ANYRES8=r2], 0x1043)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1142, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x17)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0xa)

3m43.595916822s ago: executing program 6 (id=1075):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x5d, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x80, 0x40, 0xfffd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x5, 0x7, 0x4}}], {{0x9, 0x5, 0x82, 0x2, 0x30, 0x2, 0x0, 0xfc}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0xd, 0x0, 0x5}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000000080)={[{@dots}, {@fat=@fmask={'fmask', 0x3d, 0xdbd}}, {@fat=@uid}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@dots}, {@nodots}, {@fat=@gid={'gid', 0x3d, 0xee00}}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@nodots}, {@nodots}, {}, {@nodots}, {@fat=@nfs}, {@dots}, {@fat=@showexec}, {}, {@fat=@umask={'umask', 0x3d, 0x7}}, {@nodots}, {@dots}]}, 0x1, 0x1f5, &(0x7f0000000600)="$eJzs3cFqE1EUANCbmCYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadmKYxBDKj7Tmb3pn7Xt+7M2SSTW5SFL7f/RpZ1or2fuzHpBW70Y6ZswAArpNJSvEjFZreCwBQjzXe/3/WvCUAYMvevnv/+vlgcHCY51nE+dl4OB4Wf4v8y1eDgyf5b7vVrPPxeHjrIv80X/zsMM3vxO0y/6yYn1+kuxEx7Mbjh0V+mnvxZpD/Ob8XH7dcOwAAAAAAAAAAAAAAAAAAAAAANOV+5DNL+/vs7S3m+2W+OJrrD7TQv6cT9zrlYdUeKJ3WURQAAAAAAAAAAAAAAAAAAAD8Z45Pvnz+MBp9OqqCXkTMn+ksGXN10Cr/8VqDmw/asdn0flnmBou2yku03QL7y2/uOkF0/pW7s2mQ17BWf+XlTWkaLH8VzNpiXDm9GxGrV390uOnmJyml0bcHR8cnkVYOrp4RvVqfSAAAAAAAAAAAAAAAAAAAcHPNfev7kqyJDQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAA6rf/58Gl8+sDE4j4k78dfBsrZ3IGq0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6+tXAAAA//85ziI4")

3m39.996996783s ago: executing program 6 (id=1080):
socket$nl_route(0x10, 0x3, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x60840, 0x8)
io_setup(0x2e, &(0x7f0000000200)=<r1=>0x0)
r2 = inotify_init()
inotify_add_watch(r2, 0x0, 0x82000804)
io_submit(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x8000000000002)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r6}, 0x18)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$NL80211_CMD_GET_REG(r0, 0x0, 0x8080)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r8], 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'syz_tun\x00'})

3m37.815217545s ago: executing program 6 (id=1083):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
write$evdev(r1, &(0x7f0000000000), 0x100000008)

3m22.469340534s ago: executing program 35 (id=1083):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
write$evdev(r1, &(0x7f0000000000), 0x100000008)

2m38.329779504s ago: executing program 5 (id=1182):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000e8050000000000cc3689d7c9f01a4494f4d1bb8cd77c177ea0abe2adbccbdaff488b7bc2aa02ba"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x17, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x500}, {0x85, 0x0, 0x0, 0x86}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0xff3, &(0x7f0000001cc0)=""/4083, 0x41100, 0x25}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000900", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000600060000000000060009"], 0x4c}}, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)
fallocate(r1, 0x10, 0x3, 0x7c27)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x28042, 0x102)
ioctl$FS_IOC_FIEMAP(r5, 0xc020660b, &(0x7f0000000340)=ANY=[])

2m34.423856411s ago: executing program 5 (id=1187):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x101042, 0x91)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000003b40)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0xb3, &(0x7f0000000280)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000300), 0x0, 0x0, 0x63, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$sock_int(r1, 0x28, 0x3c, 0x0, 0x0)
keyctl$setperm(0x5, 0x0, 0x21081c22)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c)

2m30.100128165s ago: executing program 5 (id=1193):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x979f}, 0x18)
write$UHID_INPUT(r0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)="359cb6", 0x3}], 0x1, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)

2m27.867110358s ago: executing program 8 (id=1197):
setxattr$security_evm(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), &(0x7f0000001240)=ANY=[], 0x371, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000007c0)={r3, 0x58, &(0x7f0000000300)}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000008000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000002000008500000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80)
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')

2m26.660020162s ago: executing program 8 (id=1199):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x0, @broadcast}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
close(0x3)

2m26.583779333s ago: executing program 5 (id=1200):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb500a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)

2m26.340181698s ago: executing program 8 (id=1202):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000000700000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000580)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r0}, 0x20)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

2m26.26035706s ago: executing program 5 (id=1204):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
socket$inet6(0xa, 0x2, 0x5)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0xfffffff5}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x5c, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'rose0\x00'}]}]}]}], {0x14, 0x10}}, 0xd8}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

2m26.004835594s ago: executing program 8 (id=1205):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x30}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2}}, {@nobh}, {@errors_remount}, {@i_version}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
io_setup(0x4, &(0x7f00000014c0)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0xfffe, r1, 0x0}])
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)

2m25.232914229s ago: executing program 5 (id=1207):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000034700)=""/102400, 0x19000)
r1 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r1, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xfc}}, 0x0)
r3 = dup2(r1, r1)
sendmmsg$unix(r3, &(0x7f0000008380), 0x400000000000174, 0x4008890)

2m23.930848705s ago: executing program 36 (id=1207):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000034700)=""/102400, 0x19000)
r1 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r1, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xfc}}, 0x0)
r3 = dup2(r1, r1)
sendmmsg$unix(r3, &(0x7f0000008380), 0x400000000000174, 0x4008890)

2m23.899501015s ago: executing program 8 (id=1211):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x979f}, 0x18)
write$UHID_INPUT(r0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)="359cb6", 0x3}], 0x1, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)

2m23.812046308s ago: executing program 8 (id=1212):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4044000}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x40000000005, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x10006, 0xfffffffffffffffd, 0x4002004c4, 0x1084, 0xe6a, 0xffd, 0xa4a4, 0x0, 0x1, 0x7, 0x0, 0x2], 0x0, 0x2025c0})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m23.229681719s ago: executing program 37 (id=1212):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4044000}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x40000000005, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x10006, 0xfffffffffffffffd, 0x4002004c4, 0x1084, 0xe6a, 0xffd, 0xa4a4, 0x0, 0x1, 0x7, 0x0, 0x2], 0x0, 0x2025c0})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

27.347126917s ago: executing program 3 (id=1375):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
chdir(0x0)
mkdir(0x0, 0x8)
syz_clone(0x10eb22b000, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
futex(0x0, 0xa, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000300)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0, {0x2, 0x0, @private}, 'syz_tun\x00'})

20.089593348s ago: executing program 4 (id=1387):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r5}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

19.470906871s ago: executing program 4 (id=1389):
socket$inet(0x2, 0x1, 0x0)
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000002c0)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0xc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000300)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfe, 0xc1, &(0x7f0000000640)="dbb5", 0x2, 0x0, 0x10, 0x0, 0x7fff, 0x6, 0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r7 = socket(0x40000000015, 0x5, 0x0)
sendmsg$xdp(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r7, &(0x7f00000035c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/4, 0x4}}, {{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}, {&(0x7f0000000700)=""/148, 0x94}], 0x3, &(0x7f00000007c0)=""/176, 0xb0}, 0x8}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000b80)=""/251, 0xfb}, {&(0x7f0000000c80)=""/98, 0x62}, {&(0x7f0000002180)=""/4111, 0x100f}, {0x0}, {0x0}, {&(0x7f0000001dc0)=""/11, 0xb}], 0x6, &(0x7f0000001ec0)=""/120, 0x78}, 0x1}, {{&(0x7f0000001f80)=@phonet, 0x80, &(0x7f00000034c0)=[{&(0x7f0000002000)=""/120, 0x78}, {&(0x7f0000002080)=""/159, 0x9f}, {&(0x7f0000003240)=""/90, 0x5a}, {&(0x7f0000002140)=""/31, 0x1f}, {&(0x7f00000032c0)=""/151, 0x97}, {&(0x7f0000003380)=""/8, 0x8}, {&(0x7f0000000d00)=""/121, 0x79}], 0x7, &(0x7f0000003540)=""/96, 0x60}, 0x40}], 0x5, 0x2, 0x0)
recvfrom(r3, 0x0, 0x0, 0x734, 0x0, 0x0)
ioctl$sock_TIOCINQ(r3, 0x541b, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000001e40)='./file1\x00', 0x1001c05, &(0x7f0000000000)=ANY=[], 0x2, 0x231, &(0x7f0000000240)="$eJzsmb9rFEEUx78zu7e5i6JYaGFzTcAIZm93TyWNaOwDQiJqeZg1RDc5uRySBCyCjY1/gP+IRSoLsbGzsLJQQbAwpaCIjsyv3bkfq3fedXkfyOQ77+a9e2/m9i3sgiCII8unj98+PLu+uHoBwHHMYcbYv3h2hQ/urH//3KsY+WrrxOOD/ngMgBDF3C/5XrskAPBy6SQAHVYI1xuYMzFXwZWW3ATHeaNvgSG0ub7+lXunYLhjzPcd3a7hhxJZyu62s7V7G1kaySGWQyKHZpGdzv9wn2ENQNXk59a0vbv3oJUBHS2y1IqKiVFYRhQc/ZaSLSzyW+K4YvdVCCHP6/bTJ/tyHhp75OxfDI7Y6CYYVoxexAzCMKybaRo79Z/1i/iePjZ4ef2j1lYdZ/Hk4tTCpHGujlegvXp6P/otsvS7mHqBQc9PcPKA8jL7X3eZh7HItEb04vXcK/8oGLBMXTAjrgFQglkh15w5PHgz6PW5x/Juuewr2Ci125NTlmMY3ITpCtW4hh3u29ksWx7qddqIWt5ohkW2dZT+JHT/YD5wzulPvnNXaHQ3Hza2d/cWNjZb6+l6upUkzcvRxSi6lDRUb9bjX/pfVfWnWSd+pWRtwALstLrdTrwDdDtxPk/06HTclRftr8qHq/7HMf9TaMw9K79R9sHMH1f/5dnOe6XJEwRBEARBEARBEARBEARB/BP9hk4/kqyDwTyrVC/jKuapaC9+cgOPasCfAAAA///ei1Cr")
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x80000c, &(0x7f0000000f40)=ANY=[@ANYBLOB="63726561746f723d7fcbf4272c6e6c733d63703934392c626172726965722c747970653d65f173442c756d61736b3d30303030303030303030303030303030303030303030312c756d61736b3d30303030303030303030303030303030303030303031312c666f7263652c666f7263652c6769643d", @ANYRESHEX=0x0, @ANYBLOB], 0x2, 0x6da, &(0x7f0000000580)="$eJzs3UtoHOcdAPD/rFarXRUcOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsimN0se9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdmZ1Ur7lKzHJv39xMx8M99z/rMzsw/EBPB/a3k2ys8iieXZN7fS9d2dhebEzsJUnt2MiEpElCLKrUUka5Hl3smn+Ha6MS+f9Ovnw9Wltz//aveL1lo5n7LypUH1eqh0b9rOp6hHxES+7DbZp8VPjnZ/qL27fdsbVdLewzRgN4rAxV+eq1V4bvtdttt5H/8nmw+qfpzzFhhTSeu+2WUmYjoiqhGtu35+dSid7+hO3/ZFDwAAAACOq3b8Ki/sxV5sxaWzGA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8U+XP/0/yqVSk65EUz/+v5NsiT4+h4Q9C/GyqtXx29oMBAAAAAAAAgDP36l7sxVZcKtb3k+w3/9c6fuP/VrwXG7ES63EztqIRm7EZ6zEfETMdDVW2Gpub6/NZzYgrA2rejk971Lzdf4x3TnmfAQAAAAAAAGDMVYfkP5zs3vb7WD74/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZBEjHRWmTTlSI9E6VyRFQjopKW2474tEh/TSS9Nj47/3EAAADAc6keXk2qI9R54f3Yi624VKzvJ9ln/mvZ5+VqvBdrsRmrsRnNWIl7+Wfo9FN/aXdnobm7s/Aonbrb/emXxxp61mK0vnvo3fPLWYla3I/VbMvNuBtJ7GdKeSsv7+4spMtHvcf1QTqm5Ce5AaOZ6EjfS2fXP8nSfz78LUL5WLt4QqW+OTNZ7mQ7InP52NIal4sI9I7E0KNTHtjTfJTa3/xcGdxT75h/MLj36SOlen5zcyGORuJ2lNpH6NrgSER89x8f//pBc+3hg/sbs+OzSz29P7TE0UgsdETi+jcoEsPNZZG42l5fjl/Er2I2vpx6K9ZjNX4TjdiMlXqR38hfz+l8ZnCkPpvuXHtr2EjSc7Levn71GlM9Do0p6vHzLNWI17JjeilWI4nHEbESb2R/t2O+fTU4OMJXRzjrSyNcaTvc+F62aIcpav3L/m20Jk9LGtfLHXHtvObOZHmdWw6i9GLPKBX3utHvRx3K38kTaQt/GHh/OG9HIzHfEYmX+r1eWiH9634632iuPVx/0Hh3xP5ez5fpefSnsbpLpEf4xajmO3c5myfZOTWX5b3UvsMejlcl/8WlpdSVd7Vdr3Wm/jIex71DZ+oPYzEWYykrfS0rPdl1x0rzrrdbOnwNT/PSd1rl9g87ne+3Hkez9X4IgPE2/f3pSu2/tX/XPqr9sfag9mb1Z1M/mnqlEpP/mvxxeW7i9dIryd/jo/jdwed/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg5DaePH3YaDZX1nsnSr2zksG1Gs394kFiA8ocSiT5o3JGKJxsPHm6P7TBwYmpfHgnrH6aieJpjcML189wGMn20eNVHX4siqc8jdBF0hXwtPKJx1z0fLBlcgwO5dFE/fQaLF6wHVnHf/XWeh2viYjoVXjIhWPiNK4+wEW6tfno3VsbT57+YPVR452Vd1bWJhcXl+aWFt9YuHV/tbky15p3VDiXh98C56Hz7URbJSJeHV53wINaAQAAAAAAAAAAgDN0Hv8LcdH7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHy9Lc9G+VkkMT93cy5d391ZaKZTkT4oWY6IUkQkv41I/hlxJ1pTzHQ0l/Tr58PVpbc//2r3i4O2ykX5UsR233qj2c6nqEfERL48rfbuDm+vcpCc6pGdtCOTBuxGETi4aP8LAAD//7co7JU=")
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=ANY=[@ANYBLOB='osx.'], 0x0, 0x0, 0x0)
listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

