last executing test programs:

8m36.432328763s ago: executing program 32 (id=11):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f00000006c0)={[{@errors_remount}, {@sysvgroups}, {@minixdf}]}, 0x1, 0x50e, &(0x7f0000000700)="$eJzs3U9sI1cZAPBvnDj/Nm3S0gMgaJe2sKDVOom3jaoeoBwRqoTUI0jbkHijKHYcxU5pwh7SM1ckKnGCI9w598SBGxcENy7LAYk/EWiDxMHVjMdZb9beRJvEjuLfTxrNvHmz/r4XZ97bebv2C2Bk3YyIg4iYiIgPI2IuP5/kW7zX3tLrHh0+WD06fLCaRKv1wb+SrD49F11/JnUje83533bO/zh5Om5jb39zpVqt7OTlhWZte6Gxt39no7ayXlmvbJXLy0vLi+/cfbt8YW19rTaRH3314R8PvvXTNK3Z/Ex3Oy5Su+nF4zip8Yj4/mUEG4KxvD0Tw06E51KIiJcj4vXs/p+LsezdBACus1ZrLlpz3WUA4LorZHNgSaGUzwXMRqFQKrXn8F6JmUK13mjevl/f3Vprz5XNR7Fwf6NaWcznCuejmKTlpez4cbl8onw3Il6KiJ9PTmfl0mq9ujbMv/gAwAi7cWL8/+9ke/wHAK65qWEnAAAMXJ/x/2DQeQAAg+P5HwBGj/EfAEZPe/yfHnYaAMAAef4HgNFj/AeAkfKD999Pt9ZR/v3Xax/t7W7WP7qzVmlslmq7q6XV+s52ab1eX8++s6d22utV6/Xtpbdi9+P5b283mguNvf17tfruVvNe9r3e9yrF7CqfLACAYXrptc/+kqQj8rvT2RZdazkUh5oZcNkKw04AGJqxYScADI3VvmB0neMZ3/QAXBP5Er2T/eqnen1AqNVqtS43LeAS3fqS+X8YVV3z//4XMIwY8/8wusz/w+hqtZKzrvkfxxeOX9pyxADAAJjjB5Lep1/O97/J/3HgR2snr/j0MrMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAq62z/m8pXwt8NgqFUinihYiYj2Jyf6NaWYyIFyPiz5PFybS8NOScAYDzKvw9ydf/ujX35uwTVa/eOD6ciIif/PKDX3y80mzu/CliIvn3ZOd889P8fHnw2QMAp+uM09m+60H+0eGD1c42yHz+8d2ImGrHPzqciKPj+OMxnu2nohgRM/9J8nJb0jV3cR4Hn0TEF3u1P4nZbA6kvfLpyfhp7BcGGr/wRPxCVtfepz+LL1xALjBqPkv7n/d63X+FuJnte9//U1kPdX55/5e+1OpR1gc+jt/p/8b69H83zxrjrd9/r300/XTdJxFfHo/oxD7q6n868ZM+8d88Y/y/fuXV1/vVtX4VcSt6x++OtdCsbS809vbvbNRW1ivrla1yeXlpefGdu2+XF7I56oX+o8E/3739Yr+6tP0zfeJPndL+r5+x/b/+/4c//Noz4n/zjV7xC/HKM+KnY+I3zhh/ZeZ3U/3q0vhrfdp/2vt/+4zxH/5t/6llwwGA4Wns7W+uVKuVnZE8iLNd/If8h3Ulch7pg/RduAJp9Dz4zqBiTUTvqp+90f41nYzo/sVutZ4rVr8e4yJm3YCr4Pimj4j/DTsZAAAAAAAAAAAAAACgp0F8YmnYbQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD6+jwAAP//tCzJyA==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b)
r1 = open(&(0x7f0000001b80)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x20000008)

7m42.524757628s ago: executing program 33 (id=339):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x2)
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x97}], 0x1)

7m5.781291638s ago: executing program 34 (id=511):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = semget$private(0x0, 0x7, 0x191)
semtimedop(r0, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x4, 0x3, 0x1800}], 0x2, 0x0)
semop(r0, &(0x7f0000000180)=[{0x2, 0x2, 0x800}, {0x3, 0x5, 0x3000}], 0x2)
semop(r0, &(0x7f0000000140)=[{0x2, 0xce97, 0x800}, {0x1, 0x5, 0x1000}], 0x2)
semctl$SETVAL(r0, 0x3, 0x10, 0x0)

7m2.700191417s ago: executing program 35 (id=698):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0x20000008, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x44}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

6m26.253765684s ago: executing program 36 (id=956):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00')
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x5)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10)
sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
close_range(r0, 0xffffffffffffffff, 0x0)

6m4.991025227s ago: executing program 37 (id=1126):
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x7ecae788a6630e8, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x4, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

5m34.487697596s ago: executing program 38 (id=1247):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0x80049363, 0x0)

5m32.460421279s ago: executing program 39 (id=1296):
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x4c041}, 0x24048051)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x9, 0xf9, 0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x2, 0x2, 0x9, 0x8f, 0xff, 0x0, '\x00', 0xfd, 0x1000000000})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x4, 0x20003, 0x10020f5b, 0x0, [{0x0, 0x7f}, {0x0, 0x0, 0xd}, {}, {0x0, 0x35, 0x2}, {0x7}, {0x5, 0x0, 0xff}, {0x4}, {0x1, 0x6}, {0x3, 0x1, 0x0, '\x00', 0xdf}, {0xf, 0x1, 0x2, '\x00', 0x1}, {0x0, 0x0, 0xfe}, {0x0, 0x20, 0x0, '\x00', 0x6}, {0xfe}, {0x0, 0x3, 0x2, '\x00', 0x9}, {0x8, 0x0, 0x10, '\x00', 0x3a}, {0x0, 0xa, 0x0, '\x00', 0x5}, {0x0, 0x0, 0x0, '\x00', 0xfe}, {0x3, 0x0, 0xfa}, {0x0, 0x2, 0x0, '\x00', 0x2}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, '\x00', 0x1}, {0x0, 0x4}, {0x0, 0x0, 0x1}]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m10.004052338s ago: executing program 40 (id=1496):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000280)={[{@i_version}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ftruncate(r1, 0x2000009)
write$cgroup_int(r0, &(0x7f00000000c0), 0x12)
write$binfmt_script(r1, &(0x7f0000000140), 0xfcb8)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000080)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f00000000c0)={0x17c04, r0, 0x8001, 0x100000001})

5m0.774733183s ago: executing program 41 (id=1561):
unshare(0x2040400)
openat$comedi(0xffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket(0x40000000015, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)

4m35.706109043s ago: executing program 42 (id=1820):
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$key(0xf, 0x3, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
membarrier(0x10, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
writev(0xffffffffffffffff, 0x0, 0x0)
membarrier(0x8, 0x0)

3m59.476597522s ago: executing program 43 (id=2108):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x3, 0x4, 0x13, 0x5, 0x2, 0xd, 0x3, 0x16, 0xfe, 0x2, 0xb4, 0x3, 0x8, 0x3}, 0xe)
sendmsg$inet_sctp(r0, &(0x7f0000000000)={&(0x7f0000000240)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
r1 = dup(r0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000000c0)=0x7f, 0x4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
write$P9_RWALK(r1, &(0x7f0000000fc0)={0x9, 0x6f, 0x1}, 0x9)
recvmmsg(r0, &(0x7f0000006400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=""/79, 0x4f}, 0x400}], 0x1, 0x40000022, 0x0)

3m57.119818392s ago: executing program 44 (id=2126):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080), 0x1)
sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="35ad0269", 0x4, 0x20000000, 0x0, 0x0)
sendto$inet6(r0, &(0x7f00000007c0)="87", 0x1, 0x4000, 0x0, 0xfffffffffffffe00)
sendto$inet6(r0, &(0x7f0000000240)="1a", 0x1, 0x0, 0x0, 0x0)

3m46.427707974s ago: executing program 45 (id=2191):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
socket$packet(0x11, 0xa, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x3e, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008100090008004500"], 0x0)