16.178324245s ago: executing program 7 (id=1393):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="e10eba4100b000ee0f01cb94f37d00640f229b0f20d86635080000000f22d8f466b87f7002b40f23c00f21f86635020006000f23f866b9d602000066b80090000066ba000000000f30", 0x49}], 0x1, 0x10, 0x0, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)=""/156, 0x9c}], 0x1, &(0x7f0000000400)=""/17, 0x11}, 0x8000}], 0x1, 0x2102, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
socket$netlink(0x10, 0x3, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f00000001c0), 0x1)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x8000005, 0x0, 0xfffffffffffffffd}, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x8a4, 0x0, 0x1, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr=0x64010102, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0x0, 0x0, 0x1010000}}}}}, 0x0)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000080)='./file3\x00', 0x2000c8, &(0x7f00000005c0)=ANY=[@ANYRES64], 0xfd, 0x1e5, &(0x7f0000000ac0)="$eJzs3U9rE0EYB+A3f2xST70JorDQi3goKnivSAUxICg56EmhemlFsJfopf0Yfj7xA0hPAZGVdTcdGnPYBHej8XkueXd/Mzuzy2aTSyavbrw7Onx/8vbrtc8xHHaiux/7Me3ETnRj5iwAgE0yzfP4lpeW6bf7pbk5AQDNqvH5/6PlKQEADXv+4uWTB6PRwbMsG0acn03Gk3H5WuaPHo8O7mS/7KRe55PJuHeR383mvzsU+ZW4WuX3yv7Z5Xwrbu2WeZE9fDoq8l7KB3FYbgwavgQAAAAAAAAAAAAAAAAAAAAAANC6m5HNLFzfZ29vPt+u8qL+Xq0cuGh9n35c71ebaXmg/LSd0wIAAAAAAAAAAAAAAAAAAIB/ysnHT0evj4/ffEjFICIu71mm6FQHXrF720U30p5eNfVFjW9X2R8afWs21F9xETajuJ/uuqzxQfu1Gq/4LijujqV7des1nuZ5XuuA6RkxaPOBBAAAAAAAAAAAAAAAAAAA/7H0o9/fs+E6JgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa5D+/3+F4jQiajS+GGx7racKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADABvsZAAD//7b9MQY=")
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

15.678291754s ago: executing program 7 (id=1394):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x400, &(0x7f0000000000)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x1, 0x4a6, &(0x7f0000000a40)="$eJzs3c9rXNUeAPDvzDRpkua9/niPR9sHr4U+6HtKM/mBNFEXulIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLvzKT5NXXQNAO5nw/czrn33M73nAzfw51z750bQGadTv7JRQxGxBcRcbixunmH042XtbvXp5IlF/X6xe9z6X7JemvX1v87FBGrEdEXEc89FfFybnvc6vLK7GS5XFpsrhdrcwvF6vLKuStzkzOlmdL8yPj5iYnx4bHRiV3r6803X7154eNnej/6+Y07t9/69JOkWYPNuo392E2NrvfE0Q3bDkTE4w8iWBcUmv3p73ZD+FOSz+8fEXEmzf/DUUg/TSAL6vV6/bf6wXbVq3Vg38qnx8C5/FBENMr5/NBQ4xj+nzGQL1eqtYcvV5bmpxvHykeiJ3/5Srk03PyucCR6csn6SFq+tz66ZX0sIj0GfrvQn64PTVXK03s71AFbHNqS/z8VGvkPZISv/JBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yH7JL/kMmPXvhQrLUW/e/T19dXpqtXD03XarODs0tTQ1NVRYXhmYqlZn0np25P3q/cqWyMPJILF0r1krVWrG6vHJprrI0X7uU3td/qdSzJ70COnH01K2vchGx+mh/uiR6m3VyFfa3ej0X3b4HGeiOQrcHIKBrTP1BdvmOD+zwE72b9LWrWNj9tgB7I9/tBgBdc/aE83+QVeb/IbvM/0N2OcYHzP9D9pj/h+wabPP8r79teHbXcET8PSK+LPQcbD3rC9gP8t/mmsf/Zw//d3BrbW/ul/QUQW9EvPb+xXevTdZqiyPJ9h/Wt9fea24f7Ub7gU618rSVxwBAdq3dvT7VWvYy7ndPNi5C2B7/QHNusi89Rzmwltt0rUJul65dWL0REcd3ip9rPu+8ceZjYK2wLf6x5muu8RZpew+kz03fm/gnNsT/z4b4J//yXwWy4VYy/gzvlH/5NKdjPf82jz+Du3TtRPvxL78+/hXajH+nOozxygevf9M2/o2IkzvGb8XrS2NtjZ+07WyH8e+8+Py/2tXVP2y8z07xW5JSsTa3UKwur5xLf0dupjQ/Mn5+YmJ8eGx0opjOURdbM9XbPXb889v36/9Am/jt+v9Es03/77D/v/77sxdO3yf+/87s/PkfaxM/0R8RD3UY/8fRr19qV5fEn27T//x94ifbxjqMX33n6YMd7goA7IHq8srsZLlcWlRQUFBYL3R7ZAIetHtJ3+2WAAAAAAAAAAAAAJ3ai8uJu91HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID94PcAAAD//5j81ps=")
setxattr$security_evm(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0), &(0x7f0000001240)=ANY=[@ANYBLOB="050010000000040368802758549f76"], 0x371, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_score_adj\x00')
writev(r0, &(0x7f00000000c0), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000007c0)={r4, 0x58, &(0x7f0000000300)}, 0x10)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000008000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0xeaff)

14.678733764s ago: executing program 9 (id=1395):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xb)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080))
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1)
r2 = socket(0x10, 0x2, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0x74000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad00020000", 0x2b}], 0x1)

14.528985846s ago: executing program 7 (id=1396):
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', 0x0, &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x7, 0x8, 0x8, 0x3}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={0x14, 0x15, 0x301, 0x0, 0x0, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'syztnl0\x00', 0x0})
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x122}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_80211_join_ibss(&(0x7f00000002c0)='wlan0\x00', &(0x7f0000000340)=@default_ap_ssid, 0x6, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000300)={0x0, 0x2, 0xffffffffffffffff, 0x7ff})
r7 = syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x14b200)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x918)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r9, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x89)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

12.956260757s ago: executing program 1 (id=1398):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f000000a8c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r2, 0x0, 0x0)
mkdirat(r2, &(0x7f0000000340)='./file0/../file0\x00', 0x10)
umount2(&(0x7f0000002400)='./file0/../file0\x00', 0xb)

12.507770966s ago: executing program 1 (id=1399):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xb7, &(0x7f0000000380)="b94213ac651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf20377fceafffffffffff1ffdf4cd9f5d3969890522c67157d88010000003a5b99b9c9b82eb58b1e000000000091ff000000050000001da3635b8b4fa637130200000065e4a436aa9e50bc0f19b71d1b2ff9ebcede1fb5e9428f54d5d1f0cc752cf231a5d2da03e31334a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feaded9d6284a62dc81fe53")

12.371886779s ago: executing program 3 (id=1400):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
socket$inet6(0xa, 0x2, 0x5)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0xfffffff5}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x5c, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'rose0\x00'}, {0x14, 0x1, 'rose0\x00'}]}]}]}], {0x14, 0x10}}, 0xd8}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

11.26017822s ago: executing program 9 (id=1401):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000300)={'wpan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
pipe2$watch_queue(0x0, 0x80)
keyctl$set_timeout(0xf, 0x0, 0x5)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$packet(0x11, 0x2, 0x300)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00'})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="2f6728bd7000fedbdf251c0000000800"], 0x1c}, 0x1, 0x0, 0x0, 0xd0}, 0x20040014)

11.119896733s ago: executing program 3 (id=1402):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x97, 0xff, 0x82, 0x8, 0x2058, 0x1005, 0xc19b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8f, 0x0, 0x0, 0xbf, 0x57, 0x5a}}]}}]}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1020, 0x6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x40, 0x5, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x3, 0xf, {0x9, 0x21, 0x10, 0xff, 0x1, {0x22, 0x5d3}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x1, 0xc7, 0x5}}}}}]}}]}}, &(0x7f0000000b80)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x250, 0x24, 0x3, 0x6, 0x8, 0xa}, 0x35, &(0x7f00000009c0)={0x5, 0xf, 0x35, 0x4, [@wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x4, 0xd, 0x1, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x9, 0x8, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xc, 0x3f, 0x8, 0x606}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "0968b39cebd5513f12ca71fe36f5467b"}]}, 0x2, [{0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x444}}, {0x4, &(0x7f0000000b40)=@lang_id={0x4, 0x3, 0x1409}}]})
faccessat2(0xffffffffffffffff, 0x0, 0x2, 0x500)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000100)=ANY=[], 0x1, 0x2f4, &(0x7f0000000500)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000240)=0x14)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x36}}}}, @ip_tos_u8={{0x11}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @rand_addr=0x64010102, @multicast2}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6}}], 0x88}, 0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000040), 0x0, 0x22d, &(0x7f00000002c0)="$eJzKKC4sZmdgYPj7sSaZgUGAgYGRQYCFQYThAgMjAwsDA4M8IwMYfGSC0FOh9E0ozQaVvwKlfaHi7VD6rzkLwwsjBsZMpXtmTAfEUxQZBRh4RL6eesDwDSRtOc8bpJCNQejt0v0gAa/Qyk0MjOop/IvmbJjgNJMXbCxjZNRf86qIKAaIOcwHZGZxgAxiYGCY/Cfi3gMWSQaRWJBZay4FZU65KsrxT+xUy/JVZp33mRk6pqUxMBrM4mBmYGA4ojvTzoC3mwlqJisDA0NiTk5q0TuQO5HNn8y4n0mREaTuzN+rwQ8Y7Ri6YxmgPmz4I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWL52SAgoNRnycyMC5n3M/EwDAzbOceiL/YoLJgp/43YQB5WoWBgYGJgYUhLTMn1cCDgZGBGcoxZEFWDVbFAZbQS87PSWlnYAQnAbC25QwscDMMHzOwwjlGyBxjiwaY89qhtAqU9oDSy6H0YwaIW+XRkg0L2IR+KE+jAaSsIpGhpMgQpLwisaSkyBAiVlJSZAQXMxKA28wEtXUuE6rnjjMxjIJRMApGwSgYBaNgFIyCUTAKRsFIBoAAAAD//0yLrVo=")
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, 0x0, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)

10.77704077s ago: executing program 4 (id=1403):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
r2 = epoll_create1(0x80000)
r3 = fcntl$dupfd(r0, 0x406, r2)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000040)={0x30000011})
epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0x8001, 0x0, 0x0)

9.767966509s ago: executing program 9 (id=1404):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
open(0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x1800, 0x61, 0x11, 0x70}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

9.256051229s ago: executing program 4 (id=1405):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000800000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

8.427150105s ago: executing program 1 (id=1406):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r4}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
syz_emit_ethernet(0x66, &(0x7f0000000100)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00\'$', 0x30, 0x3a, 0xff, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x6, 0x6, ':yE', 0x2, 0x3a, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @private0}}}}}}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001740), 0x0, 0x2000, 0x0)

8.421459596s ago: executing program 9 (id=1407):
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x37}, 0x28)
r1 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
lseek(r1, 0x0, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
lseek(r0, 0xd0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

8.282297188s ago: executing program 7 (id=1408):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={<r0=>0x0, 0x0, &(0x7f0000000080)}, 0x0)
r1 = syz_io_uring_setup(0x60db, &(0x7f0000000140)={0x0, 0x7cc, 0x40, 0x3, 0x2c0}, &(0x7f00000001c0), &(0x7f0000000200))
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000003c0)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r2}, 0x4)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
keyctl$clear(0x7, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$set_reqkey_keyring(0xf, 0xfffffffb)
socket$l2tp(0x2, 0x2, 0x73)
r7 = socket(0x15, 0x5, 0x0)
getsockopt(r7, 0x200000000114, 0x2714, 0x0, &(0x7f0000000000))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000a40)={'\x00', 0x3, 0x6, 0x0, 0x3, 0x100000000, <r8=>r4})
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000ac0)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffff}, 0x1, 0x9, 0xff, 0x5, 0x0, r8, 0x8})
close_range(r3, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r1, 0xc, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000200)={r0, 0x1e, "432af87e2f080111a60eae09d9b2538861f3e5c5c7cbffffffff00000000"}, &(0x7f0000000240)=0x26)

8.067949752s ago: executing program 4 (id=1409):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@random="9115463ecc79", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @remote, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote}}}}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

7.045877662s ago: executing program 1 (id=1410):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f000000a8c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r2, 0x0, 0x0)
mkdirat(r2, &(0x7f0000000340)='./file0/../file0\x00', 0x10)
umount2(&(0x7f0000002400)='./file0/../file0\x00', 0xb)

6.501433463s ago: executing program 3 (id=1411):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2000844, &(0x7f0000000a00)=ANY=[@ANYBLOB="74696d655f6f66667365743d3078303030303030303030303030303466372c6e6f636100000000000000027865632c666c7573682c6e66732c6e6f646f74732c646f74732c71756965742c646f74732c636865636b3d6e6f726d616c2c616c6c6f775f7574696d653d30303030303030303030303030303030303030303031312c6e6f646f74732c6e6f646f74732c74696d655f6f66667365743d3078666666666666666666666666666261632c757365667265652c636865636b3dbad76e6f726d616c2c00"], 0x1, 0x255, &(0x7f0000000680)="$eJzs3UFqE1EYB/CvbZom3di1uBh046qoNwgSQRwQIlnoykB104qQbqKrHMMzeAZP4jG6qqsRM4Npp+qizOTZzu8HYT7y5w3fyyIvi/cyb+99OD76ePq++P4lBoMsehHLOI84iO3YidJWdd1e1f24aBkAwE0zmcxGqXugQVtX3hlGxGw3IvauRNOvG+oKAAAAAAAAAACAhrWy///+j2Kl7eYBgGux///2m89Hs/3q99tl9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6ZwXxZ3iH6/U/QEAzbP+A0D3WP8BoHsur//9sP4DwO336vWbF6M8H0+ybBBxtlxMF9PyWubPnufjR9nKwXrU2WIx3a3qfPy4zLN6vl+Nf/LHvB8PH5T5r+zpy7yW78VR25MHAAAAAAAAAAAAAAAAAACA/8Rh9lvtfP9OmR/+LS+rC/8PUDu/34u7vY1NAwAAAAAAAAAAAAAAAAAAAG6000+fj2cnJ+/mio0W39q58zAauc8wrjFqEMk/VUVzRepvJgAAAAAAAAAAAAAAAAAA6J71od/UnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAOuvn/7dXpJ4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0A0/AwAA//+DNpYo")
r3 = inotify_init1(0x0)
inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x52000775)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x21c0, 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})

5.276009407s ago: executing program 1 (id=1412):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xb)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080))
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r1)
r2 = socket(0x10, 0x2, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0x74000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad00020000", 0x2b}], 0x1)

2.092861259s ago: executing program 4 (id=1413):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x800, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0xb, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = io_uring_setup(0x1239, &(0x7f0000000240)={0x0, 0x53f4, 0x0, 0x0, 0xffffffff})
close_range(r8, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x56e, &(0x7f0000000640)="$eJzs3U9sHFcZAPBvdh0ndU1dm1pqysGBRLh/FNvtSk4NB8IBDhT1UiRUqRysZGMHr2Nju6I2F/fGiQoJBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHggBjGZ3NtnYs2bBjhcyv5+02TdvnvO9t5vvafe9iSeAwjqR/pFE9EfE1YgYaBze2uBE4+kblY3ZK5WN2SS2t5/6U1Jvd7myMdts2vy5uyNiPSLuj4jvX4g4d2R33OXVtbnpWq26lB2Pr8wvji+vrp2+OD89U52pXqpUHp+anJw6MznxH4wm2fPsRxffGPrF7JMzL4/8/ekz81/5YxJn6+OOHeM4SHk96kkizt6OYF1QTscTEX0dth+uvvDKbe4SHfrc0OZ4+t7dFxGn6vk/EOX6uxnxvpee+ctAvPd6u5+9uvnS7w6zrwDAwdlOHd37NHBnKkX63T8pjUVEo1wqjY01vsPfF32l2sLyyiMXFp69dL6xRnBvHClduFirTmRrBffGkSQ9frRevnn82I7jSkQMRsSny3fVj8fOLdTOH+pMBzT1R7z+zU+c6717R/7/ttzIf+DOleb/z37w7e+m5bfK3e4NcJjS/P/aW/NPhPyHwpH/UFzyH4pL/kNxyX8oLvkPxSX/objkPxSX/Ifikv9QXK35L/2hmAZHXt1MImL9PXfVH6ne7FzOr+0B7iDb24n/5A8F5bM/FFdPtzsAdI3v+MDevzk74li7E4sH3xfgcJS63QGga0aP2/+DorL+D8Vl/R+Ky2d8wPo/FI/1fyiu/jb3/3pby727JiLinoj4UfnI0ea9voD/X/0Rr7949VvPRJR+n2Sf/0cHTvVPv/Ha91rb9SZ/rW8R9EbEJ1986gvPTa+sLD2a1v/5Rv3KF7P6x7o1GqATzTxt5jFQXMura3PTtVp1SUFBoXCF5jxwubIx23wc1tzzwsMRb76/cRFCGvdK9mic7cnWJo/V9yj7tpJbrlVIDmDv8jOnI9afj4j788afZPc7b+x89G2Vd8V/e/acPo5n6ydpm+EO45fv2V/8B1rij7TEf0eH8Tc/0mHD22Tw692N//Ivs9d/oqcn7/Xf77UxQ//m/BNf3WeAffrNr7sb/9RId+N/fiHi1XT+mcjLv1Kaljd2PnfOP/0t10n/tz41enP+u7Jr/ivdmP/Kbea/Ex3G+eHT1Y/l1Zd/HPHm8xEP5MZvxjtWj9W3VdoV/2TL/PPgHvH/8OGfzuXVn30tYvtyxGjkx2+NNb4yvzi+vLp2+uL89Ex1pnqpUnl8anJy6szkxHh9jXq8uVK925PXhz+QV3/yy43x97WJ3xx/u9d/e48xt1r70sf735lT/5PjjfgPnsx//4ey+I3Xv2dX/Hdlz+m/k39k1/Kmba5FxNGs/qGI+M4rgw/n9etD1xvxz7cZf+mW+LvH/0iH4//sr/75bF79cx/s8C8AAA5U+6WBbvcMAAA4aIex09jtMQL5+rZ6o3UbOFlv2VdYv7mvkNZfy/YXyusRf8v2GNL6h7JdsrScu9EA/M8ZXnv3z7vdBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICiW15dm5uu1apLy93uCXDY/hUAAP//T2kBHQ==")
r9 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f00000002c0)={r10, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}})

1.910138172s ago: executing program 7 (id=1414):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000300)={'wpan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
pipe2$watch_queue(0x0, 0x80)
keyctl$set_timeout(0xf, 0x0, 0x5)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$packet(0x11, 0x2, 0x300)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00'})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="2f6728bd7000fedbdf251c0000000800"], 0x1c}, 0x1, 0x0, 0x0, 0xd0}, 0x20040014)

1.782657555s ago: executing program 3 (id=1415):
ioctl$HIDIOCGREPORTINFO(0xffffffffffffffff, 0xc00c4809, &(0x7f0000000480)={0x2, 0x2, 0xff})
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

1.715913326s ago: executing program 9 (id=1416):
socket(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000100)=ANY=[], 0x1, 0x2f4, &(0x7f0000000500)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}, {0x3f}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x14, 0x15, 0x1, 0x0, 0x0, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x20004080}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r3, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new de'], 0x2a, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080), 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={<r6=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000840)={r6, @in6={{0xa, 0x4e1d, 0x0, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

121.207967ms ago: executing program 3 (id=1417):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x24000041)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r7, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c40", 0xfb, 0x40040, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x18, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

120.675447ms ago: executing program 7 (id=1418):
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', 0x0, &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x7, 0x8, 0x8, 0x3}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={0x14, 0x15, 0x301, 0x0, 0x0, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'syztnl0\x00', 0x0})
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x122}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000240)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000300)={r7, 0x2, 0xffffffffffffffff, 0x7ff})
r8 = syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x14b200)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x918)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r9, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r10, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r8, 0x84, 0x17, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x89)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r11=>0x0})
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

72.816438ms ago: executing program 1 (id=1419):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}})

0s ago: executing program 9 (id=1420):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r3, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000000000000d00"], 0xd0060)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0)
r6 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r6, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff1337, 0x3], [{0x0, 0x0, 0x0, 0x1}, {0x35, 0x39}, {0x0, 0x8}, {0x800000, 0x800001}, {}, {0x1ff}, {0x0, 0x1000}, {}, {}, {}, {}, {0x0, 0xe68b}], 0xc})
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000fedbdf250c00000008000300", @ANYRES32, @ANYBLOB="0a00060008021100000100001800508005000200030000000800070000000000000800"], 0x40}, 0x1, 0x0, 0x0, 0x818}, 0x4000)
tkill(r0, 0x26)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x48000000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$VFAT_IOCTL_READDIR_BOTH(r2, 0x82307201, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)

kernel console output (not intermixed with test programs):