3m34.206334909s ago: executing program 46 (id=2292):
r0 = io_uring_setup(0x664c, &(0x7f0000000480)={0x0, 0x0, 0x1, 0x8000006})
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r1, 0x0, 0x1000, 0x0)
close_range(r0, r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3d0, &(0x7f00000004c0)="$eJzs3M1uG0UcAPD/br5I+mEjcUCFgyUQBAFxHQhQhEThyscFeAArSUuF21SNkWjJoSBOnDggbhz6Ahx4gKpCSEi8Ai+AKlUozQFuQWvvOm4cp7Fix2r6+0mjndkdZ/bv3axm1rsTwGOrEhHnI2IiIhYjopSvT/MUN9spq3d/c2N5a3NjOYnt7U/+SSLJ1xV/K8mXJ/LCfBqRfhfxzM3edtev3/ii3misXsvL1eblq9X16zdevXS5fnH14uqV2pvnarWlxbdqrw8t1p+ef+ncxPvnz/z8V+nO0vT0bLa/J/Nt3XEMSyUqne9kt6VhNzZm0+PeAQAADiTN+/6Trf5/KSZaubZSVDfGunMAAADAUGy/my8BAACAYywx9gcAAIBjrngO4P7mxnKRxvg4wpG7915ElHfebd7qxD8ZT+R1pkb4fmslIq6+kJSyFCN6DxkAoNudrP9zdq/+XxpPd9WbiWj1h2aH3H5lV7m3/5PeHXKTD8j6f+9ExFZP/y8tqpQn8tKpVldxKrlwqbF6NiJOR8R8TM1k5do+bXzw7y8f99uWxf97cup0kbL2s+VOjfTu5MyDn1mpN+uHibnbvW8izkzuFX/S6f8mETF3iDYmvr71dr9tD49/tLZvRby45/Hfmbkn2X9+omrrfKgWZ0Wv/7799aN+7Y87/uz4z+0ffznpnq9pffA2bn/+57P9tnWPfwY5/6eTT1v5Ylz2Vb3ZvFaLmE4+7F2/uPPZolzUz+Kff27v///i+pfkc1qdzK8Bg/r+h99eOUj8WcraL8aCRyGLf2Wg4z945o3bf3zWr/2Hx58d//YcYPP5moNc/w66g4f57gAAAOBRkbbuayTpQiefpgsL7fsdT8Vc2lhbb758Ye3LKyvt+x/lmEqLO12lrvuhtfbP6J3y4q7yaxHxZET8WJptlReW1xor4w4eAAAAHhMn+oz/M38f2VMIAAAAwMiVx70DAAAAwMgZ/wMAAMCxdph5/WRkZI5rZtxXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfb/wEAAP//Wt22ag==")
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2m52.964394932s ago: executing program 0 (id=2688):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4}}}}}}}, 0x0)

2m52.609550631s ago: executing program 0 (id=2690):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
r1 = openat$cgroup_ro(r0, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021501700001e0a05010000000000000000070000000900020073797a31000000000900010073797a300000000024170380300000802c000180250001007bb0c03ce8ed22d039cce454fd98ae614b08a9f3d4ddf1f742d55995afac076948000000f01600800c00054000000000000000000c00054000000000000000000c00044000000000000000000c00044000000000000000000600064019d20000ac0201802800028008000340000000000900020073797a310000000008000340000000000800018000000000380002800800034000000000080001800000000008000340000000000800034000000000090002"], 0x17d4}}, 0x0)
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16=r1, @ANYRES16=r3], 0x0)

2m50.805609706s ago: executing program 0 (id=2693):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000100)={0x0, 0x60, &(0x7f0000000000)={&(0x7f0000000200)={0x2c, r2, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a88000000060a0b040000000000000000020000005c000480580001800a000100696e6e65720000004800028008000240000000840800034000edff06080004400000000f0800014000000000240005800c0001007061796c6f6164001400028008000340000000b908000240000000040900010073797a30000000000900020073797a32"], 0xb0}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)={{0x12, 0x1, 0x1, 0xe6, 0x3e, 0xd5, 0x10, 0xa168, 0x611, 0x812f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x0, 0xf0, 0xf9, [{{0x9, 0x4, 0xaa, 0x0, 0x0, 0xb2, 0x0, 0xe4, 0x8}}]}}]}}, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000600))

2m48.973319014s ago: executing program 0 (id=2706):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

2m48.845472874s ago: executing program 0 (id=2710):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000003c0)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x33}}], 0x10)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x4, 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x1c)
r2 = socket(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000040)=0x4, 0x4)
setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000080)=0x2, 0x4)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x1c)

2m48.177329378s ago: executing program 0 (id=2714):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x38}}, 0x0)

2m47.938481007s ago: executing program 47 (id=2714):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x38}}, 0x0)

2m2.11441832s ago: executing program 8 (id=3124):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10a)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

2m1.830029833s ago: executing program 8 (id=3128):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f00000007c0), 0x10)
listen(r0, 0x5)
unshare(0x40020000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x48c0)

1m59.905926948s ago: executing program 8 (id=3144):
r0 = open(&(0x7f00000021c0)='./file0\x00', 0x48442, 0x182)
ftruncate(r0, 0x200002)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000080)={{{@in=@remote, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {0x7, 0x0, 0x0, 0x7}, 0x0, 0x6e6bb9, 0x1, 0x1}, {{@in=@dev, 0x0, 0x32}, 0x0, @in=@remote, 0x0, 0x4, 0x0, 0x0, 0x4}}, 0xe8)
connect$pppl2tp(r2, &(0x7f00000003c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
sendfile(r2, r1, 0x0, 0x80001d00c0d0)

1m59.479714662s ago: executing program 8 (id=3149):
syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4040, &(0x7f0000002400)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0xee01, @ANYBLOB=',barrier,nls=iso8859-15,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c706172743d30783030303030303030372c706172743d3078303030303030303030303030303030322c00ff166d65d16cfb932fb90a29e03c152d6c0cfbf1abebad4cfe2772666948ba92ded3acb6b70084f4de9608826455015212635cbdff8cf6e1485ab9413b3b2086c5c49f7500a0d801dcec1bce"], 0x20, 0x6fe, &(0x7f0000000c00)="$eJzs3U9oXHkdAPDvm5lMMl3IztZ2t4rQsMWiW22TDIsVBKuI5LBowcteY5tuQydpSbKSFrGz6qo3PUkPe1iReNiTeBBWPIj1JgiC994LHrwVD468N+9NZvJ3Js0ksfv5wJv3e+/9/nx/33nz5k9aXgCfWHNvx1grkpi79NZ6uv1ko9F8stFYKsoRMR4RpYhKZxXJckTyOOJadJb4dLoz7y7ZbZw3n378wcVHHzU6W5V8yeqX9mq3qb3HCK18iamIKOfrIVV26+/GDv09HKrrpBt3mrALReLguLW3aQ3TfIDXLXDSPYwoj+2wvx5xKiIm8s8BkV8dSkcc3qEb6ioHAAAAJ1N5vwovP4tnsR6TRxMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvBiSzj0Dk3wpFeWpSPL7/38nr5apVo833H18cZ/j7986okAAAAAAAAAA4PCNbRbPP4tnsR6TxXY7yf7m/3q2cSZ7fCnejdVYiJW4HOsxH2uxFisxEzE22dNndX1+bW1lZnvLX0Xast1uP8xbzkZEfVvL2RHPGQAAAAAAAABebD+KuZg87iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBXElHurLLlTFGuR6kSERMRUU3rtSL+VJRPgvoB2/35kOMAAACAE6iWryeT/3YK7ST7zv9q9r1/It6N5ViLxViLZizEzey3gM63/tI/Wo3mk43GUrps7/jr/8p6aw8YR9ZjRJTjvV1Gns5qnO22mItvxXfjUkzF9ViJxfh+zMdaLMRU1NJJxHwkUa91fr2oF3H2x1vOu7rWF8r1rbGd37J9LoukFrdiMYvtctyoFr2VshpJnOsZ7Q/ViC0Zei/NTvK13IA5utnzfP0y/10m1355wD5Go57NfKybkek093k2Xtk594XOeXLgkWai1P0N6szmKOnm1pGKnH9vmJyfytdprn/an/PDNuRPaVszMRul/OyLeLU/5/c+9+h0f+Mv/PMv12+Xlu/cvrV6aYRTOiSVHfeOFYWtmWj0ZOK1vc++PBPNNBOtwTMxtnXHxMBzGalqno3OhW2wq+U3s9J8vN5zCt5dTh+/HNMxE1djOr4Ss9HoO8PO9uW10ljqz0n2Wittv77V9gj+wud7Kv1sn8qjsPt4aV5e6clr75Wunh3L91z7RUz3ZOn03mffQd4FKp/JC+kYP+6+45wEfZnIr81FdMUb1C6Z+HX2OWG1uXxn5fb8vQHHu5iv05ft+/3X5t8892SeS3q+nO5euLKc1IrzJT32qW60/fmq5n9x6bQrbTt2tnusHpOxGN+Ou3EzFnZ4pVbzz3Dbe+oce23HY43s2LmeY32fcuJuNLNPIVtMHU1WARjYqTdOVWtPa3+vfVj7Se127a2Jb4xfHf9sNcb+Wvlj+Xel35a+mrwRH8YPY/K4IwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBfB6v0Hd+abzYWVERaqBxwrSvvW2XhpsA6jHrH3WEleqI46G0MXfp7fr/Dwev73xJ7ZqMWIpvP7vWdRfe4hkkhaI35S0mfiUDosbpyW7WmX9231tysRnT2VaLfbD7uHtj6VlVid2O0ZHN+sHPU7883/tPvq1KLnJQO84K6sLd27snr/wZcWl+bfWXhnYXn2anF73FuLzYXpK9njMQcJjMTq/Qfl444BAAAAAAAAAAAAGE7+r//XVkppIRn+f+lU9qlTXVndeeTzRz1VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/U3Nsx1ookZqYvT6fbTzYazXQpyps1KxFRiojkBxHJ44hr0Vmi3tNdsts4bz79+IOLjz5qbPZVKeqX9mo3mFa+xFRElPP1/sZ36GZ7fzd6+msdKLykO8M0YReKxMFx+18AAAD//yBC8a4=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x9041, 0x0)
mount$bind(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
rename(0x0, 0x0)
lstat(0x0, 0x0)
mount$nfs(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x20000, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x887008, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x2405, 0x0)