T4673] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  503.666393][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1000'.
[  505.408459][ T4673] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  505.423647][ T4673] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  505.466680][ T4673] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  505.490289][ T4673] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.743268][ T4673] usb 6-1: config 0 descriptor??
[  507.153900][ T4673] usbhid 6-1:0.0: can't add hid device: -71
[  507.163560][ T4673] usbhid: probe of 6-1:0.0 failed with error -71
[  507.194199][ T4673] usb 6-1: USB disconnect, device number 18
[  507.376781][ T7681] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  507.449313][ T8277] binder: 8276:8277 unknown command 0
[  507.454759][ T8277] binder: 8276:8277 ioctl c0306201 200000000080 returned -22
[  507.571630][ T7681] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  507.606394][ T7681] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  507.642900][ T7681] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.663927][ T7681] usb 5-1: config 0 descriptor??
[  508.349687][ T8289] loop6: detected capacity change from 0 to 32768
[  509.003481][ T8289] 
[  509.003481][ T8289]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  509.003481][ T8289] 
[  509.015161][ T8289] read_mapping_page failed!
[  509.020690][ T8289] diRead: read_metapage failed
[  511.603904][ T8302] device veth0_vlan left promiscuous mode
[  511.611217][ T8302] device veth0_vlan entered promiscuous mode
[  511.861397][ T7681] usb 5-1: USB disconnect, device number 33
[  514.756491][ T8335] loop1: detected capacity change from 0 to 256
[  517.146661][ T4475] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  517.342683][ T4475] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.364104][ T4475] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.473340][ T8347] loop5: detected capacity change from 0 to 512
[  517.490075][ T4475] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  517.556693][ T4475] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.667692][ T8354] loop1: detected capacity change from 0 to 256
[  517.678266][ T8354] exfat: Unknown parameter ''
[  517.976494][ T8347] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  518.174331][ T8347] ext4 filesystem being mounted at /90/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  519.170104][ T4475] usb 7-1: config 0 descriptor??
[  519.186798][ T4475] usb 7-1: can't set config #0, error -71
[  519.193702][ T4475] usb 7-1: USB disconnect, device number 10
[  519.202612][ T4269] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  519.787109][ T8359] binder: 8356:8359 unknown command 0
[  519.792567][ T8359] binder: 8356:8359 ioctl c0306201 200000000080 returned -22
[  519.894432][ T8358] device veth0_vlan left promiscuous mode
[  519.902400][ T8358] device veth0_vlan entered promiscuous mode
[  520.159696][ T8364] loop6: detected capacity change from 0 to 512
[  520.268480][ T8364] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  520.299714][ T8364] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  520.318984][ T6077] EXT4-fs (loop5): unmounting filesystem.
[  521.491932][ T6731] EXT4-fs (loop6): unmounting filesystem.
[  523.484943][ T8391] loop4: detected capacity change from 0 to 1024
[  523.549601][ T8391] EXT4-fs: Ignoring removed orlov option
[  523.619533][ T8391] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  523.956727][ T4833] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  524.208650][ T8407] loop7: detected capacity change from 0 to 512
[  524.217935][ T8407] FAT-fs (loop7): Unrecognized mount option "noca" or missing value
[  524.288329][ T4833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  525.209396][ T4833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  527.217100][ T4833] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  527.226215][ T4833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.533821][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  527.588630][ T4833] usb 2-1: config 0 descriptor??
[  527.636869][ T4266] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  527.729629][ T4833] usb 2-1: can't set config #0, error -71
[  527.759680][ T4833] usb 2-1: USB disconnect, device number 24
[  528.081484][ T8416] binder: 8415:8416 unknown command 0
[  528.121357][ T8416] binder: 8415:8416 ioctl c0306201 200000000080 returned -22
[  528.222143][ T8416] binder: BINDER_SET_CONTEXT_MGR already set
[  528.322011][ T8416] binder: 8415:8416 ioctl 4018620d 200000000040 returned -16
[  528.422257][ T8426] loop6: detected capacity change from 0 to 256
[  528.429622][ T8426] exfat: Unknown parameter ''
[  529.446245][ T4266] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  531.738738][ T8435] device veth0_vlan left promiscuous mode
[  531.745299][ T8435] device veth0_vlan entered promiscuous mode
[  531.855389][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  532.010609][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  532.089828][ T8448] loop1: detected capacity change from 0 to 512
[  532.200347][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  532.238207][ T8448] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  532.291413][ T8448] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  533.081558][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  533.619199][ T8481] syz.5.1050[8481] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  533.619308][ T8481] syz.5.1050[8481] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  533.640377][ T8481] loop5: detected capacity change from 0 to 512
[  535.207907][ T8481] EXT4-fs (loop5): orphan cleanup on readonly fs
[  535.215275][ T8481] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1050: bad orphan inode 13
[  535.226365][ T8481] ext4_test_bit(bit=12, block=18) = 1
[  535.231940][ T8481] is_bad_inode(inode)=0
[  535.237058][ T8481] NEXT_ORPHAN(inode)=2130706432
[  535.241943][ T8481] max_ino=32
[  535.245173][ T8481] i_nlink=1
[  535.249336][ T8481] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  536.190757][ T8480] loop6: detected capacity change from 0 to 128
[  537.544325][ T6077] EXT4-fs (loop5): unmounting filesystem.
[  538.024383][ T8494] fuse: Bad value for 'fd'
[  539.027970][ T8487] loop5: detected capacity change from 0 to 512
[  539.035539][ T8487] FAT-fs (loop5): Unrecognized mount option "noca" or missing value
[  539.060990][ T8494] loop4: detected capacity change from 0 to 256
[  539.086789][ T4421] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  539.146130][ T8494] exfat: Deprecated parameter 'namecase'
[  539.176792][ T8494] exfat: Deprecated parameter 'namecase'
[  539.233086][ T8498] binder: 8497:8498 unknown command 0
[  539.240499][ T8494] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  539.278384][ T4421] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  539.294350][ T8498] binder: 8497:8498 ioctl c0306201 200000000080 returned -22
[  539.310911][ T4421] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  539.377205][ T4421] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  539.437289][ T4421] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.500241][ T4421] usb 8-1: config 0 descriptor??
[  539.756355][ T4421] usbhid 8-1:0.0: can't add hid device: -71
[  539.773131][ T4421] usbhid: probe of 8-1:0.0 failed with error -71
[  539.822191][ T4421] usb 8-1: USB disconnect, device number 3
[  541.850934][ T8524] loop7: detected capacity change from 0 to 32768
[  541.870494][ T8524] 
[  541.870494][ T8524]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  541.870494][ T8524] 
[  541.881617][ T8524] read_mapping_page failed!
[  541.886168][ T8524] diRead: read_metapage failed
[  542.085794][ T8531] loop5: detected capacity change from 0 to 512
[  542.235383][ T8531] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  542.280942][ T8531] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  543.366675][ T4674] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  543.415138][ T8549] usb usb1: usbfs: process 8549 (syz.4.1064) did not claim interface 0 before use
[  543.468489][ T6077] EXT4-fs (loop5): unmounting filesystem.
[  543.567465][ T8546] MPTCP: kernel_bind error, err=-98
[  543.576696][ T4674] usb 2-1: Using ep0 maxpacket: 32
[  543.665880][ T8549] loop4: detected capacity change from 0 to 16
[  543.673497][ T4674] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  543.723662][ T4674] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  543.788345][ T4674] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  543.889095][ T4674] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.108420][ T4421] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  544.136845][ T4674] usb 2-1: config 0 descriptor??
[  544.478074][ T8549] loop4: detected capacity change from 0 to 1024
[  544.566750][ T4421] usb 6-1: Using ep0 maxpacket: 8
[  544.573903][ T4421] usb 6-1: config 0 has an invalid interface number: 143 but max is 0
[  544.660271][ T4421] usb 6-1: config 0 has no interface number 0
[  544.724132][ T4674] magicmouse 0003:05AC:0265.0007: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.1-1/input0
[  544.738641][ T4421] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  544.754374][ T4421] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.786606][ T4674] magicmouse 0003:05AC:0265.0007: magicmouse input not registered
[  544.859599][ T4674] magicmouse: probe of 0003:05AC:0265.0007 failed with error -12
[  544.894474][ T4421] usb 6-1: config 0 descriptor??
[  544.975692][ T4674] usb 2-1: USB disconnect, device number 25
[  545.037364][ T4421] viperboard 6-1:0.143: version 0.00 found at bus 006 address 019
[  545.069859][ T8565] binder: 8564:8565 unknown command 0
[  545.092423][ T4421] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  545.095877][ T8565] binder: 8564:8565 ioctl c0306201 200000000080 returned -22
[  545.123577][ T8554] loop5: detected capacity change from 0 to 128
[  545.155769][ T4421] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  548.403888][ T4382] usb 6-1: USB disconnect, device number 19
[  548.529507][ T8566] fido_id[8566]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  548.616703][ T7681] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  548.878165][ T7681] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  548.996964][ T8579] loop7: detected capacity change from 0 to 128
[  549.174082][   T26] audit: type=1800 audit(1758342834.972:7): pid=8579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1071" name="file2" dev="loop7" ino=1048644 res=0 errno=0
[  550.642674][ T7681] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  550.699859][ T7681] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  550.748875][ T7681] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.772412][ T7681] usb 7-1: config 0 descriptor??
[  550.790499][ T7681] usb 7-1: can't set config #0, error -71
[  550.817923][ T7681] usb 7-1: USB disconnect, device number 11
[  550.848689][ T8092] kworker/u4:23: attempt to access beyond end of device
[  550.848689][ T8092] loop5: rw=1, sector=145, nr_sectors = 896 limit=128
[  550.863968][ T7454] hfsplus: b-tree write err: -5, ino 4
[  551.114615][ T8587] loop4: detected capacity change from 0 to 256
[  551.210617][ T8587] FAT-fs (loop4): Directory bread(block 64) failed
[  551.229624][ T8587] FAT-fs (loop4): Directory bread(block 65) failed
[  551.377005][ T8587] FAT-fs (loop4): Directory bread(block 66) failed
[  551.429468][ T8587] FAT-fs (loop4): Directory bread(block 67) failed
[  551.436166][ T8587] FAT-fs (loop4): Directory bread(block 68) failed
[  551.775464][ T8592] loop5: detected capacity change from 0 to 32768
[  552.458513][ T8587] FAT-fs (loop4): Directory bread(block 69) failed
[  552.473449][ T8592] 
[  552.473449][ T8592]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  552.473449][ T8592] 
[  552.485786][ T8592] read_mapping_page failed!
[  552.490448][ T8592] diRead: read_metapage failed
[  552.508765][ T8587] FAT-fs (loop4): Directory bread(block 70) failed
[  552.603196][ T8587] FAT-fs (loop4): Directory bread(block 71) failed
[  552.653088][ T8587] FAT-fs (loop4): Directory bread(block 72) failed
[  552.659968][ T4475] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  552.673777][ T8587] FAT-fs (loop4): Directory bread(block 73) failed
[  552.879671][ T4475] usb 7-1: config 1 interface 0 has no altsetting 0
[  552.892799][ T4475] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  552.972955][ T4475] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  553.011156][ T4475] usb 7-1: SerialNumber: syz
[  553.051574][ T8584] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  553.116770][ T4672] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  553.289566][ T8584] loop6: detected capacity change from 0 to 256
[  553.308702][ T4672] usb 5-1: config index 0 descriptor too short (expected 64575, got 68)
[  553.331214][ T4672] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  553.362646][ T4475] cdc_ether: probe of 7-1:1.0 failed with error -71
[  553.408219][ T4672] usb 5-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  553.410519][ T4475] usb 7-1: USB disconnect, device number 12
[  553.459105][ T4672] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  553.728935][ T4672] usb 5-1: config index 1 descriptor too short (expected 64575, got 68)
[  553.738944][ T4672] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  553.749459][ T4672] usb 5-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  553.760912][ T4672] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  554.596135][ T4672] usb 5-1: string descriptor 0 read error: -71
[  554.603057][ T4672] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  554.613998][ T4672] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.650588][ T4672] usb 5-1: can't set config #1, error -71
[  554.736337][ T4672] usb 5-1: USB disconnect, device number 34
[  554.875482][ T8619] binder: 8618:8619 unknown command 0
[  554.979277][ T8619] binder: 8618:8619 ioctl c0306201 200000000080 returned -22
[  555.183664][ T8622] syz.6.1080[8622] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  555.183771][ T8622] syz.6.1080[8622] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  555.197786][ T8622] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1080'.
[  556.844172][ T8626] loop4: detected capacity change from 0 to 1024
[  556.977025][ T8626] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  557.014575][ T8626] ext4 filesystem being mounted at /240/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  557.412389][ T8631] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 3: comm syz.4.1082: lblock 3 mapped to illegal pblock 3 (length 3)
[  557.471360][ T8631] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  557.484341][ T8631] EXT4-fs (loop4): This should not happen!! Data will be lost
[  557.484341][ T8631] 
[  558.755484][ T4417] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:9: lblock 8 mapped to illegal pblock 8 (length 8)
[  558.830610][ T4417] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  558.907415][ T4417] EXT4-fs (loop4): This should not happen!! Data will be lost
[  558.907415][ T4417] 
[  558.955819][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  560.220227][ T8639] loop1: detected capacity change from 0 to 32768
[  560.228055][ T4676] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  560.261430][ T8639] 
[  560.261430][ T8639]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  560.261430][ T8639] 
[  560.273317][ T8639] read_mapping_page failed!
[  560.277962][ T8639] diRead: read_metapage failed
[  560.402705][ T4324] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  560.422907][ T4676] usb 6-1: Using ep0 maxpacket: 8
[  560.434317][ T4676] usb 6-1: config 0 has an invalid interface number: 143 but max is 0
[  560.586710][ T4324] usb 5-1: Using ep0 maxpacket: 8
[  560.604592][ T4324] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[  560.633026][ T4676] usb 6-1: config 0 has no interface number 0
[  560.639407][ T4676] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  560.644938][ T4324] usb 5-1: config 0 has no interface number 0
[  560.648739][ T4676] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.665042][ T4676] usb 6-1: config 0 descriptor??
[  560.699182][ T4324] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  560.712947][ T4324] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.338976][ T4676] viperboard 6-1:0.143: version 0.00 found at bus 006 address 020
[  562.499988][ T8645] syz.7.1087 (8645) used greatest stack depth: 17888 bytes left
[  562.551796][ T8647] overlayfs: missing 'lowerdir'
[  562.654642][ T4324] usb 5-1: config 0 descriptor??
[  562.670598][ T8649] loop5: detected capacity change from 0 to 128
[  563.635534][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  563.642395][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  564.047036][ T4676] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  564.056133][ T4676] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  564.105884][ T4324] usb 5-1: can't set config #0, error -71
[  564.133359][ T4324] usb 5-1: USB disconnect, device number 35
[  564.359646][ T4676] usb 6-1: USB disconnect, device number 20
[  565.192759][ T5673] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  566.469344][ T8667] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1093'.
[  566.636633][ T4676] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  566.830488][ T4676] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  566.851943][ T4676] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.878803][ T4676] usb 6-1: Product: syz
[  566.909592][ T4676] usb 6-1: Manufacturer: syz
[  566.920395][ T4676] usb 6-1: SerialNumber: syz
[  566.934627][ T4676] r8152-cfgselector 6-1: config 0 descriptor??
[  567.003485][ T8678] loop1: detected capacity change from 0 to 1024
[  567.041572][ T8678] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  567.050980][ T8678] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  567.431223][ T8683] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 3: comm syz.1.1095: lblock 3 mapped to illegal pblock 3 (length 3)
[  567.512562][ T8683] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  567.525295][ T8683] EXT4-fs (loop1): This should not happen!! Data will be lost
[  567.525295][ T8683] 
[  568.009102][ T4676] r8152-cfgselector 6-1: Unknown version 0x0000
[  568.037523][ T4676] r8152-cfgselector 6-1: USB disconnect, device number 21
[  569.057125][   T32] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:2: lblock 8 mapped to illegal pblock 8 (length 8)
[  569.098732][   T32] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  569.186758][   T32] EXT4-fs (loop1): This should not happen!! Data will be lost
[  569.186758][   T32] 
[  569.323524][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  569.700536][ T8692] loop5: detected capacity change from 0 to 512
[  572.737097][ T8692] EXT4-fs: failed to create workqueue
[  572.742704][ T8692] EXT4-fs (loop5): mount failed
[  573.286709][ T4393] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  573.456819][ T4672] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  573.527044][ T4393] usb 5-1: Using ep0 maxpacket: 32
[  573.570466][ T4393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.781595][ T4393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  573.796865][ T4672] usb 8-1: Using ep0 maxpacket: 8
[  573.867481][ T4672] usb 8-1: config 0 has an invalid interface number: 143 but max is 0
[  573.909883][ T4672] usb 8-1: config 0 has no interface number 0
[  573.916123][ T4393] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  573.934582][ T4672] usb 8-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  573.959978][ T4393] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.988540][ T4672] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.015721][ T4393] usb 5-1: config 0 descriptor??
[  574.075047][ T4393] hub 5-1:0.0: USB hub found
[  574.091445][ T4672] usb 8-1: config 0 descriptor??
[  574.347902][ T4672] viperboard 8-1:0.143: version 0.00 found at bus 008 address 004
[  574.363605][ T8702] loop7: detected capacity change from 0 to 128
[  574.372042][ T4393] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  574.416824][ T4672] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  574.426119][ T4672] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  574.623949][ T4393] usbhid 5-1:0.0: can't add hid device: -71
[  575.793129][ T4393] usbhid: probe of 5-1:0.0 failed with error -71
[  576.570243][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  576.636094][ T4282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  577.123299][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  577.481441][ T4282] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  577.489302][ T4282] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  577.499126][ T4284] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  578.468010][ T4421] usb 8-1: USB disconnect, device number 4
[  579.007421][ T4393] usb 5-1: USB disconnect, device number 36
[  579.138468][   T46] kworker/u4:3: attempt to access beyond end of device
[  579.138468][   T46] loop7: rw=1, sector=145, nr_sectors = 896 limit=128
[  579.341729][ T8727] loop1: detected capacity change from 0 to 1024
[  579.471673][ T8727] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  579.489456][ T8727] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  579.546796][ T4280] Bluetooth: hci2: command 0x0409 tx timeout
[  580.084171][ T8738] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 3: comm syz.1.1108: lblock 3 mapped to illegal pblock 3 (length 3)
[  581.628824][ T4280] Bluetooth: hci2: command 0x041b tx timeout
[  581.636992][ T8738] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  581.649419][ T8738] EXT4-fs (loop1): This should not happen!! Data will be lost
[  581.649419][ T8738] 
[  581.831198][ T4830] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:15: lblock 8 mapped to illegal pblock 8 (length 8)
[  581.897418][ T4830] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  582.022495][ T4830] EXT4-fs (loop1): This should not happen!! Data will be lost