1m59.143157529s ago: executing program 8 (id=3153):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x42}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfff7fffd, 0x2}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000002c0)={0x100042, 0xf7, 0x1}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x42}, 0x10)
sendmsg$tipc(r3, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0xfffd}}, 0x10, 0x0}, 0x0)

1m58.253616601s ago: executing program 8 (id=3161):
r0 = fanotify_init(0x8, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x455, 0x8000001, r1, 0x0)
r2 = fanotify_init(0x200, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
fanotify_mark(r2, 0x101, 0x48001051, r3, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r2, 0x41, 0x8000038, r4, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)

1m58.061285766s ago: executing program 48 (id=3161):
r0 = fanotify_init(0x8, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x455, 0x8000001, r1, 0x0)
r2 = fanotify_init(0x200, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
fanotify_mark(r2, 0x101, 0x48001051, r3, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r2, 0x41, 0x8000038, r4, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)

52.320318525s ago: executing program 1 (id=3789):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{&(0x7f0000002180)={0xa, 0x4e21, 0x8, @local, 0x8}, 0x1c, 0x0}}], 0x1, 0x240880d1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000740)={0x1, 0x8, 0x1, 0x6, 0x1a, "7ad5c067dcd88f7cee48d47ddf31195519fd33"})
r1 = syz_open_pts(r0, 0x80)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff)

51.341530653s ago: executing program 1 (id=3799):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xcc15, @dev, 0x7}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a0603a6ff8000000001000000006302496b3a17b42e64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)

50.309658516s ago: executing program 1 (id=3812):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x9f)
sendmsg$NL80211_CMD_SET_KEY(r1, 0x0, 0x4004)
syz_genetlink_get_family_id$nl80211(0x0, r1)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010067656e65766500000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x2c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, 0x500}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x8000)

49.681410847s ago: executing program 1 (id=3823):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891008, 0x0)

49.562233027s ago: executing program 1 (id=3827):
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mkdir(0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
r2 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r2, 0x7003)
close_range(r1, 0xffffffffffffffff, 0x0)

49.289576399s ago: executing program 1 (id=3832):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec08000000006ff1f000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

49.173763958s ago: executing program 49 (id=3832):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec08000000006ff1f000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

31.041127709s ago: executing program 5 (id=4028):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x3a85ef35342a412e)
writev(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000000)="26eba9fdb4cbab48929e1af151", 0xd}], 0x1)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x583a, 0x5, 0xa, 0x4000000000, 0x6, 0x2, 0x1041, 0x4, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0x800005, 0x6a], 0x1, 0x1000d6})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

30.840718225s ago: executing program 5 (id=4030):
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x1, &(0x7f0000000800)=[{0x28, 0x7, 0x0, 0xfffff034}]})
close(0x3)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x4, 0xa, 0x40}, 0x50)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

30.719702775s ago: executing program 5 (id=4032):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000000)=[{r2, 0x181}, {r1, 0x4302}, {r1, 0x420}], 0x3, 0x0, 0x0, 0x0)
close(r0)

30.481262454s ago: executing program 5 (id=4033):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x800001, &(0x7f0000000500)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
syz_io_uring_setup(0x110, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x9041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

30.205293647s ago: executing program 5 (id=4035):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000080)="0f06c401fee67f5de74c3a0f20c035000004000f22c0400f239ac40271b6c766baa100b006ee48b80d2e0000000000000f23d00f21f83520000008b9800000c00f3235000400000f30430f06400f38074e8d", 0x52}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

29.577531057s ago: executing program 5 (id=4036):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000eb0000000001000000940000930600003e5f0000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xe08, 0x0, 0x2, 0x1, 0x80000000}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8000)
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2}}}}}}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0)

29.42118458s ago: executing program 50 (id=4036):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000eb0000000001000000940000930600003e5f0000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xe08, 0x0, 0x2, 0x1, 0x80000000}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8000)
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2}}}}}}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe6, 0x0)

15.183028287s ago: executing program 2 (id=4171):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r2}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
socket$packet(0x11, 0x3, 0x300)

14.89385055s ago: executing program 2 (id=4175):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
open(&(0x7f0000000100)='./file0/file1\x00', 0x101040, 0x10)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80)
llistxattr(&(0x7f00000000c0)='./file0/file1\x00', 0x0, 0x0)

14.4095484s ago: executing program 2 (id=4180):
syz_open_dev$swradio(&(0x7f00000012c0), 0x0, 0x2)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x0, 0x10000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11.993042004s ago: executing program 2 (id=4187):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000003900)={0x2020, 0x0, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x20010080, &(0x7f0000000480)=ANY=[@ANYBLOB='allow_utime=00000000000000000000007,dmask=00000000000000001,iocharset=macroman,allow_utime=00000000000000000000002,uid=', @ANYRES64=r3, @ANYRESOCT=r1, @ANYBLOB="2a3a6dc4d70cd8504afe4f20df34ad3cf37d706dd73fd000", @ANYRESDEC=r3, @ANYRESHEX=r2], 0x1, 0x14ee, &(0x7f0000002400)="$eJzs3Au0jtX2MPA511qPW9Kb5L7mmg9v2lgkSS5JckmSJElyS0iSJAmJTW5JSELuSe4hucVO7vdb7klyJEkSEpKsb+ic89ep842+b5y+z/8/9vyNscZecz97rneud77jfZ/n2WPvbzsOrlq/WqW6zAz/Efz7l1QAyAQA/QDgGgCIAKBU9lLZLx3PrDH1P3sQ8dd6aNqVrkBcSdL/9E36n75J/9M36X/6Jv1P36T/6Zv0P32T/guRnm2dnudaGel3yP3/9Ew+/9M36X/6Jv1P36T/6Zv0P32T/qdv0v/0Tfqfvkn/hUjPrvT95/85I+M/nrErXcdfO67wy08IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghRDpxLlxmAOCf8ytdlxBCCCGEEEIIIf46IeOVrkAIIYQQQgghhBD/7yEo0GAgggyQETJBZsgCV0FWuBqywTWQgGshO1wHOeB6yAm5IDfkgbyQD/KDBQIHDDEUgIKQhBugENwIKVAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6Ai3AmV4C6oDFWgKlSDu6E63AM14F6oCfdBLbgfzpX5e5V14SGoBw9DfXgEGsCj0BAaQWNoAk1/n48I8Jv82vAA1IEHf5f/InSFl6AbdIdU6AE94WXoBb2hD/SFfvAK9IdXYQC8BgNhEAyG12EIvAFD4U0YBsNhBLwFI2EUjIYxMBbGwXh4GybAOzAR3oVJMBmmwFSYBtNhBrwHM2EWzIb3YQ58AHNhHsyHBbAQPoRFsBjS4CNYAh/DUlgGy2EFrIRVsBrWwFpYB+thA2yETbAZtsBW+AS2wXbYATthF+yGPfAp7IXPYB98Dvvhi//L/LO/y++EgIAKFRo0mAEzYCbMhFkwC2bFrJgNs2ECE5gds//XiyU35sa8mBfzY34kJGRkLIAFMIlJLISFMAVTsAgWQY8ei2NxLIE3Y0ksiaWwFJbG0lgGy2JZLI/lsQJWwIpYESthJayMlbEqVsW78W68B2tgDayJNbEW1sLaWBvrYB2si3WxHtbD+lgfG2ADbIgNsTE2xqbYFJthM2yOzbEltsRW2ApbY2tsg22wLbbFdtgO22N77IAdsCN2xE7YGTvji/givoQvYXesrHpgT+yJvbAX9sG+2Bdfwf74Kr6Kr+FAHISD8XV8Hd/AoXgGh+FwHIEjsIIahaNxDLIah+NxPE7ACTgRJ+IknIyTcSpOw+k4A2fgTJyFs/B9nIMf4Ac4D+fhAlyIC3ERLsY0TMMleBaX4jJcjitwJa7ClbgG1+IaXI8bcD1uwk24BbfgJ/gJbsftuBN34m7cjZ/ip/gZfoYDcT/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOB7HE3gST+FJPI2n8QyexXN4Ds/jebyAz+f9ut7uwusGgrrEKKMyqAwqk8qksqgsKqvKqrKpbCqhEiq7yq5yqBwqp8qpcqvcKq/Kq/Kr/IoUKVaxKqAKqKRKqkKqkEpRKaqIKqK88qq4Kq5KqBKqpCqpSqlbVWl1myqjyqoWvrwqryqolr6iulNVUpVUZVVFVVXVVDVVXVVXNVQNVVPVVLVULVVbPaDqqB7YBx9SlzpTXw3CBmowNlSNVGPVRL2Bj6lmaig2Vy1US/WEGo7DsLVq5tuop1VbNRrbqWfVGHxOdVDjsKN6QXVSnVUX9aLqqpr7bqq7moQ9VE81FXup3qqP6qtmYhV1qWNV1WtqoBqkBqvX1QJ8Qw1Vb6phargaod5SI9UoNVqNUWPVODVeva0mqHfURPWumqQmqylqqpqmpqsZ6j01U81Ss9X7ao76QM1V89R8tUAtVB+qRWqxSlMfqSXqY7VULVPL1Qq1Uq1Sq9UatVatU+vVBrVRbVKb1Ra1VX2itqntaofaqXap3WqP+lTtVZ+pfepztV99oQ4oTAX4Uh1SX6nD6mt1RH2jjqpv1TH1nTquvlcn1El1Sv2gTqsf1Zlf3xsBQP2sLqhf1EUVFGjUSmttdKQz6Iw6k86ss+irdFZ9tc6mr9EJfa3Orq/TOfT1OqfOpXPrPDqvzqfza6tJO8061gV0QZ3UN+hC+kadogvrIrqo9rqYLq5v0iX0zbqkvkWX0rfq0vo2XUaX1eV0eX27rqDv0BX1nbqSvktX1lV0VV1N362r63t0DX2vrqnv07X0/bq2fkDX0Q/quvohXU8/rOvrR3QD/ahuqBvpxrqJbqof083047q5bqFb6id0K/2kbq2f0m3007qtfka308/q9vo53UE/rzvqF3Qn3Vl30b/oizrobrq7TtU9dE/9su6le+s+uq/up1/R/fWreoB+TQ/Ug/Rg/boeot/QQ/Wbepgerkfot/RIPUqP1mP0WD1Oj9dv6wn6HT1Rv6sn6cl6ip6qp+npus8/Vpr9f5D/zr/JH/Dro2/RW/UnepvernfonXqX3q336D16r96r9+l9er/erw/oA/qgPqgP6UP6sD6sj+gj+qg+qo/pY/q4Pq5P6JP6J/2DPq1/1Gf0WX1W/6TP6/P6wj+eAzBolNHGmMhkMBlNJpPZZDFXmazmapPNXGMS5lqT3VxncpjrTU6Ty+Q2eUxek8/kN9aQcYZNbAqYgiZpbjCFzI0mxRQ2RUxR400xU9zc9B/n/1l9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL532RSpSkYlMlCHKEGWKMkVZoixR1ihrlC3KFiWiRJQ9yh7liK6Pcka5otxRnihvlC/KH9mIIhdxFEcFooJRMrohKhTdGKVEhaMiUdHIR8Wi4tFNUYno5qhkdEtUKro1Kh3dFpWJykblovLR7VGF6I6oYnRnVCm6K6ocVYmqRtWiu6Pq0T1RjejeqGZ0X1Qruj+qHT0Q1YkejOpGD0X1ooej+tEjUYPo0ahh1ChqHDWJmv6l64dwJtfjvpvtblNtD9vTvmx72d62j+1r+9lXbH/7qh1gX7MD7SA72L5uh9g37FD7ph1mh9sR9i070o6yo+0YO9aOs+Pt23aCfcdOtO/aSXaynWKn2ml2up1h37Mz7Sw7275v59gP7Fw7z863C+xC+6FdZBfbNPuRXWI/tkvtMrvcrrAr7Sq72q6xa+06u95usBvtJrvZbrFb7Sd2m91ud9iddpfdbffYT+1e+5ndZz+3++0X9oD9m1XwpT1kv7KH7df2iP3GHrXf2mP2O3vcfm9P2JP2lP3BnrY/2jP2rD1nf7Ln7c/2gv3FXrTh0sn9pY93MmQoA2WgTJSJslAWykpZKRtlowQlKDtlpxyUg3JSTspNuSkv5aX8lJ8uYWIqQAUoSUkqRIUohVKoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qA76U66i+6iKlSFqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVAml9llcVe5rO5ql81d434f53Z5XF6Xz+V31uV0uf4lJudciivsiriizrtirri76Q9xGVfWlXPl3e2ugrvDVfxDXN3d42q4e11Nd5+r5u7+l7iWu9/Vdo+4Ou5RV9c1cvVcE1ffPeIauEddQ9fINXZNXCv3pGvtnnJt3NOurXvmD/Eit9itdevcerfB7XWfuXPuJ3fUfevOu59dN9fd9XOvuP7uVTfAveYGukF/iEe4t9xIN8qNdmPcWDfuD/EUN9VNc9PdDPeem+lm/SFe6D50c1yam+vmufluwa/xpZrS3EduifvYLXXL3HK3wq10q9xqt+a/al3hNrnNbovb4z5129x2t8PtdLvc7l/jS/vY5z53+90X7oj7xh10X7pD7pg77L7+Nb60v2PuO3fcfe9OuJPulPvBnXY/ujPu7K/7v7T3H9wv7qILDhhZsWbDEWfgjJyJM3MWvoqz8tWcja/hBF/L2fk6zsHXc07Oxbk5D+flfJyfLRM7Zo65ABfkJN/AhfhGTuHCXISLsudiXJxv4hJ8M5fkW7gU38ql+TYuw2W5HJfn27kC38EV+U6uxHdxZa7CVbka383V+R6uwfdyTb6Pa/H9XJsf4Dr8INflh7geP8z1+RFuwI9yQ27EjbkJN+XHuBk/zs25BbfkJ7gVP8mt+Sluw09zW36G2/Gz3J6f4w78PHfkF7gTd+Yu/CJ35Ze4G3fnVO7BPfll7sW9uQ/35X78CvfnV3kAv8YDeRAP5td5CL/BQ/lNHsbDeQS/xSN5FI/mMTyWx/F4fpsn8Ds8kd/lSTyZp/BUnsbTeQa/xzN5Fs/m93kOf8BzeR7P5wW8kD/kRbyY0/gjXsIf81Jexst5Ba/kVbya1/BaXsfreQNv5E28mbfwVv6Et/F23sE7eRfv5j38Ke/lz3gff877+Qs+wH/jg/wlH+Kv+DB/zUf4Gz7K3/Ix/o6P8/d8gk/yKf6BT/OPfIbP8jn+ic/zz3yBf+GLHBhijFWsYxNHcYY4Y5wpzhxnia+Ks8ZXx9nia+JEfG2cPb4uzhFfH+eMc8W54zxx3jhfnD+2McUu5jiOC8QF42R8Q1wovjFOiQvHReKisY+LxcXjm+IS8c1xyfiWuFR8a1w6vi0uE5eNH7mvfHx7XCG+I64Y3xlXiu+KK8dV4qpxtfjuuHp8T1wjvjeuGd8Xl4zvj2vHD8R14gfjuvFDcb344bh+/EjcIH40bhg3ihvHTeKm8WNxs/jxuHncIm4ZPxG3ip+MW8dPxW3ip+O28TN/ejw17hH3jF+OX45DuFfPTy5ILkx+mFyUXJxMS36UXJL8OLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ObklGUK1jODRK6+98ZHP4DP6TD6zz+Kv8ln91T6bv8Yn/LU+u7/O5/DX+5w+l8/t8/i8Pp/P760n7zz72BfwBX3S3+AL+Rt9ii/si/ii3vtivrhv4pv6pr6Zf9w39y18S/+Ef8I/6Z/0T/mn/NO+rX/Gt/PP+vb+Od/BP++f9y/4Tr6z7+Jf9F39S76b7+5Tfarv6Xv6Xr6X7xOB7+f7+f6+vx/gB/iBfqAf7Af7IX6IH+qH+mF+mB/hR/iRfqQf7Uf7sX6sH+/H+wl+gp/oJ/pJfpKf4qf4aX6an+Fn+Jl+pp/tZ/s5KXP8XD/Xz/fz/UK/0C/yi3yaT/NL/BK/1C/1y/1yv9Kv9Kv9ar/Wr/Xr/Xq/0W/0m/1mv9Vv9dv8Nr/D7/C7/C6/x+/xe/1ev8/v8/v9fn/AH/AH/UF/yH/lD/uv/RH/jT/qv/XH/Hf+uP/en/An/Sn/gz/tf/Rn/Fl/zv/kz/uf/QX/i7/ogx+feDsxIfFOYmLi3cSkzJMTUxJTE9MS0xMzEu8lZiZmJWYn3k/MSXyQmJuYl5ifWJBYmPgwsSixOJGW+CixJPFxYmliWWJ5YkViZWJVIoR82+JQIBQMyXBDKBRuDCmhcCgSigYfioXi4aZQItwcSoZbQqlwaygdbgtlQtlQLjwaGoZGoXFoEpqGx0Kz8HhoHlqEluGJ0Co8GVqHp0Kb8HRoG54J7cKzoX14LnQIz4eO4YXQKXQOXcKLoWt4KXQL3UNq6BF6hpdDr9A79Al9Q7/wSugfXg0DwmthYBgUBofXw5DwRhga3gzDwvAwIrwVRoZRYXQYE8aGcWF8eDtMCO+EieHdMClMDlPC1DAtTA8zwnthZpgVZof3w5zwQZgb5oX5YUFYGD4Mi8LikBY+CkvCx2FpWBaWhxVhZVgVVoc1YW1YF9aHDWFj2BQ2hy1ha/gkbAvbw46wM+wKu8Oe8GnYGz4L+8LnYX/4IhwIfwsHw5fhUPgqHA5fhyPhm3A0fBuOhe/C8fB9OBFOhlPhh3A6/BjOhLPhXPgpnA8/hwvhl3Dx179Z636lbqILIYQQQvyPkfonx3v8m++pf4xLegLA1dvzHP7tcQ0AG3P+fd5b5W2VAICnu3d86J+jcuXU1H8+7lINUcF5AJC4nJ8BLsfLoCU8CW2gBZSAf/766rd6q87n+U/WT94KkOU3OZngcnx5/Zv/7f57q1Fz/nT9eQApBS/nZIbL8eX1S/5v1s/V7E/Wz/zleIDmv8nJCpfjy+sXh8fhGWjzLz8phBBCCCGEEEL8XW9Vrv2fXd9euj7Pay7nZITL8W+vz4UQQgghhBBCCPHf03Oduzz1WJs2LdrL5L/jZLe0SSZXZnKF35iEEEIIIYQQf7nLJ/1XuhIhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECL9+v/x78Su9B6FEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIK+1/BQAA///apiom")
write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
write$uinput_user_dev(r4, &(0x7f0000000640)={'syz0\x00', {0x3, 0x6, 0x7}, 0x49, [0x3, 0x0, 0x4, 0x1, 0x1, 0x5, 0xfb, 0x3, 0x8, 0xf, 0x7, 0x3, 0xfffffffe, 0x101, 0x400, 0x3, 0x4, 0x3, 0x8, 0x4, 0xfc, 0xfffffffe, 0x2, 0x100, 0x8000, 0xfff, 0x400, 0x0, 0x5, 0x401, 0x9, 0x3, 0x10, 0x3, 0x4, 0x0, 0x27, 0x7, 0x0, 0x8, 0x1192, 0x8, 0x5, 0x8, 0x7, 0x2, 0x10001, 0x7, 0x2b2, 0x4, 0x1ad0, 0x1, 0x6, 0x1, 0xedbe, 0x4, 0x2, 0x7, 0xa3, 0xfffffff8, 0x6, 0x80, 0x2, 0x81], [0x1, 0x8001, 0x563, 0x2, 0x0, 0x0, 0x4, 0x854f000, 0x2, 0x93, 0xfffffff6, 0xd2, 0x8b, 0x8ab, 0x3, 0x2a6d2895, 0x5, 0x3, 0x100, 0x1, 0x6, 0x200, 0x5, 0x7, 0x4a63, 0x5, 0x9, 0x8, 0x0, 0x9, 0x4, 0xf, 0x7, 0x401, 0x7, 0x8, 0x8000, 0xff, 0x4, 0xb0f, 0x8001, 0xdfcf, 0xc1f40800, 0x9, 0x2, 0x2, 0x6, 0x0, 0x9, 0xf, 0x0, 0x2, 0xfffff2a1, 0x9, 0x3cb, 0x5bda, 0x1, 0xdefe, 0x7, 0x7, 0x4, 0x524, 0x8001, 0x1], [0x6, 0x4, 0x7, 0xe000, 0x7, 0x3, 0x23, 0xc, 0x2, 0x4, 0x6, 0xfffffff8, 0x9, 0x300000, 0x80000001, 0x4, 0x8, 0x4, 0xd, 0x9, 0x8001, 0x2, 0x2, 0x4, 0x7, 0x1, 0x6, 0x2, 0x400, 0x20400, 0xff, 0x166, 0x7, 0xc8f, 0x3, 0x8, 0x3, 0x1, 0x1000, 0x7fffffff, 0x9, 0x8, 0x1000, 0x10, 0x6, 0xfeb, 0x100, 0x8, 0x3ff, 0x39, 0xa18858f, 0x9, 0x1, 0x9, 0xffc00000, 0x7, 0x4, 0x9, 0x4, 0x3, 0xfffffffd, 0x40, 0x5ff, 0x3a], [0xaeaf, 0x6, 0x2, 0x7ff, 0x3ff, 0x800, 0x8, 0x6, 0x1, 0x5, 0x9, 0x10000, 0x8a4, 0x5, 0xdd, 0xb5, 0x2, 0x1, 0x2, 0xcb32, 0x3, 0xf018, 0x9, 0x0, 0xda19, 0x80000001, 0x10001, 0x0, 0x4, 0x0, 0x5, 0xcc1, 0x8, 0x3, 0x2, 0xb, 0x3, 0x1, 0x0, 0xb7b, 0xffffff4a, 0x4, 0x7886, 0xbf8d, 0x9, 0x46dc, 0x1, 0x40, 0x9, 0x9, 0x10001, 0x1, 0x8, 0x10, 0x770, 0x0, 0x10001, 0x3ff, 0x5, 0x7, 0x8, 0x7d1, 0x1, 0x8]}, 0x45c)