[  582.022495][ T4830] 
[  582.065225][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  582.202290][ T8716] chnl_net:caif_netlink_parms(): no params data found
[  582.451457][ T8753] loop1: detected capacity change from 0 to 1024
[  582.477686][ T8753] EXT4-fs: Ignoring removed i_version option
[  582.656730][ T8753] EXT4-fs: inline encryption not supported
[  583.334749][ T8753] EXT4-fs (loop1): Test dummy encryption mode enabled
[  583.405592][ T8716] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.507065][ T8716] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.522910][ T8716] device bridge_slave_0 entered promiscuous mode
[  583.532838][ T8716] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.537422][ T8753] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  583.540811][ T8716] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.557607][ T8716] device bridge_slave_1 entered promiscuous mode
[  583.591564][ T8716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  583.604293][ T8716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  583.706768][ T4280] Bluetooth: hci2: command 0x040f tx timeout
[  583.734305][ T8716] team0: Port device team_slave_0 added
[  584.453547][ T8773] loop4: detected capacity change from 0 to 512
[  584.466477][ T8773] ext4: Unknown parameter 'dont_appraise'
[  585.058904][ T4266] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  585.070010][ T8753] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  585.283694][ T8716] team0: Port device team_slave_1 added
[  585.348674][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  586.547874][ T4280] Bluetooth: hci2: command 0x0419 tx timeout
[  586.698350][ T8793] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1119'.
[  586.803454][ T8793] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1119'.
[  586.867662][ T8786] netlink: 'syz.5.1117': attribute type 3 has an invalid length.
[  586.879303][ T8786] netlink: 'syz.5.1117': attribute type 3 has an invalid length.
[  587.088227][ T8716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  587.095255][ T8716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.164531][ T8716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  587.191371][ T8716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  587.204208][ T8716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.321639][ T8716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  587.361524][ T8716] device hsr_slave_0 entered promiscuous mode
[  587.390243][ T8716] device hsr_slave_1 entered promiscuous mode
[  587.402400][ T8808] loop1: detected capacity change from 0 to 128
[  587.483447][ T8811] loop5: detected capacity change from 0 to 512
[  587.500428][ T8811] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  588.539477][ T8811] EXT4-fs (loop5): 1 truncate cleaned up
[  588.545231][ T8811] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  588.865449][ T6077] EXT4-fs (loop5): unmounting filesystem.
[  590.001888][ T8825] loop1: detected capacity change from 0 to 512
[  590.010590][ T8825] ext4: Unknown parameter 'dont_appraise'
[  591.177280][ T4269] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  591.646127][ T8841] loop5: detected capacity change from 0 to 512
[  591.653697][ T8841] FAT-fs (loop5): Unrecognized mount option "noca" or missing value
[  593.680285][ T4269] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  594.670332][ T8834] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  596.276670][   T32] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.038323][ T8716] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  597.271232][   T32] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.285519][ T8863] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1135'.
[  597.340015][ T8716] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  597.352696][ T8865] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1135'.
[  597.368206][ T8716] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  597.391099][ T8716] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  597.507242][   T32] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.776888][ T8882] loop4: detected capacity change from 0 to 512
[  597.874999][ T8882] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  598.495982][ T8882] EXT4-fs (loop4): 1 truncate cleaned up
[  598.502095][ T8882] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  598.632614][   T32] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.007693][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  599.197554][ T8716] 8021q: adding VLAN 0 to HW filter on device bond0
[  599.289387][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  599.301199][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  599.348455][ T8716] 8021q: adding VLAN 0 to HW filter on device team0
[  599.398940][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  599.433915][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  599.454866][ T7292] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.462022][ T7292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  599.577738][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  599.634276][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  599.692193][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  599.727526][ T7292] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.734675][ T7292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  599.771760][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  599.827038][   T32] tipc: Left network mode
[  599.865037][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  600.889839][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  600.919713][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  600.945646][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  601.000693][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  601.013878][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  601.192779][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  601.212296][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  601.305320][ T8716] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  601.337097][ T8922] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1147'.
[  601.368422][ T8716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  601.433462][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  601.459640][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  602.107273][ T4421] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  602.308379][ T4421] usb 2-1: config 0 has no interfaces?
[  602.316821][ T4421] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  602.354903][ T4421] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.363359][ T4421] usb 2-1: Product: syz
[  602.367825][ T4421] usb 2-1: Manufacturer: syz
[  602.375983][ T4421] usb 2-1: SerialNumber: syz
[  602.397727][ T4421] r8152-cfgselector 2-1: config 0 descriptor??
[  602.616723][ T4421] usbip-host 2-1: 2-1 is not in match_busid table... skip!
[  602.821952][ T7681] usb 2-1: USB disconnect, device number 26
[  603.225181][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  603.263945][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  603.376286][   T32] device hsr_slave_0 left promiscuous mode
[  603.404137][   T32] device hsr_slave_1 left promiscuous mode
[  603.556173][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  603.583514][   T32] batman_adv: batadv0: Removing interface: batadv_slave_0
[  603.628005][   T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  603.636468][   T32] batman_adv: batadv0: Removing interface: batadv_slave_1
[  603.686646][   T32] device bridge_slave_1 left promiscuous mode
[  603.704203][   T32] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.733077][ T8955] loop1: detected capacity change from 0 to 1024
[  603.746657][   T32] device bridge_slave_0 left promiscuous mode
[  603.763185][   T32] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.842488][ T8955] EXT4-fs: Ignoring removed orlov option
[  604.002642][ T8955] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  604.076697][    T7] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  604.946669][    T7] usb 5-1: Using ep0 maxpacket: 8
[  604.960267][ T8968] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.1.1153: corrupted in-inode xattr
[  604.976688][    T7] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[  605.003120][    T7] usb 5-1: config 0 has no interface number 0
[  605.018428][    T7] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  605.040650][ T8968] EXT4-fs (loop1): Remounting filesystem read-only
[  605.063046][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.090779][    T7] usb 5-1: config 0 descriptor??
[  605.117210][   T32] device veth1_macvtap left promiscuous mode
[  605.128111][   T32] device veth0_macvtap left promiscuous mode
[  605.160683][   T32] device veth1_vlan left promiscuous mode
[  605.194537][   T32] device veth0_vlan left promiscuous mode
[  605.217331][    T7] viperboard 5-1:0.143: version 0.00 found at bus 005 address 037
[  605.294111][    T7] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  605.318829][ T8956] loop4: detected capacity change from 0 to 128
[  605.355832][    T7] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  608.622401][ T4672] usb 5-1: USB disconnect, device number 37
[  608.719555][ T8175] kworker/u4:24: attempt to access beyond end of device
[  608.719555][ T8175] loop4: rw=1, sector=145, nr_sectors = 896 limit=128
[  608.849079][ T8987] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1160'.
[  608.979267][ T8987] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1160'.
[  609.903517][ T8993] usb usb1: usbfs: process 8993 (syz.4.1162) did not claim interface 0 before use
[  610.027946][ T8993] MPTCP: kernel_bind error, err=-98
[  610.299540][ T9008] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1165'.
[  610.318916][ T8997] loop4: detected capacity change from 0 to 1024
[  611.366603][   T32] team0 (unregistering): Port device team_slave_1 removed
[  611.572499][   T32] team0 (unregistering): Port device team_slave_0 removed
[  611.931692][   T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  612.191477][   T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  612.206073][ T7536] hfsplus: b-tree write err: -5, ino 4
[  612.501909][ T9028] loop7: detected capacity change from 0 to 512
[  612.646121][ T9028] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  612.679516][ T9028] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  612.866216][   T26] audit: type=1804 audit(1758342898.692:8): pid=9028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.1171" name="/newroot/76/file0/bus" dev="loop7" ino=18 res=1 errno=0
[  613.411417][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  613.624110][   T32] bond0 (unregistering): Released all slaves
[  613.737960][ T8716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.816653][ T4324] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  614.007094][ T4324] usb 8-1: Using ep0 maxpacket: 32
[  614.025746][ T4324] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  614.059148][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  614.064117][ T4324] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  614.116705][ T4324] usb 8-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  614.148526][ T4324] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.215766][ T4324] usb 8-1: config 0 descriptor??
[  615.301184][ T4324] magicmouse 0003:05AC:0265.0008: item fetching failed at offset 6/7
[  615.394980][ T4324] magicmouse 0003:05AC:0265.0008: magicmouse hid parse failed
[  615.403139][ T4324] magicmouse: probe of 0003:05AC:0265.0008 failed with error -22
[  615.406497][ T9059] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1176'.
[  615.542598][ T4324] usb 8-1: USB disconnect, device number 5
[  615.726581][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  615.767114][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  615.842629][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  615.872366][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  615.920117][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  615.937812][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  615.958746][ T8716] device veth0_vlan entered promiscuous mode
[  616.007931][ T8716] device veth1_vlan entered promiscuous mode
[  616.032006][ T9072] fuse: Bad value for 'fd'
[  616.158015][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  616.180773][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  616.227392][ T8716] device veth0_macvtap entered promiscuous mode
[  616.279943][ T8716] device veth1_macvtap entered promiscuous mode
[  616.321572][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.342081][ T9080] loop5: detected capacity change from 0 to 1024
[  616.350282][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.370286][ T9080] EXT4-fs: Ignoring removed orlov option
[  616.416629][ T4833] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  616.426927][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.481742][ T9080] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  616.496558][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.506424][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.541962][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.552109][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.563018][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.573634][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  616.584977][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.598584][ T8716] batman_adv: batadv0: Interface activated: batadv_slave_0
[  616.619616][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  616.627576][ T4833] usb 2-1: Using ep0 maxpacket: 8
[  616.642153][ T4833] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  616.670306][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  616.682927][ T4833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.695706][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  616.710875][ T4833] usb 2-1: Product: syz
[  616.715447][ T4833] usb 2-1: Manufacturer: syz
[  616.725096][ T4833] usb 2-1: SerialNumber: syz
[  616.738091][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  616.781396][ T9093] EXT4-fs error (device loop5): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.5.1182: corrupted in-inode xattr
[  616.805887][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.816598][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.817812][ T4833] usb 2-1: config 0 descriptor??
[  616.827620][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.843206][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.853424][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.868420][ T9093] EXT4-fs (loop5): Remounting filesystem read-only
[  616.887054][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.062840][ T9096] loop7: detected capacity change from 0 to 512
[  617.074958][ T9096] FAT-fs (loop7): Unrecognized mount option "noca" or missing value
[  617.158352][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.318813][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.446275][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  617.576279][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  617.732983][ T8716] batman_adv: batadv0: Interface activated: batadv_slave_1
[  618.302776][ T9085] device syzkaller0 entered promiscuous mode
[  618.317544][ T4266] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  619.292987][ T4833] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  619.303490][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  619.333049][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  619.382598][ T8716] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  619.411280][ T8716] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  619.459557][ T8716] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  619.499156][ T8716] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  619.835503][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.857808][ T4833] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71
[  619.904845][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.928766][ T4833] usb 2-1: USB disconnect, device number 27
[  620.077533][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  620.102960][ T6077] EXT4-fs (loop5): unmounting filesystem.
[  621.296376][ T9118] fuse: Bad value for 'fd'
[  621.379301][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  621.482861][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.539010][ T4763] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  621.611746][ T9120] loop5: detected capacity change from 0 to 1024
[  621.624583][ T9123] fuse: Bad value for 'fd'
[  621.761189][ T9120] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  621.841873][ T9120] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  622.266796][ T7681] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  622.958410][ T9138] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: block 3: comm syz.5.1187: lblock 3 mapped to illegal pblock 3 (length 3)
[  624.274436][ T9138] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  624.275810][ T7681] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  624.288139][ T9138] EXT4-fs (loop5): This should not happen!! Data will be lost
[  624.288139][ T9138] 
[  624.311574][ T9132] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1191'.
[  624.381198][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  624.387724][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  624.524807][ T7681] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  624.542034][ T9140] loop8: detected capacity change from 0 to 128
[  624.583791][ T7681] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  624.766344][ T7681] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  624.776010][ T7681] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.792332][ T4333] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:5: lblock 8 mapped to illegal pblock 8 (length 8)
[  624.810527][ T7681] usb 5-1: config 0 descriptor??
[  624.817848][ T7681] usb 5-1: can't set config #0, error -71
[  624.923674][ T9146] loop7: detected capacity change from 0 to 256
[  624.983293][ T9146] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  625.110622][ T7681] usb 5-1: USB disconnect, device number 38
[  626.700139][ T4333] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  626.767971][ T9151] device syzkaller0 entered promiscuous mode
[  626.818687][ T4333] EXT4-fs (loop5): This should not happen!! Data will be lost
[  626.818687][ T4333] 
[  626.860938][ T9154] loop1: detected capacity change from 0 to 1024
[  626.972047][ T9154] EXT4-fs: Ignoring removed orlov option
[  626.983823][ T6077] EXT4-fs (loop5): unmounting filesystem.
[  627.593283][ T9154] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  627.767753][ T9160] loop7: detected capacity change from 0 to 4096
[  627.880875][ T9171] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.1.1196: corrupted in-inode xattr
[  627.933264][ T9171] EXT4-fs (loop1): Remounting filesystem read-only
[  627.976065][ T9160] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  628.302491][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  628.674477][ T9190] loop1: detected capacity change from 0 to 256
[  628.728096][ T9193] loop8: detected capacity change from 0 to 512
[  628.781259][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  628.860391][ T9193] EXT4-fs: Ignoring removed nobh option
[  628.866133][ T9193] EXT4-fs: Ignoring removed i_version option
[  628.881309][ T9193] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  628.962998][ T9193] EXT4-fs (loop8): 1 truncate cleaned up
[  628.987849][ T9193] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  629.640280][ T8716] EXT4-fs error (device loop8): ext4_xattr_ibody_find:2195: inode #15: comm syz-executor: corrupted in-inode xattr
[  629.717644][ T8716] EXT4-fs (loop8): Remounting filesystem read-only
[  629.742900][ T8716] EXT4-fs warning (device loop8): ext4_xattr_set_entry:1732: inode #15: comm syz-executor: unable to update i_inline_off
[  630.141083][ T4333] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  630.594862][ T8716] EXT4-fs (loop8): unmounting filesystem.
[  630.651746][ T4333] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  630.799788][ T9208] loop7: detected capacity change from 0 to 512
[  630.873460][ T4333] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  630.924207][ T9208] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2
[  630.946632][ T9208] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -2
[  631.006251][ T9208] EXT4-fs (loop7): 1 truncate cleaned up
[  631.067399][ T9208] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  631.124592][ T4333] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.187710][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  632.771838][ T9224] loop7: detected capacity change from 0 to 1024
[  632.779339][ T9224] EXT4-fs: Ignoring removed nomblk_io_submit option
[  632.786039][ T9224] EXT4-fs: Ignoring removed nobh option
[  635.301823][ T4333] tipc: Left network mode
[  635.330833][ T9224] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  635.827669][ T9224] EXT4-fs: error -4 creating inode table initialization thread
[  635.835578][ T9224] EXT4-fs (loop7): mount failed
[  636.146688][ T4266] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  636.186090][ T4284] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  636.198026][ T4284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  636.209186][ T4284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  636.219805][ T4284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  636.241376][ T4282] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  636.248861][ T4282] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  636.498231][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  636.511352][ T4282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  636.522187][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  636.531981][ T4282] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  636.542611][ T4282] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  636.569100][ T4282] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  637.458064][ T9258] loop4: detected capacity change from 0 to 512