11.573821918s ago: executing program 2 (id=4197):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

10.945549739s ago: executing program 2 (id=4205):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c850000002b000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x143}, 0x48)

10.80506358s ago: executing program 51 (id=4205):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c850000002b000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x143}, 0x48)

7.091815649s ago: executing program 7 (id=4256):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
unshare(0x28000600)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
userfaultfd(0x80000)
getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x83, &(0x7f0000000080)={'filter\x00', 0x0, 0x0, 0x90, [], 0x0, 0x0, 0x20001100}, &(0x7f0000000100)=0x108)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000040))
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCGETA(r3, 0x5405, &(0x7f0000000000))
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xd8, 0x1403, 0x1, 0x70bd29, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wlan0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'batadv_slave_0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4}, 0x20040004)

5.742496828s ago: executing program 9 (id=4255):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@gettfilter={0x2c, 0x2e, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x7, 0xc}, {0x0, 0xfff1}, {0x7, 0x2}}, [{0x8, 0xb, 0x2d}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4041080)

5.457596851s ago: executing program 9 (id=4257):
timer_create(0x7, 0x0, &(0x7f00000007c0)=<r0=>0x0)
clock_gettime(0x0, &(0x7f0000000800))
timer_settime(r0, 0x1, 0x0, 0x0)
timer_gettime(r0, &(0x7f0000000040))
timer_gettime(r0, &(0x7f0000000000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000005000000fd0900008400000000000000", @ANYRES32, @ANYBLOB="0000b73743daf59e6bdb00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x5c, 0x10, 0x40d, 0x70bd2a, 0x4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5019}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @remote}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x6c, r1}, 0x38)
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100"], 0x0)

3.763710697s ago: executing program 4 (id=4272):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x0, 0x0, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x30, 0x0, &(0x7f00000000c0))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x68, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.284628756s ago: executing program 9 (id=4274):
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x44840)
r0 = socket(0x22, 0x2, 0x4)
setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
mknod$loop(0x0, 0x2000, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

3.177600004s ago: executing program 4 (id=4275):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
sendto$inet(r0, &(0x7f00000003c0)='%', 0x1, 0x2400c0c1, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

2.979383631s ago: executing program 9 (id=4276):
socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2)
getsockname$packet(r2, &(0x7f0000000400)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@delchain={0x3c, 0x64, 0xf31, 0xfffffffb, 0x400, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008051}, 0x4000)

2.849525061s ago: executing program 4 (id=4277):
socket$netlink(0x10, 0x3, 0x4)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2040}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x18, 0x0, 0x200, 0x70bd2d, 0x25dfdfff, {}, [@TIPC_NLA_NODE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r4, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050004000000140004"], 0x58}}, 0x0)

2.410009417s ago: executing program 9 (id=4278):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f00000000c0)=0xfffffffe, 0x4)
r1 = syz_usb_connect(0x3, 0x3e, &(0x7f00000010c0)=ANY=[@ANYBLOB="12010000d684e120080490303fa60102030109022c0002000000000904fa00000e0100000904000001ff041000090500000000000000080bb679"], 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000a00)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000800)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xa}}], 0x18}}], 0x1, 0x4000040)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000f40)={'filter\x00', 0x10, 0x4, 0x3f0, 0x110, 0x0, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e5fce0c960bc", @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1e}, 0xf, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x2}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@remote, @broadcast, @loopback, 0x1, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0xa2, &(0x7f0000000200)=ANY=[@ANYBLOB="0402009aaa273531b140e25c766511eb303df82f455cf8a6acf68fa42c4c4eabe13d8583ff85c98eb6787e7e8430226400e6d0bbec2ba22bed55f9d7b1a96da9bc3e9a95b351aa5dae0ec8e57298f7825c33f10dd9af17b5a338229da6ffd41976b0077d958184a365a9922fb446b9b0b32cf7dd4d0cb18c5722617384ebb412ffcea763b1edf8c80854841d24a6cb1a1a8eec79185489b1f393284a1f156c0b266094b4562a1bb49c94ac301e9ddbb6dc9b7f6a0d089c8a628d709b8cc7b5fa483cdf2554d37f9222decbed9b38a938f0f8a80c2202bbe2e65568fcb27c743a74e22bc45ba3d0acb53100887d060ca41a76b8f248e2dc61d929735012897d32fcfd34fb1326efab3553838b7563fbd309366262f3eb4696d6d61f08be1c4a"])

2.287913586s ago: executing program 4 (id=4279):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x80})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

1.925145166s ago: executing program 4 (id=4280):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000008500000031000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000140)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000000040))
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r3=>0x0})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x54, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x1d3}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0xeab}, {0x8, 0xb, 0x7}]}, 0x54}}, 0x0)

1.609943081s ago: executing program 7 (id=4282):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r2}, 0x9)
ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x100000001)
setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @dev}, 0x10)
close(r0)

1.511015519s ago: executing program 6 (id=4283):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1f, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000200000000000000800000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
vmsplice(r2, 0x0, 0x0, 0xd)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc)

1.510312139s ago: executing program 7 (id=4284):
futex(0x0, 0x80000000000b, 0x4, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="3801"], 0x138)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@fscache}]}})
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000000400)={0x2020}, 0x2020)

1.37774363s ago: executing program 7 (id=4285):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000000)={0xa, 0x4e25, 0x40000, @rand_addr=' \x01\x00', 0x5}, 0x1c, &(0x7f00000022c0)=[{&(0x7f0000000340)='P', 0x1}], 0x1}}], 0x1, 0x24004001)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r2, &(0x7f0000000b40)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="e9", 0x1}], 0x1}}], 0x1, 0x600c000)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

1.280602177s ago: executing program 3 (id=4286):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x96f}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0x6, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080)
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

1.117075291s ago: executing program 6 (id=4287):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x0, 0x9e, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x10)
listen(r2, 0x3)

1.085254163s ago: executing program 3 (id=4288):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x0, 0x4079}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7a}, 0x8)