[  637.499430][ T9258] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  637.660950][ T9233] chnl_net:caif_netlink_parms(): no params data found
[  637.687243][ T9258] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  637.696257][ T9258] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  637.954865][ T9242] chnl_net:caif_netlink_parms(): no params data found
[  638.348640][ T4282] Bluetooth: hci0: command 0x0409 tx timeout
[  638.598333][ T4280] Bluetooth: hci2: command 0x0409 tx timeout
[  639.094331][ T9276] loop1: detected capacity change from 0 to 256
[  639.153390][ T9276] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  639.363813][   T26] audit: type=1800 audit(1758342925.192:9): pid=9273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1219" name="file1" dev="overlay" ino=15 res=0 errno=0
[  639.585317][ T4333] device hsr_slave_0 left promiscuous mode
[  639.606767][ T4333] device hsr_slave_1 left promiscuous mode
[  639.613599][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  639.636607][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  639.644641][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  639.666824][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  639.675497][ T4333] device bridge_slave_1 left promiscuous mode
[  639.696726][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.706139][ T4333] device bridge_slave_0 left promiscuous mode
[  639.726955][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.882280][ T4333] device veth1_macvtap left promiscuous mode
[  639.895450][ T4333] device veth0_macvtap left promiscuous mode
[  639.917403][ T4333] device veth1_vlan left promiscuous mode
[  640.500148][ T9287] loop7: detected capacity change from 0 to 256
[  640.517290][ T4280] Bluetooth: hci0: command 0x041b tx timeout
[  640.569635][ T9287] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x368b264c, utbl_chksum : 0xe619d30d)
[  640.666734][ T4282] Bluetooth: hci2: command 0x041b tx timeout
[  642.586779][ T4282] Bluetooth: hci0: command 0x040f tx timeout
[  642.747666][ T4282] Bluetooth: hci2: command 0x040f tx timeout
[  642.780997][ T9287] exFAT-fs (loop7): IO charset B not found
[  643.370109][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  644.677014][ T4282] Bluetooth: hci0: command 0x0419 tx timeout
[  644.827904][ T4282] Bluetooth: hci2: command 0x0419 tx timeout
[  645.085244][ T4333] team0 (unregistering): Port device team_slave_1 removed
[  645.193895][ T4333] team0 (unregistering): Port device team_slave_0 removed
[  645.241643][ T4833] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  645.263868][ T4333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  645.322638][ T4333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  645.432402][ T4833] usb 8-1: Using ep0 maxpacket: 8
[  645.439577][ T4833] usb 8-1: config 0 has an invalid interface number: 143 but max is 0
[  645.448348][ T4833] usb 8-1: config 0 has no interface number 0
[  645.454511][ T4833] usb 8-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  645.464120][ T4833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.477034][ T4833] usb 8-1: config 0 descriptor??
[  645.588183][ T4833] viperboard 8-1:0.143: version 0.00 found at bus 008 address 006
[  645.606847][ T4833] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  645.615597][ T4833] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  645.732045][ T9301] loop7: detected capacity change from 0 to 128
[  647.409580][ T4333] bond0 (unregistering): Released all slaves
[  647.728674][ T9233] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.741373][ T9233] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.808756][ T9233] device bridge_slave_0 entered promiscuous mode
[  647.922372][ T9283] bridge0: port 3(vlan2) entered blocking state
[  647.951520][ T9283] bridge0: port 3(vlan2) entered disabled state
[  648.039032][ T9233] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.066766][ T9233] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.075108][ T9233] device bridge_slave_1 entered promiscuous mode
[  648.083938][ T8651] usb 8-1: USB disconnect, device number 6
[  648.108435][ T9242] bridge0: port 1(bridge_slave_0) entered blocking state
[  648.115561][ T9242] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.138512][ T9242] device bridge_slave_0 entered promiscuous mode
[  648.147900][ T7536] kworker/u4:20: attempt to access beyond end of device
[  648.147900][ T7536] loop7: rw=1, sector=145, nr_sectors = 896 limit=128
[  648.183824][ T9242] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.191201][ T9242] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.227027][ T9242] device bridge_slave_1 entered promiscuous mode
[  648.442919][ T9242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  648.476039][ T9233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  648.589049][ T9311] loop1: detected capacity change from 0 to 1024
[  648.716639][ T9242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  648.918686][ T9233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  648.934048][ T9311] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  649.071567][ T9311] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  649.712594][ T9323] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 3: comm syz.1.1232: lblock 3 mapped to illegal pblock 3 (length 3)
[  649.744245][ T9323] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  649.757030][ T9323] EXT4-fs (loop1): This should not happen!! Data will be lost
[  649.757030][ T9323] 
[  650.021172][ T9242] team0: Port device team_slave_0 added
[  650.079257][ T9233] team0: Port device team_slave_0 added
[  650.170417][ T9242] team0: Port device team_slave_1 added
[  650.211908][ T9233] team0: Port device team_slave_1 added
[  650.468865][ T9242] batman_adv: batadv0: Adding interface: batadv_slave_0
[  650.476957][ T9242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.645268][ T9242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  650.713206][ T9233] batman_adv: batadv0: Adding interface: batadv_slave_0
[  650.737658][ T9233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.823926][ T9233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  650.866672][ T9242] batman_adv: batadv0: Adding interface: batadv_slave_1
[  650.873725][ T9242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  651.076524][ T9242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  651.147324][ T9233] batman_adv: batadv0: Adding interface: batadv_slave_1
[  651.164908][ T9233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  651.337425][ T9233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  651.427300][ T7463] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:19: lblock 8 mapped to illegal pblock 8 (length 8)
[  651.486801][ T7463] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  651.516819][ T7463] EXT4-fs (loop1): This should not happen!! Data will be lost
[  651.516819][ T7463] 
[  651.534003][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  651.675309][ T9335] loop4: detected capacity change from 0 to 512
[  651.703529][ T9320] loop7: detected capacity change from 0 to 40427
[  651.727630][ T9335] EXT4-fs (loop4): Test dummy encryption mode enabled
[  651.734554][ T9335] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  651.758614][ T9320] F2FS-fs (loop7): invalid crc value
[  651.763660][ T9242] device hsr_slave_0 entered promiscuous mode
[  651.813300][ T9320] F2FS-fs (loop7): Found nat_bits in checkpoint
[  651.820747][ T9335] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.1235: bad orphan inode 131083
[  651.860424][ T9335] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  651.875659][ T9242] device hsr_slave_1 entered promiscuous mode
[  651.949992][ T9242] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  651.979079][ T9242] Cannot create hsr debugfs directory
[  652.037356][ T9233] device hsr_slave_0 entered promiscuous mode
[  652.072223][ T9233] device hsr_slave_1 entered promiscuous mode
[  652.161694][ T9346] loop1: detected capacity change from 0 to 256
[  652.215709][ T9346] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  652.403141][ T9233] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  652.500508][ T9233] Cannot create hsr debugfs directory
[  653.918732][ T9335] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  654.157407][ T4333] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.200608][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  654.273007][ T9355] loop7: detected capacity change from 0 to 512
[  654.381382][ T9359] loop4: detected capacity change from 0 to 512
[  654.390355][ T9359] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  654.410190][ T9355] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  654.457020][ T9359] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.1238: bad orphan inode 131083
[  654.508122][ T9355] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  654.560992][ T9359] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  654.571128][ T9355] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  654.597429][ T4333] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.664607][   T14] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  654.767646][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  654.856739][   T14] usb 2-1: Using ep0 maxpacket: 8
[  654.864426][   T14] usb 2-1: config 0 has an invalid interface number: 143 but max is 0
[  654.881184][ T4333] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.931770][ T9233] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  654.963281][   T14] usb 2-1: config 0 has no interface number 0
[  655.666811][   T14] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  655.675928][   T14] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.719000][ T9233] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  655.728343][   T14] usb 2-1: config 0 descriptor??
[  655.856360][ T4333] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.951870][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  655.965885][ T9358] loop1: detected capacity change from 0 to 128
[  655.987628][   T14] viperboard 2-1:0.143: version 0.00 found at bus 002 address 028
[  656.035713][   T14] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  656.080114][   T14] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  656.596103][   T56] kworker/u4:4: attempt to access beyond end of device
[  656.596103][   T56] loop1: rw=1048577, sector=145, nr_sectors = 896 limit=128
[  657.643625][ T9233] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  657.844852][ T9233] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  659.246004][ T4833] usb 2-1: USB disconnect, device number 28
[  659.631176][ T9389] loop7: detected capacity change from 0 to 512
[  659.641754][ T9389] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  659.816666][ T9389] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  659.826849][ T9389] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  660.441537][ T9233] 8021q: adding VLAN 0 to HW filter on device bond0
[  660.475278][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  660.489053][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  660.512406][ T9233] 8021q: adding VLAN 0 to HW filter on device team0
[  660.535438][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  660.551437][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  660.637879][ T7463] bridge0: port 1(bridge_slave_0) entered blocking state
[  660.645037][ T7463] bridge0: port 1(bridge_slave_0) entered forwarding state
[  660.685111][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  660.718284][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  660.758757][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  660.793472][ T7463] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.800704][ T7463] bridge0: port 2(bridge_slave_1) entered forwarding state
[  660.809206][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  660.850989][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  660.868586][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  660.897057][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  660.926683][ T9416] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  660.971994][ T9417] tipc: Resetting bearer <eth:syzkaller0>
[  660.991593][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  661.002112][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  661.019891][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  661.064770][ T9415] tipc: Disabling bearer <eth:syzkaller0>
[  661.082897][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  661.113406][ T7463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  661.140894][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  661.147361][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  661.155882][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  662.362503][ T9433] loop1: detected capacity change from 0 to 256
[  662.553304][ T9433] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  664.106593][ T4674] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  664.306794][ T4674] usb 5-1: Using ep0 maxpacket: 8
[  664.313760][ T4674] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[  664.346678][ T4674] usb 5-1: config 0 has no interface number 0
[  664.352851][ T4674] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  664.433432][ T4674] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.474611][ T4674] usb 5-1: config 0 descriptor??
[  664.637482][ T4674] viperboard 5-1:0.143: version 0.00 found at bus 005 address 039
[  664.730806][ T4674] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  664.786726][ T4674] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  664.803819][ T9458] loop4: detected capacity change from 0 to 128
[  668.089216][ T7681] usb 5-1: USB disconnect, device number 39
[  668.236701][ T4421] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  668.430379][ T4421] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  668.462777][ T4421] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  668.506601][ T4421] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  668.559800][ T4421] usb 2-1: string descriptor 0 read error: -71
[  668.577908][ T4421] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  668.622401][ T4421] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.637136][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  668.656857][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  668.665335][ T4421] usb 2-1: can't set config #1, error -71
[  668.705935][ T4421] usb 2-1: USB disconnect, device number 29
[  668.727382][   T11] kworker/u4:1: attempt to access beyond end of device
[  668.727382][   T11] loop4: rw=1, sector=145, nr_sectors = 896 limit=128
[  668.918969][ T9475] loop1: detected capacity change from 0 to 512
[  668.975593][ T9233] 8021q: adding VLAN 0 to HW filter on device batadv0
[  669.007584][ T9475] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  669.108506][ T9475] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.1257: bad orphan inode 131083
[  669.133096][ T9475] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  669.516046][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  669.549882][ T9491] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1258'.
[  671.394839][ T9242] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  671.447907][ T9242] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  671.596123][ T9504] loop1: detected capacity change from 0 to 256
[  671.637514][ T9242] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  671.652474][ T9504] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x0000000a, checksum : 0x1119abd0)
[  671.737358][ T9504] exFAT-fs (loop1): invalid boot region
[  671.784413][ T9504] exFAT-fs (loop1): failed to recognize exfat type
[  671.795052][ T9242] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  672.143399][ T9522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1263'.
[  672.287524][    T7] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  672.301850][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  672.319011][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  672.476579][    T7] usb 2-1: Using ep0 maxpacket: 8
[  672.486447][    T7] usb 2-1: config 0 has an invalid interface number: 143 but max is 0
[  672.506803][    T7] usb 2-1: config 0 has no interface number 0
[  672.515938][    T7] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  672.555951][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.588343][    T7] usb 2-1: config 0 descriptor??
[  672.719755][    T7] viperboard 2-1:0.143: version 0.00 found at bus 002 address 030
[  672.751510][    T7] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  672.773894][ T9233] device veth0_vlan entered promiscuous mode
[  672.800754][    T7] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  672.804896][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  672.825309][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  672.893144][ T9233] device veth1_vlan entered promiscuous mode
[  672.901572][ T9536] loop1: detected capacity change from 0 to 128
[  672.941520][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  672.959043][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  672.999202][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  673.942816][ T9242] 8021q: adding VLAN 0 to HW filter on device bond0
[  674.226137][ T4333] device hsr_slave_0 left promiscuous mode
[  674.335767][ T4333] device hsr_slave_1 left promiscuous mode
[  674.427033][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  674.459494][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  674.557422][ T4333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  674.632252][ T4333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  674.712496][ T4333] device bridge_slave_1 left promiscuous mode
[  674.788981][ T4333] bridge0: port 2(bridge_slave_1) entered disabled state
[  674.888749][ T4333] device bridge_slave_0 left promiscuous mode
[  674.949920][ T4333] bridge0: port 1(bridge_slave_0) entered disabled state
[  675.443924][ T4333] device veth1_macvtap left promiscuous mode
[  675.489752][ T4333] device veth0_macvtap left promiscuous mode
[  675.542775][ T4333] device veth1_vlan left promiscuous mode
[  675.594833][ T4333] device veth0_vlan left promiscuous mode
[  676.062556][ T4674] usb 2-1: USB disconnect, device number 30
[  676.124901][ T4413] kworker/u4:8: attempt to access beyond end of device
[  676.124901][ T4413] loop1: rw=1, sector=145, nr_sectors = 896 limit=128
[  676.326179][ T9543] loop1: detected capacity change from 0 to 512
[  676.356863][ T9543] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  676.413895][ T9543] EXT4-fs (loop1): 1 truncate cleaned up
[  676.594521][ T9543] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  676.671029][ T9549] syz.7.1267[9549] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  676.671143][ T9549] syz.7.1267[9549] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  676.734160][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  677.230889][ T9554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1268'.
[  677.972155][ T4333] team0 (unregistering): Port device team_slave_1 removed
[  678.066319][ T4333] team0 (unregistering): Port device team_slave_0 removed
[  678.133910][ T4333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  678.194986][ T4333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  679.120260][ T4333] bond0 (unregistering): Released all slaves
[  679.264500][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1267'.
[  679.296143][ T9242] 8021q: adding VLAN 0 to HW filter on device team0
[  679.384146][ T9242] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  679.419499][ T9242] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  679.449827][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  679.460214][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  679.468946][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  679.480126][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  679.498530][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.505727][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  679.785852][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  679.910589][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  680.119921][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  680.127156][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  680.292791][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  680.301921][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  680.311039][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  680.342520][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  680.355923][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  680.388714][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  680.398028][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  680.416919][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  680.436278][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  680.465052][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  680.479706][ T9233] device veth0_macvtap entered promiscuous mode
[  680.614512][ T9233] device veth1_macvtap entered promiscuous mode
[  680.942803][ T9578] loop4: detected capacity change from 0 to 512
[  680.954373][ T9578] ext4: Unknown parameter 'dont_appraise'
[  681.458849][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  681.493438][ T4266] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  681.512555][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  681.540468][ T9581] loop1: detected capacity change from 0 to 4096