1.018005758s ago: executing program 6 (id=4289):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000003900)={0x2020, 0x0, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x20010080, &(0x7f0000000480)=ANY=[@ANYBLOB='allow_utime=00000000000000000000007,dmask=00000000000000001,iocharset=macroman,allow_utime=00000000000000000000002,uid=', @ANYRES64=r3, @ANYRESOCT=r1, @ANYBLOB="2a3a6dc4d70cd8504afe4f20df34ad3cf37d706dd73fd000", @ANYRESDEC=r3, @ANYRESHEX=r2], 0x1, 0x14ee, &(0x7f0000002400)="$eJzs3Au0jtX2MPA511qPW9Kb5L7mmg9v2lgkSS5JckmSJElyS0iSJAmJTW5JSELuSe4hucVO7vdb7klyJEkSEpKsb+ic89ep842+b5y+z/8/9vyNscZecz97rneud77jfZ/n2WPvbzsOrlq/WqW6zAz/Efz7l1QAyAQA/QDgGgCIAKBU9lLZLx3PrDH1P3sQ8dd6aNqVrkBcSdL/9E36n75J/9M36X/6Jv1P36T/6Zv0P32T/guRnm2dnudaGel3yP3/9Ew+/9M36X/6Jv1P36T/6Zv0P32T/qdv0v/0Tfqfvkn/hUjPrvT95/85I+M/nrErXcdfO67wy08IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghRDpxLlxmAOCf8ytdlxBCCCGEEEIIIf46IeOVrkAIIYQQQgghhBD/7yEo0GAgggyQETJBZsgCV0FWuBqywTWQgGshO1wHOeB6yAm5IDfkgbyQD/KDBQIHDDEUgIKQhBugENwIKVAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6Ai3AmV4C6oDFWgKlSDu6E63AM14F6oCfdBLbgfzpX5e5V14SGoBw9DfXgEGsCj0BAaQWNoAk1/n48I8Jv82vAA1IEHf5f/InSFl6AbdIdU6AE94WXoBb2hD/SFfvAK9IdXYQC8BgNhEAyG12EIvAFD4U0YBsNhBLwFI2EUjIYxMBbGwXh4GybAOzAR3oVJMBmmwFSYBtNhBrwHM2EWzIb3YQ58AHNhHsyHBbAQPoRFsBjS4CNYAh/DUlgGy2EFrIRVsBrWwFpYB+thA2yETbAZtsBW+AS2wXbYATthF+yGPfAp7IXPYB98Dvvhi//L/LO/y++EgIAKFRo0mAEzYCbMhFkwC2bFrJgNs2ECE5gds//XiyU35sa8mBfzY34kJGRkLIAFMIlJLISFMAVTsAgWQY8ei2NxLIE3Y0ksiaWwFJbG0lgGy2JZLI/lsQJWwIpYESthJayMlbEqVsW78W68B2tgDayJNbEW1sLaWBvrYB2si3WxHtbD+lgfG2ADbIgNsTE2xqbYFJthM2yOzbEltsRW2ApbY2tsg22wLbbFdtgO22N77IAdsCN2xE7YGTvji/givoQvYXesrHpgT+yJvbAX9sG+2Bdfwf74Kr6Kr+FAHISD8XV8Hd/AoXgGh+FwHIEjsIIahaNxDLIah+NxPE7ACTgRJ+IknIyTcSpOw+k4A2fgTJyFs/B9nIMf4Ac4D+fhAlyIC3ERLsY0TMMleBaX4jJcjitwJa7ClbgG1+IaXI8bcD1uwk24BbfgJ/gJbsftuBN34m7cjZ/ip/gZfoYDcT/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOB7HE3gST+FJPI2n8QyexXN4Ds/jebyAz+f9ut7uwusGgrrEKKMyqAwqk8qksqgsKqvKqrKpbCqhEiq7yq5yqBwqp8qpcqvcKq/Kq/Kr/IoUKVaxKqAKqKRKqkKqkEpRKaqIKqK88qq4Kq5KqBKqpCqpSqlbVWl1myqjyqoWvrwqryqolr6iulNVUpVUZVVFVVXVVDVVXVVXNVQNVVPVVLVULVVbPaDqqB7YBx9SlzpTXw3CBmowNlSNVGPVRL2Bj6lmaig2Vy1US/WEGo7DsLVq5tuop1VbNRrbqWfVGHxOdVDjsKN6QXVSnVUX9aLqqpr7bqq7moQ9VE81FXup3qqP6qtmYhV1qWNV1WtqoBqkBqvX1QJ8Qw1Vb6phargaod5SI9UoNVqNUWPVODVeva0mqHfURPWumqQmqylqqpqmpqsZ6j01U81Ss9X7ao76QM1V89R8tUAtVB+qRWqxSlMfqSXqY7VULVPL1Qq1Uq1Sq9UatVatU+vVBrVRbVKb1Ra1VX2itqntaofaqXap3WqP+lTtVZ+pfepztV99oQ4oTAX4Uh1SX6nD6mt1RH2jjqpv1TH1nTquvlcn1El1Sv2gTqsf1Zlf3xsBQP2sLqhf1EUVFGjUSmttdKQz6Iw6k86ss+irdFZ9tc6mr9EJfa3Orq/TOfT1OqfOpXPrPDqvzqfza6tJO8061gV0QZ3UN+hC+kadogvrIrqo9rqYLq5v0iX0zbqkvkWX0rfq0vo2XUaX1eV0eX27rqDv0BX1nbqSvktX1lV0VV1N362r63t0DX2vrqnv07X0/bq2fkDX0Q/quvohXU8/rOvrR3QD/ahuqBvpxrqJbqof083047q5bqFb6id0K/2kbq2f0m3007qtfka308/q9vo53UE/rzvqF3Qn3Vl30b/oizrobrq7TtU9dE/9su6le+s+uq/up1/R/fWreoB+TQ/Ug/Rg/boeot/QQ/Wbepgerkfot/RIPUqP1mP0WD1Oj9dv6wn6HT1Rv6sn6cl6ip6qp+npus8/Vpr9f5D/zr/JH/Dro2/RW/UnepvernfonXqX3q336D16r96r9+l9er/erw/oA/qgPqgP6UP6sD6sj+gj+qg+qo/pY/q4Pq5P6JP6J/2DPq1/1Gf0WX1W/6TP6/P6wj+eAzBolNHGmMhkMBlNJpPZZDFXmazmapPNXGMS5lqT3VxncpjrTU6Ty+Q2eUxek8/kN9aQcYZNbAqYgiZpbjCFzI0mxRQ2RUxR400xU9zc9B/n/1l9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL532RSpSkYlMlCHKEGWKMkVZoixR1ihrlC3KFiWiRJQ9yh7liK6Pcka5otxRnihvlC/KH9mIIhdxFEcFooJRMrohKhTdGKVEhaMiUdHIR8Wi4tFNUYno5qhkdEtUKro1Kh3dFpWJykblovLR7VGF6I6oYnRnVCm6K6ocVYmqRtWiu6Pq0T1RjejeqGZ0X1Qruj+qHT0Q1YkejOpGD0X1ooej+tEjUYPo0ahh1ChqHDWJmv6l64dwJtfjvpvtblNtD9vTvmx72d62j+1r+9lXbH/7qh1gX7MD7SA72L5uh9g37FD7ph1mh9sR9i070o6yo+0YO9aOs+Pt23aCfcdOtO/aSXaynWKn2ml2up1h37Mz7Sw7275v59gP7Fw7z863C+xC+6FdZBfbNPuRXWI/tkvtMrvcrrAr7Sq72q6xa+06u95usBvtJrvZbrFb7Sd2m91ud9iddpfdbffYT+1e+5ndZz+3++0X9oD9m1XwpT1kv7KH7df2iP3GHrXf2mP2O3vcfm9P2JP2lP3BnrY/2jP2rD1nf7Ln7c/2gv3FXrTh0sn9pY93MmQoA2WgTJSJslAWykpZKRtlowQlKDtlpxyUg3JSTspNuSkv5aX8lJ8uYWIqQAUoSUkqRIUohVKoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qA76U66i+6iKlSFqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVAml9llcVe5rO5ql81d434f53Z5XF6Xz+V31uV0uf4lJudciivsiriizrtirri76Q9xGVfWlXPl3e2ugrvDVfxDXN3d42q4e11Nd5+r5u7+l7iWu9/Vdo+4Ou5RV9c1cvVcE1ffPeIauEddQ9fINXZNXCv3pGvtnnJt3NOurXvmD/Eit9itdevcerfB7XWfuXPuJ3fUfevOu59dN9fd9XOvuP7uVTfAveYGukF/iEe4t9xIN8qNdmPcWDfuD/EUN9VNc9PdDPeem+lm/SFe6D50c1yam+vmufluwa/xpZrS3EduifvYLXXL3HK3wq10q9xqt+a/al3hNrnNbovb4z5129x2t8PtdLvc7l/jS/vY5z53+90X7oj7xh10X7pD7pg77L7+Nb60v2PuO3fcfe9OuJPulPvBnXY/ujPu7K/7v7T3H9wv7qILDhhZsWbDEWfgjJyJM3MWvoqz8tWcja/hBF/L2fk6zsHXc07Oxbk5D+flfJyfLRM7Zo65ABfkJN/AhfhGTuHCXISLsudiXJxv4hJ8M5fkW7gU38ql+TYuw2W5HJfn27kC38EV+U6uxHdxZa7CVbka383V+R6uwfdyTb6Pa/H9XJsf4Dr8INflh7geP8z1+RFuwI9yQ27EjbkJN+XHuBk/zs25BbfkJ7gVP8mt+Sluw09zW36G2/Gz3J6f4w78PHfkF7gTd+Yu/CJ35Ze4G3fnVO7BPfll7sW9uQ/35X78CvfnV3kAv8YDeRAP5td5CL/BQ/lNHsbDeQS/xSN5FI/mMTyWx/F4fpsn8Ds8kd/lSTyZp/BUnsbTeQa/xzN5Fs/m93kOf8BzeR7P5wW8kD/kRbyY0/gjXsIf81Jexst5Ba/kVbya1/BaXsfreQNv5E28mbfwVv6Et/F23sE7eRfv5j38Ke/lz3gff877+Qs+wH/jg/wlH+Kv+DB/zUf4Gz7K3/Ix/o6P8/d8gk/yKf6BT/OPfIbP8jn+ic/zz3yBf+GLHBhijFWsYxNHcYY4Y5wpzhxnia+Ks8ZXx9nia+JEfG2cPb4uzhFfH+eMc8W54zxx3jhfnD+2McUu5jiOC8QF42R8Q1wovjFOiQvHReKisY+LxcXjm+IS8c1xyfiWuFR8a1w6vi0uE5eNH7mvfHx7XCG+I64Y3xlXiu+KK8dV4qpxtfjuuHp8T1wjvjeuGd8Xl4zvj2vHD8R14gfjuvFDcb344bh+/EjcIH40bhg3ihvHTeKm8WNxs/jxuHncIm4ZPxG3ip+MW8dPxW3ip+O28TN/ejw17hH3jF+OX45DuFfPTy5ILkx+mFyUXJxMS36UXJL8OLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ObklGUK1jODRK6+98ZHP4DP6TD6zz+Kv8ln91T6bv8Yn/LU+u7/O5/DX+5w+l8/t8/i8Pp/P760n7zz72BfwBX3S3+AL+Rt9ii/si/ii3vtivrhv4pv6pr6Zf9w39y18S/+Ef8I/6Z/0T/mn/NO+rX/Gt/PP+vb+Od/BP++f9y/4Tr6z7+Jf9F39S76b7+5Tfarv6Xv6Xr6X7xOB7+f7+f6+vx/gB/iBfqAf7Af7IX6IH+qH+mF+mB/hR/iRfqQf7Uf7sX6sH+/H+wl+gp/oJ/pJfpKf4qf4aX6an+Fn+Jl+pp/tZ/s5KXP8XD/Xz/fz/UK/0C/yi3yaT/NL/BK/1C/1y/1yv9Kv9Kv9ar/Wr/Xr/Xq/0W/0m/1mv9Vv9dv8Nr/D7/C7/C6/x+/xe/1ev8/v8/v9fn/AH/AH/UF/yH/lD/uv/RH/jT/qv/XH/Hf+uP/en/An/Sn/gz/tf/Rn/Fl/zv/kz/uf/QX/i7/ogx+feDsxIfFOYmLi3cSkzJMTUxJTE9MS0xMzEu8lZiZmJWYn3k/MSXyQmJuYl5ifWJBYmPgwsSixOJGW+CixJPFxYmliWWJ5YkViZWJVIoR82+JQIBQMyXBDKBRuDCmhcCgSigYfioXi4aZQItwcSoZbQqlwaygdbgtlQtlQLjwaGoZGoXFoEpqGx0Kz8HhoHlqEluGJ0Co8GVqHp0Kb8HRoG54J7cKzoX14LnQIz4eO4YXQKXQOXcKLoWt4KXQL3UNq6BF6hpdDr9A79Al9Q7/wSugfXg0DwmthYBgUBofXw5DwRhga3gzDwvAwIrwVRoZRYXQYE8aGcWF8eDtMCO+EieHdMClMDlPC1DAtTA8zwnthZpgVZof3w5zwQZgb5oX5YUFYGD4Mi8LikBY+CkvCx2FpWBaWhxVhZVgVVoc1YW1YF9aHDWFj2BQ2hy1ha/gkbAvbw46wM+wKu8Oe8GnYGz4L+8LnYX/4IhwIfwsHw5fhUPgqHA5fhyPhm3A0fBuOhe/C8fB9OBFOhlPhh3A6/BjOhLPhXPgpnA8/hwvhl3Dx179Z636lbqILIYQQQvyPkfonx3v8m++pf4xLegLA1dvzHP7tcQ0AG3P+fd5b5W2VAICnu3d86J+jcuXU1H8+7lINUcF5AJC4nJ8BLsfLoCU8CW2gBZSAf/766rd6q87n+U/WT94KkOU3OZngcnx5/Zv/7f57q1Fz/nT9eQApBS/nZIbL8eX1S/5v1s/V7E/Wz/zleIDmv8nJCpfjy+sXh8fhGWjzLz8phBBCCCGEEEL8XW9Vrv2fXd9euj7Pay7nZITL8W+vz4UQQgghhBBCCPHf03Oduzz1WJs2LdrL5L/jZLe0SSZXZnKF35iEEEIIIYQQf7nLJ/1XuhIhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECL9+v/x78Su9B6FEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIK+1/BQAA///apiom")
write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
write$uinput_user_dev(r4, &(0x7f0000000640)={'syz0\x00', {0x3, 0x6, 0x7}, 0x49, [0x3, 0x0, 0x4, 0x1, 0x1, 0x5, 0xfb, 0x3, 0x8, 0xf, 0x7, 0x3, 0xfffffffe, 0x101, 0x400, 0x3, 0x4, 0x3, 0x8, 0x4, 0xfc, 0xfffffffe, 0x2, 0x100, 0x8000, 0xfff, 0x400, 0x0, 0x5, 0x401, 0x9, 0x3, 0x10, 0x3, 0x4, 0x0, 0x27, 0x7, 0x0, 0x8, 0x1192, 0x8, 0x5, 0x8, 0x7, 0x2, 0x10001, 0x7, 0x2b2, 0x4, 0x1ad0, 0x1, 0x6, 0x1, 0xedbe, 0x4, 0x2, 0x7, 0xa3, 0xfffffff8, 0x6, 0x80, 0x2, 0x81], [0x1, 0x8001, 0x563, 0x2, 0x0, 0x0, 0x4, 0x854f000, 0x2, 0x93, 0xfffffff6, 0xd2, 0x8b, 0x8ab, 0x3, 0x2a6d2895, 0x5, 0x3, 0x100, 0x1, 0x6, 0x200, 0x5, 0x7, 0x4a63, 0x5, 0x9, 0x8, 0x0, 0x9, 0x4, 0xf, 0x7, 0x401, 0x7, 0x8, 0x8000, 0xff, 0x4, 0xb0f, 0x8001, 0xdfcf, 0xc1f40800, 0x9, 0x2, 0x2, 0x6, 0x0, 0x9, 0xf, 0x0, 0x2, 0xfffff2a1, 0x9, 0x3cb, 0x5bda, 0x1, 0xdefe, 0x7, 0x7, 0x4, 0x524, 0x8001, 0x1], [0x6, 0x4, 0x7, 0xe000, 0x7, 0x3, 0x23, 0xc, 0x2, 0x4, 0x6, 0xfffffff8, 0x9, 0x300000, 0x80000001, 0x4, 0x8, 0x4, 0xd, 0x9, 0x8001, 0x2, 0x2, 0x4, 0x7, 0x1, 0x6, 0x2, 0x400, 0x20400, 0xff, 0x166, 0x7, 0xc8f, 0x3, 0x8, 0x3, 0x1, 0x1000, 0x7fffffff, 0x9, 0x8, 0x1000, 0x10, 0x6, 0xfeb, 0x100, 0x8, 0x3ff, 0x39, 0xa18858f, 0x9, 0x1, 0x9, 0xffc00000, 0x7, 0x4, 0x9, 0x4, 0x3, 0xfffffffd, 0x40, 0x5ff, 0x3a], [0xaeaf, 0x6, 0x2, 0x7ff, 0x3ff, 0x800, 0x8, 0x6, 0x1, 0x5, 0x9, 0x10000, 0x8a4, 0x5, 0xdd, 0xb5, 0x2, 0x1, 0x2, 0xcb32, 0x3, 0xf018, 0x9, 0x0, 0xda19, 0x80000001, 0x10001, 0x0, 0x4, 0x0, 0x5, 0xcc1, 0x8, 0x3, 0x2, 0xb, 0x3, 0x1, 0x0, 0xb7b, 0xffffff4a, 0x4, 0x7886, 0xbf8d, 0x9, 0x46dc, 0x1, 0x40, 0x9, 0x9, 0x10001, 0x1, 0x8, 0x10, 0x770, 0x0, 0x10001, 0x3ff, 0x5, 0x7, 0x8, 0x7d1, 0x1, 0x8]}, 0x45c)