[  681.555338][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  681.599123][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  681.657267][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  681.733491][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  681.745781][ T9581] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  681.797995][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  681.891353][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  681.952365][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.013591][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.062222][ T9587] loop4: detected capacity change from 0 to 4096
[  682.075089][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.160117][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.256522][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.268577][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.307031][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.135313][ T9233] batman_adv: batadv0: Interface activated: batadv_slave_0
[  683.193600][ T9587] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  683.309774][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  683.395728][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.410696][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  683.426604][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.446803][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  683.466652][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.518836][ T9233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  683.736715][ T9233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.825493][ T9608] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1278'.
[  683.845965][ T9233] batman_adv: batadv0: Interface activated: batadv_slave_1
[  684.022338][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  684.064007][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  684.152127][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  684.352641][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  684.407563][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  684.437212][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  684.510230][ T9233] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  684.557979][ T9233] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  684.718859][ T9233] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  684.777826][ T9233] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  684.883043][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  684.968256][ T4413] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  685.653271][ T9242] 8021q: adding VLAN 0 to HW filter on device batadv0
[  685.790681][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  685.797080][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  685.997239][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  686.017037][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  686.081646][ T4473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.123543][ T4473] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.172408][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  686.198385][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  686.232232][ T9242] device veth0_vlan entered promiscuous mode
[  686.287241][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  686.306257][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.363033][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  686.380880][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.509686][ T9242] device veth1_vlan entered promiscuous mode
[  686.601416][ T9639] loop1: detected capacity change from 0 to 512
[  686.612660][ T9639] ext4: Unknown parameter 'dont_appraise'
[  686.936993][ T9636] netlink: 'syz.7.1282': attribute type 27 has an invalid length.
[  687.542516][ T9636] bridge0: port 3(gretap0) entered disabled state
[  687.569723][ T9649] loop1: detected capacity change from 0 to 512
[  687.664871][ T9649] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  687.673958][ T9649] ext4 filesystem being mounted at /267/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  688.808285][ T9657] loop4: detected capacity change from 0 to 512
[  688.847144][ T9657] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  688.856781][ T9657] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  688.971734][ T9636] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.979160][ T9636] bridge0: port 1(bridge_slave_0) entered disabled state
[  689.002053][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  689.055358][   T26] audit: type=1804 audit(1758342974.882:10): pid=9657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1286" name="/newroot/290/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  689.181719][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  689.408704][ T4421] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  689.602355][ T9666] loop4: detected capacity change from 0 to 256
[  689.687033][ T9666] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[  690.738559][ T4421] usb 2-1: config 0 interface 0 has no altsetting 0
[  690.745352][ T4421] usb 2-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00
[  690.755890][ T4421] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.144576][ T4280] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  691.163758][ T4280] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  691.172821][ T4280] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  691.181150][ T4280] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  691.189205][ T4280] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  691.196773][ T4280] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  691.370227][ T4421] usb 2-1: config 0 descriptor??
[  691.749264][ T9636] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  691.804894][ T4421] cypress 0003:04B4:ED81.0009: unknown main item tag 0x0
[  691.806619][ T4675] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  691.819770][ T4421] cypress 0003:04B4:ED81.0009: item fetching failed at offset 3/5
[  691.820410][ T4421] cypress 0003:04B4:ED81.0009: parse failed
[  691.846636][ T4421] cypress: probe of 0003:04B4:ED81.0009 failed with error -22
[  691.881706][ T9636] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  691.921912][ T4282] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  691.931831][ T4282] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  691.942432][ T4282] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  691.950657][ T4282] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  691.960436][ T4282] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  691.968070][ T4282] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  692.005998][ T4834] usb 2-1: USB disconnect, device number 31
[  692.026713][ T4675] usb 5-1: Using ep0 maxpacket: 8
[  692.034313][ T4675] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[  692.048619][ T4675] usb 5-1: config 0 has no interface number 0
[  692.054878][ T4675] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  692.064092][ T4675] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.087483][ T4675] usb 5-1: config 0 descriptor??
[  692.207107][ T4675] viperboard 5-1:0.143: version 0.00 found at bus 005 address 040
[  692.233705][ T4675] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  692.252416][ T4675] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  692.354136][ T9672] loop4: detected capacity change from 0 to 128
[  693.226705][ T4282] Bluetooth: hci5: command 0x0409 tx timeout
[  694.026850][ T4282] Bluetooth: hci6: command 0x0409 tx timeout
[  694.732183][ T4676] usb 5-1: USB disconnect, device number 40
[  694.754966][ T9636] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  694.771574][ T4615] kworker/u4:13: attempt to access beyond end of device
[  694.771574][ T4615] loop4: rw=1, sector=145, nr_sectors = 896 limit=128
[  694.776658][ T9636] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  694.806560][ T9636] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  694.815508][ T9636] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  694.935505][ T9681] overlayfs: failed to resolve './file1': -2
[  695.157097][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  695.165204][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  695.210843][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  695.242351][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  695.269656][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  695.306606][ T4282] Bluetooth: hci5: command 0x041b tx timeout
[  695.437836][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  695.546679][ T4676] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  695.726849][ T9694] loop1: detected capacity change from 0 to 512
[  695.738310][ T9694] ext4: Unknown parameter 'dont_appraise'
[  695.782911][ T4676] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.042509][ T4676] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  696.212899][ T4282] Bluetooth: hci6: command 0x041b tx timeout
[  696.285220][ T9642] bridge0: port 3(gretap0) entered blocking state
[  696.291882][ T9642] bridge0: port 3(gretap0) entered forwarding state
[  696.300104][ T4676] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  696.347384][ T9642] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  696.357285][ T9642] 8021q: adding VLAN 0 to HW filter on device bond0
[  696.365615][ T9642] 8021q: adding VLAN 0 to HW filter on device team0
[  696.372596][ T4676] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.388203][ T9642] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  696.402087][ T4676] usb 5-1: config 0 descriptor??
[  696.460174][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  697.396698][ T4282] Bluetooth: hci5: command 0x040f tx timeout
[  697.497072][ T4833] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  697.697906][ T4833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  697.721472][ T4833] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  697.743889][ T4830] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.746150][ T4833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.774261][ T4833] usb 2-1: config 0 descriptor??
[  697.869538][ T9668] chnl_net:caif_netlink_parms(): no params data found
[  697.994458][ T4830] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.032929][ T9673] chnl_net:caif_netlink_parms(): no params data found
[  698.158213][ T4830] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.180367][ T4676] usbhid 5-1:0.0: can't add hid device: -71
[  698.186419][ T4676] usbhid: probe of 5-1:0.0 failed with error -71
[  698.203339][ T4833] lenovo 0003:17EF:6047.000A: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[  698.219653][ T4676] usb 5-1: USB disconnect, device number 41
[  698.268115][ T4284] Bluetooth: hci6: command 0x040f tx timeout
[  698.341755][ T4830] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.493764][ T9728] loop4: detected capacity change from 0 to 512
[  698.519280][ T9728] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  698.607815][ T9668] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.626566][ T9668] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.650165][ T9668] device bridge_slave_0 entered promiscuous mode
[  698.679652][ T9728] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  698.689034][ T9668] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.696178][ T9668] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.705232][ T9668] device bridge_slave_1 entered promiscuous mode
[  698.719848][ T9728] ext4 filesystem being mounted at /296/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  698.784624][ T9673] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.796660][ T9673] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.816658][ T4833] lenovo 0003:17EF:6047.000A: Fn-lock setting failed: -71
[  698.829954][ T9673] device bridge_slave_0 entered promiscuous mode
[  698.834724][ T4833] lenovo 0003:17EF:6047.000A: Sensitivity setting failed: -71
[  698.875345][ T4833] usb 2-1: USB disconnect, device number 32
[  698.934388][ T9673] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.962022][ T9673] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.987949][ T9673] device bridge_slave_1 entered promiscuous mode
[  699.372524][ T9668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.476625][ T4284] Bluetooth: hci5: command 0x0419 tx timeout
[  699.556257][ T9738] fido_id[9738]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  699.575888][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  699.739640][ T9668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  699.885065][ T9673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  700.130397][ T9756] loop1: detected capacity change from 0 to 512
[  700.146063][ T9756] ext4: Unknown parameter 'dont_appraise'
[  700.659369][ T4284] Bluetooth: hci6: command 0x0419 tx timeout
[  700.669085][ T9673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  700.700768][ T4266] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  700.791190][ T9668] team0: Port device team_slave_0 added
[  700.929227][ T9668] team0: Port device team_slave_1 added
[  701.005835][ T9763] loop7: detected capacity change from 0 to 512
[  701.013322][ T9763] FAT-fs (loop7): Unrecognized mount option "noca" or missing value
[  701.430605][ T9673] team0: Port device team_slave_0 added
[  702.209237][ T9673] team0: Port device team_slave_1 added
[  703.722975][ T9668] batman_adv: batadv0: Adding interface: batadv_slave_0
[  703.901709][ T9668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.073180][ T9668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  704.319608][ T9673] batman_adv: batadv0: Adding interface: batadv_slave_0
[  704.346176][ T9673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.457270][ T9673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  704.498041][ T9668] batman_adv: batadv0: Adding interface: batadv_slave_1
[  704.506033][ T9668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.593504][ T9668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  704.619401][ T9773] loop1: detected capacity change from 0 to 256
[  704.626709][ T9773] exfat: Unknown parameter ''
[  704.689918][ T4266] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  704.746716][ T4672] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  704.934463][ T9673] batman_adv: batadv0: Adding interface: batadv_slave_1
[  704.944902][ T9673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.980376][ T4672] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  705.016021][ T4672] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  705.057191][ T4672] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  705.083752][ T4672] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.095705][ T9673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  705.132713][ T4672] usb 8-1: config 0 descriptor??
[  705.212731][ T9779] device veth0_vlan left promiscuous mode
[  705.220858][ T9779] device veth0_vlan entered promiscuous mode
[  705.648890][ T9668] device hsr_slave_0 entered promiscuous mode
[  705.669832][ T9668] device hsr_slave_1 entered promiscuous mode
[  705.756307][ T9791] loop1: detected capacity change from 0 to 128
[  705.836193][ T9791] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  705.879483][ T9791] ext4 filesystem being mounted at /278/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  706.081951][ T9673] device hsr_slave_0 entered promiscuous mode
[  706.111464][ T9673] device hsr_slave_1 entered promiscuous mode
[  706.148806][ T9673] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  706.179820][ T9673] Cannot create hsr debugfs directory
[  706.306628][ T7681] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  706.551532][ T7681] usb 2-1: config 1 has an invalid descriptor of length 31, skipping remainder of the config
[  706.581523][ T7681] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  706.637095][ T7681] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  706.709191][ T7681] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  706.749270][ T7681] usb 2-1: SerialNumber: syz
[  706.869482][ T4672] usbhid 8-1:0.0: can't add hid device: -71
[  706.875579][ T4672] usbhid: probe of 8-1:0.0 failed with error -71
[  706.934886][ T4672] usb 8-1: USB disconnect, device number 7
[  707.016094][ T7681] usb 2-1: 0:2 : does not exist
[  707.036838][ T7681] usb 2-1: unit 5: unexpected type 0x0a
[  707.184337][ T7681] usb 2-1: USB disconnect, device number 33
[  707.575458][ T9808] loop7: detected capacity change from 0 to 512
[  707.607269][ T9808] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  707.616241][ T9808] EXT4-fs (loop7): can't mount with data=, fs mounted w/o journal
[  707.643888][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  710.688867][ T9819] netlink: 'syz.4.1313': attribute type 4 has an invalid length.
[  710.778994][ T9823] netlink: 'syz.4.1313': attribute type 4 has an invalid length.
[  710.887593][ T4830] device hsr_slave_0 left promiscuous mode
[  710.900464][ T4830] device hsr_slave_1 left promiscuous mode
[  711.352616][ T4830] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  711.412029][ T4830] batman_adv: batadv0: Removing interface: batadv_slave_0
[  711.471666][ T4830] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  711.495274][ T4830] batman_adv: batadv0: Removing interface: batadv_slave_1
[  711.525536][ T9832] loop4: detected capacity change from 0 to 1024
[  711.533428][ T4830] device bridge_slave_1 left promiscuous mode
[  711.541506][ T4830] bridge0: port 2(bridge_slave_1) entered disabled state
[  711.586633][ T9833] usb usb1: usbfs: process 9833 (syz.7.1314) did not claim interface 0 before use
[  711.606187][ T4830] device bridge_slave_0 left promiscuous mode
[  711.619579][ T4830] bridge0: port 1(bridge_slave_0) entered disabled state
[  711.669057][ T9832] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  711.682884][ T9832] ext4 filesystem being mounted at /301/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  711.888938][ T4830] device veth1_macvtap left promiscuous mode
[  711.895043][ T4830] device veth0_macvtap left promiscuous mode
[  711.901738][ T4830] device veth1_vlan left promiscuous mode
[  711.907788][ T4830] device veth0_vlan left promiscuous mode
[  711.987064][ T9845] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 3: comm syz.4.1315: lblock 3 mapped to illegal pblock 3 (length 3)
[  712.005538][ T9845] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  712.017993][ T9845] EXT4-fs (loop4): This should not happen!! Data will be lost
[  712.017993][ T9845] 
[  713.300226][ T9840] loop7: detected capacity change from 0 to 16
[  713.315362][   T32] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:2: lblock 8 mapped to illegal pblock 8 (length 8)
[  713.377048][   T32] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  713.425979][   T32] EXT4-fs (loop4): This should not happen!! Data will be lost
[  713.425979][   T32] 
[  713.486551][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  713.611693][ T9840] loop7: detected capacity change from 0 to 1024
[  715.689663][ T4830] team0 (unregistering): Port device team_slave_1 removed
[  715.747615][ T4830] team0 (unregistering): Port device team_slave_0 removed
[  715.808737][ T4830] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  715.868132][ T4830] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  716.541109][ T4830] bond0 (unregistering): Released all slaves
[  716.671048][ T9839] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  716.939544][ T9668] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  716.976656][ T7292] hfsplus: b-tree write err: -5, ino 4
[  716.986381][ T9668] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  717.070287][ T9668] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  717.094310][ T9668] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  717.183381][ T9872] loop7: detected capacity change from 0 to 512
[  717.317613][ T9872] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  717.336634][ T9872] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  717.511925][   T26] audit: type=1804 audit(1758343003.342:11): pid=9872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.1321" name="/newroot/114/file0/bus" dev="loop7" ino=18 res=1 errno=0
[  717.840354][ T9889] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1321'.
[  718.565354][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  718.625179][ T9668] 8021q: adding VLAN 0 to HW filter on device bond0
[  718.658351][ T9668] 8021q: adding VLAN 0 to HW filter on device team0
[  719.023045][ T9900] loop7: detected capacity change from 0 to 512
[  719.030971][ T9900] ext4: Unknown parameter 'dont_appraise'
[  719.798044][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  719.846952][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  720.012073][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  720.042243][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  720.082202][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.089451][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.160451][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  720.237102][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  720.284118][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.291285][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[  720.486657][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  720.507517][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  721.365587][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  721.538827][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  721.603437][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  721.618461][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  721.647146][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  721.661861][ T9673] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  721.806972][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  721.818211][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  721.876766][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  721.908823][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  721.975769][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  721.993761][ T9673] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  722.009200][ T9673] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  722.037574][ T9916] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  722.063125][ T9668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  722.192614][ T9673] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  722.681306][ T4830] device hsr_slave_0 left promiscuous mode
[  722.706418][ T4830] device hsr_slave_1 left promiscuous mode
[  722.713536][ T4830] batman_adv: batadv0: Removing interface: batadv_slave_0
[  722.746045][ T4830] batman_adv: batadv0: Removing interface: batadv_slave_1
[  722.782411][ T4830] device bridge_slave_1 left promiscuous mode
[  722.802354][ T4830] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.820612][ T9943] capability: warning: `syz.1.1331' uses 32-bit capabilities (legacy support in use)
[  722.846334][ T4830] device bridge_slave_0 left promiscuous mode
[  722.855150][ T4830] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.052230][ T4830] device veth1_vlan left promiscuous mode
[  723.084810][ T4830] device veth0_vlan left promiscuous mode
[  724.374100][ T9955] loop7: detected capacity change from 0 to 512
[  724.385408][ T9955] ext4: Unknown parameter 'dont_appraise'
[  726.558052][ T9968] loop1: detected capacity change from 0 to 256
[  726.565247][ T9968] exfat: Unknown parameter ''
[  727.525527][ T4830] team0 (unregistering): Port device team_slave_1 removed
[  727.753865][ T4830] team0 (unregistering): Port device team_slave_0 removed
[  727.808311][ T4266] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  728.144884][ T4830] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  728.421501][ T4830] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  730.540760][ T4830] bond0 (unregistering): Released all slaves
[  730.767864][ T9969] device veth0_vlan left promiscuous mode
[  730.775195][ T9969] device veth0_vlan entered promiscuous mode
[  730.923584][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  730.979973][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  731.008119][ T9668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  731.023741][ T9673] 8021q: adding VLAN 0 to HW filter on device bond0
[  731.080190][ T9981] loop7: detected capacity change from 0 to 128
[  731.103697][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  731.152281][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  731.206113][ T9673] 8021q: adding VLAN 0 to HW filter on device team0
[  731.279899][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  731.327528][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  731.385528][ T7454] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.392743][ T7454] bridge0: port 1(bridge_slave_0) entered forwarding state
[  731.623768][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  731.634474][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  731.653397][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  731.768494][ T9994] loop1: detected capacity change from 0 to 512
[  731.779701][ T9994] ext4: Unknown parameter 'dont_appraise'
[  731.830225][ T7454] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.837491][ T7454] bridge0: port 2(bridge_slave_1) entered forwarding state
[  732.082006][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  732.359703][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  732.398682][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  732.467709][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  732.477332][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  732.486322][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  732.524623][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  732.545076][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  732.562314][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  732.595588][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  732.616806][ T4834] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  732.633808][ T7454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  732.678020][ T9673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  732.830122][ T4834] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  732.860526][ T4834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.922316][ T4834] usb 5-1: config 0 descriptor??
[  733.143180][T10009] loop7: detected capacity change from 0 to 256
[  735.877820][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  735.907626][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  735.918714][ T4834] usb 5-1: Cannot read MAC address
[  735.923992][ T4834] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[  735.989712][ T9668] device veth0_vlan entered promiscuous mode
[  736.008011][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  736.027720][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  736.033565][ T4834] usb 5-1: USB disconnect, device number 42
[  736.056845][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  736.101707][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  736.134519][ T9668] device veth1_vlan entered promiscuous mode
[  736.233912][ T9668] device veth0_macvtap entered promiscuous mode
[  736.283578][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  736.305675][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  736.338209][T10030] loop1: detected capacity change from 0 to 128
[  736.370807][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  736.409621][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  736.443107][ T9668] device veth1_macvtap entered promiscuous mode
[  736.477182][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  736.488488][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  736.554231][ T9668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  736.602606][ T9668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  736.660193][ T9668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  736.671360][ T9668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  736.681757][ T9668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  736.692682][ T9668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  736.705017][ T9668] batman_adv: batadv0: Interface activated: batadv_slave_0
[  736.743083][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  736.894541][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  736.904190][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  736.921204][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  737.963955][ T9668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  738.003738][ T9668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.026641][ T9668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  738.045543][ T9668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.055969][ T9668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  738.073335][ T9668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  738.095834][ T9668] batman_adv: batadv0: Interface activated: batadv_slave_1
[  738.143130][ T9673] 8021q: adding VLAN 0 to HW filter on device batadv0
[  738.166211][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  738.184163][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  738.226005][ T9668] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  738.263525][ T9668] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  738.292219][ T9668] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  738.316380][ T9668] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  738.415274][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  738.438204][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  738.613938][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  738.634632][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  738.731635][ T9673] device veth0_vlan entered promiscuous mode
[  738.761588][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  738.785923][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  738.828197][ T9673] device veth1_vlan entered promiscuous mode
[  738.889271][ T7292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  738.918432][ T7292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  739.018640][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  739.052428][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  739.100369][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  739.137773][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  739.176181][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  739.210365][ T9673] device veth0_macvtap entered promiscuous mode
[  739.239535][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  739.248258][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  739.280354][ T9673] device veth1_macvtap entered promiscuous mode
[  739.295303][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  739.347005][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  739.417495][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  739.456568][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.477588][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  739.508845][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.537613][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  739.564555][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.590412][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  739.621671][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.645087][ T9673] batman_adv: batadv0: Interface activated: batadv_slave_0
[  739.667478][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  739.711195][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.736623][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  739.757572][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.776531][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  739.796533][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.816573][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  739.846796][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  739.876409][ T9673] batman_adv: batadv0: Interface activated: batadv_slave_1
[  739.895373][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  739.918735][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  739.948404][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  739.967729][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  740.007093][ T9673] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  740.045928][ T9673] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  740.069588][ T9673] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  740.106433][ T9673] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  740.235146][T10076] loop9: detected capacity change from 0 to 256
[  740.285908][T10074] loop7: detected capacity change from 0 to 2048
[  740.304063][T10074] EXT4-fs: Ignoring removed bh option
[  740.512134][T10076] FAT-fs (loop9): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  740.527260][ T4474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  740.539564][ T4474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  740.548428][T10076] FAT-fs (loop9): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  741.531961][T10076] FAT-fs (loop9): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  741.580359][   T26] audit: type=1800 audit(1758343028.404:12): pid=10076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.1209" name="file1" dev="loop9" ino=1048676 res=0 errno=0
[  741.599767][T10076] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000001)
[  741.612775][T10074] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  741.681314][ T8175] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  741.682095][T10074] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  741.696302][ T4363] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  741.736250][ T4363] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  741.808457][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  742.125241][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  742.136606][T10091] loop3: detected capacity change from 0 to 1024
[  742.145040][T10091] EXT4-fs: Ignoring removed orlov option
[  742.245224][T10094] binder: 10093:10094 ioctl c0306201 200000000080 returned -14
[  742.260323][T10091] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  742.320276][T10102] usb usb1: usbfs: process 10102 (syz.4.1366) did not claim interface 0 before use
[  742.334279][T10102] MPTCP: kernel_bind error, err=-98
[  742.345591][T10098] loop1: detected capacity change from 0 to 1024
[  742.437750][T10098] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  742.499857][T10098] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1368: bg 0: block 88: padding at end of block bitmap is not set
[  742.555564][T10108] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.3.1213: corrupted in-inode xattr
[  742.851070][T10114] loop7: detected capacity change from 0 to 512
[  744.319113][ T4265] EXT4-fs (loop1): unmounting filesystem.
[  744.322608][T10108] EXT4-fs (loop3): Remounting filesystem read-only
[  744.335509][T10114] FAT-fs (loop7): Unrecognized mount option "noca" or missing value
[  745.348462][T10092] loop4: detected capacity change from 0 to 16
[  746.806299][ T9673] EXT4-fs (loop3): unmounting filesystem.
[  747.229905][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  747.236266][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  748.188112][T10141] ipt_CLUSTERIP: Please specify destination IP
[  750.236801][T10174] loop1: detected capacity change from 0 to 256
[  750.244046][T10174] exfat: Deprecated parameter 'namecase'
[  751.491350][T10174] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  753.339619][T10184] fuse: Bad value for 'fd'
[  753.547239][T10189] loop7: detected capacity change from 0 to 512
[  753.561130][T10189] FAT-fs (loop7): Unrecognized mount option "noca" or missing value
[  754.468476][ T4269] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  755.846599][ T4672] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  756.011017][    T7] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  756.202793][    T7] usb 2-1: Using ep0 maxpacket: 8
[  756.209820][    T7] usb 2-1: config 0 has an invalid interface number: 143 but max is 0
[  756.336700][    T7] usb 2-1: config 0 has no interface number 0
[  756.343258][    T7] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  756.344504][ T4672] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  756.353057][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.418705][    T7] usb 2-1: config 0 descriptor??
[  757.036570][ T4672] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  757.047716][ T4672] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  757.142758][ T4672] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  757.159250][ T4672] usb 10-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  757.176569][ T4672] usb 10-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  757.196673][ T4672] usb 10-1: Manufacturer: syz
[  757.229240][ T4672] usb 10-1: config 0 descriptor??
[  757.257990][    T7] usb 2-1: can't set config #0, error -71
[  757.267964][    T7] usb 2-1: USB disconnect, device number 34
[  757.331852][T10207] usb usb1: usbfs: process 10207 (syz.4.1389) did not claim interface 0 before use
[  758.440685][ T4672] appleir 0003:05AC:8243.000B: item fetching failed at offset 0/1
[  758.470425][T10204] MPTCP: kernel_bind error, err=-98
[  758.480151][ T4672] appleir 0003:05AC:8243.000B: parse failed
[  758.480219][ T4672] appleir: probe of 0003:05AC:8243.000B failed with error -22
[  758.529290][T10207] loop4: detected capacity change from 0 to 16
[  758.616916][T10219] loop7: detected capacity change from 0 to 256
[  758.632827][T10219] FAT-fs (loop7): Unrecognized mount option "ÿÿÿÿÿÿÿÿ" or missing value
[  758.752416][ T4672] usb 10-1: USB disconnect, device number 2
[  758.830651][T10207] loop4: detected capacity change from 0 to 1024
[  758.947701][T10223] loop7: detected capacity change from 0 to 512
[  758.977595][T10223] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  759.066415][T10223] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  759.067799][T10223] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  759.357024][T10229] overlayfs: failed to resolve './bus': -2
[  760.091434][ T7265] EXT4-fs (loop7): unmounting filesystem.
[  760.561535][ T4429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  760.578571][ T4429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  760.629894][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  762.592679][ T4672] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  763.248409][ T4672] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  763.295175][ T4672] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  763.426585][ T4672] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.529072][ T4672] usb 2-1: config 0 descriptor??
[  763.773750][ T4429] hfsplus: b-tree write err: -5, ino 4
[  763.969001][ T4672] keytouch 0003:0926:3333.000C: fixing up Keytouch IEC report descriptor
[  764.198397][ T4672] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.000C/input/input11
[  764.870567][ T4672] keytouch 0003:0926:3333.000C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  764.906567][T10263] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  764.918092][ T4672] usb 2-1: USB disconnect, device number 35
[  765.213165][T10283] overlayfs: missing 'lowerdir'
[  765.278049][T10263] usb 4-1: Using ep0 maxpacket: 8
[  765.958395][T10263] usb 4-1: config 0 has an invalid interface number: 143 but max is 0
[  766.000070][T10263] usb 4-1: config 0 has no interface number 0
[  766.006253][T10263] usb 4-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  766.212936][T10263] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.397618][T10263] usb 4-1: config 0 descriptor??
[  767.326559][T10263] viperboard 4-1:0.143: version 0.00 found at bus 004 address 018
[  767.455102][T10263] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  767.470584][T10263] viperboard-i2c: probe of viperboard-i2c.2.auto failed with error -5
[  767.861691][T10301] loop4: detected capacity change from 0 to 512
[  767.868610][T10281] fido_id[10281]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  767.986691][ T4672] usb 4-1: USB disconnect, device number 18
[  768.458724][T10301] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  768.540815][T10301] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  769.373258][T10301] overlayfs: failed to resolve './file1': -2
[  769.631515][T10317] loop3: detected capacity change from 0 to 512
[  769.639147][T10317] FAT-fs (loop3): Unrecognized mount option "noca" or missing value
[  771.428194][ T4266] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  772.099299][ T4281] EXT4-fs (loop4): unmounting filesystem.
[  773.468936][T10338] loop9: detected capacity change from 0 to 128
[  773.622276][T10331] loop4: detected capacity change from 0 to 512
[  774.329092][T10331] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  774.346968][T10331] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  774.722163][T10350] 
[  774.725178][T10350] =============================
[  774.730218][T10350] WARNING: suspicious RCU usage
[  774.735119][T10350] syzkaller #0 Not tainted
[  774.739666][T10350] -----------------------------
[  774.744552][T10350] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage!
[  774.753681][T10350] 
[  774.753681][T10350] other info that might help us debug this:
[  774.753681][T10350] 
[  774.764038][T10350] 
[  774.764038][T10350] rcu_scheduler_active = 2, debug_locks = 1
[  774.772666][T10350] 1 lock held by syz.3.1417/10350:
[  774.777899][T10350]  #0: ffffffff8cb2ad60 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70
[  774.788240][T10350] 
[  774.788240][T10350] stack backtrace:
[  774.794182][T10350] CPU: 1 PID: 10350 Comm: syz.3.1417 Not tainted syzkaller #0
[  774.801676][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  774.811780][T10350] Call Trace:
[  774.815099][T10350]  <TASK>
[  774.818154][T10350]  dump_stack_lvl+0x168/0x22e
[  774.822880][T10350]  ? show_regs_print_info+0x12/0x12
[  774.828115][T10350]  ? load_image+0x3b0/0x3b0
[  774.832686][T10350]  lockdep_rcu_suspicious+0x1dd/0x300
[  774.838109][T10350]  get_callchain_entry+0x2a5/0x3b0
[  774.843273][T10350]  get_perf_callchain+0x9f/0x480
[  774.848348][T10350]  ? put_callchain_entry+0xb0/0xb0
[  774.853505][T10350]  ? plist_add+0x3d4/0x480
[  774.857962][T10350]  ? verify_lock_unused+0x140/0x140
[  774.863235][T10350]  __bpf_get_stack+0x2ce/0x4f0
[  774.868045][T10350]  ? stack_map_get_build_id_offset+0x9c0/0x9c0
[  774.874241][T10350]  ? __cant_sleep+0x210/0x210
[  774.879004][T10350]  ? bpf_prog_b8a90dd1efcc4ad9+0x3d/0x41
[  774.884705][T10350]  bpf_get_stack_raw_tp+0x189/0x1c0
[  774.889968][T10350]  bpf_prog_b8a90dd1efcc4ad9+0x3d/0x41
[  774.895475][T10350]  bpf_prog_run_pin_on_cpu+0x63/0x140
[  774.900901][T10350]  bpf_prog_test_run_syscall+0x30d/0x490
[  774.906578][T10350]  ? sock_gen_cookie+0x60/0x60
[  774.911383][T10350]  ? sock_gen_cookie+0x60/0x60
[  774.916178][T10350]  bpf_prog_test_run+0x31e/0x390
[  774.921164][T10350]  __sys_bpf+0x593/0x6d0
[  774.925453][T10350]  ? bpf_link_show_fdinfo+0x340/0x340
[  774.930885][T10350]  ? lock_chain_count+0x20/0x20
[  774.935791][T10350]  __x64_sys_bpf+0x78/0x90
[  774.940252][T10350]  do_syscall_64+0x4c/0xa0
[  774.944702][T10350]  ? clear_bhb_loop+0x60/0xb0
[  774.949423][T10350]  ? clear_bhb_loop+0x60/0xb0
[  774.954150][T10350]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  774.960085][T10350] RIP: 0033:0x7f74a578ec29
[  774.964537][T10350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  774.984195][T10350] RSP: 002b:00007f74a6530038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  774.992651][T10350] RAX: ffffffffffffffda RBX: 00007f74a59d6090 RCX: 00007f74a578ec29
[  775.000668][T10350] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
[  775.008679][T10350] RBP: 00007f74a5811e41 R08: 0000000000000000 R09: 0000000000000000
[  775.016682][T10350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  775.024688][T10350] R13: 00007f74a59d6128 R14: 00007f74a59d6090 R15: 00007fffbf2f3898
[  775.032719][T10350]  </TASK>
[  777.654375][ T7265] EXT4-fs (loop4): unmounting filesystem.