999.674ms ago: executing program 3 (id=4290):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001800dd8d000000000000000002000000000000060000000008001e0002"], 0x30}}, 0x4090)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000006800d50300000000000000000a0000000000000004000b000800010002"], 0x24}}, 0x0)

908.290198ms ago: executing program 6 (id=4291):
r0 = epoll_create(0x7)
r1 = epoll_create1(0x0)
r2 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0))
r3 = epoll_create1(0x0)
r4 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0))
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000080))

573.198994ms ago: executing program 4 (id=4292):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x1})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x7})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18}, './file0\x00'})

572.863684ms ago: executing program 3 (id=4293):
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_any}], [], 0x6b}})
chdir(&(0x7f00000001c0)='./file0\x00')
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)

568.520625ms ago: executing program 6 (id=4302):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x4}, 0x0, 0x1, 0x1}, {{@in6=@local, 0x0, 0x6c}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3504, 0x4}}, 0xe8)
r3 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r3, &(0x7f0000006200)=[{{0x0, 0x0, 0x0}, 0x72d}], 0x1, 0x2000000022, 0x0)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

451.676384ms ago: executing program 3 (id=4294):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r2, 0x0)
shutdown(r1, 0x0)
connect$unix(r1, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r3 = accept(r2, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000002240)='\x00', 0xfffffe76, 0x44810, 0x0, 0x0)

421.925237ms ago: executing program 7 (id=4295):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e21, @rand_addr=0x64010102}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000080)={r3, @in6={{0xa, 0x4e23, 0x1797bd42, @private0, 0x6}}}, &(0x7f0000000180)=0x84)

185.608375ms ago: executing program 9 (id=4296):
openat$tun(0xffffffffffffff9c, 0x0, 0xc0041, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000180)=0x7ff, 0x4)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x40080)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)

108.125162ms ago: executing program 6 (id=4297):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
epoll_pwait(r0, &(0x7f00000000c0)=[{}, {}], 0x2, 0xfe, 0x0, 0x0)

92.357793ms ago: executing program 3 (id=4298):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000497000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000693000/0x4000)=nil, 0x4000, 0x3, 0x28011, r3, 0x0)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r4, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x2e36, 0x10000})

0s ago: executing program 7 (id=4299):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)=@ipv6_deladdrlabel={0x38, 0x48, 0x1, 0x70bd28, 0x25dfdbfe, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8, 0x2, 0x1}, @IFAL_ADDRESS={0x14, 0x1, @loopback={0xffffffffffff0000}}]}, 0x38}, 0x1, 0x0, 0x0, 0x14000000}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3, 0x0, 0x8}, 0x18)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e"], 0x1e8}}, 0x0)

kernel console output (not intermixed with test programs):

ms(): no params data found
[  475.445589][T14872] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  475.474072][T14872] bond0: (slave macvlan3): Enslaving as an active interface with an up link
[  475.549478][T14873] bond0: (slave macvlan4): Error -98 calling set_mac_address
[  475.765657][T14861] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.792074][T14861] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.872934][T14861] device bridge_slave_0 entered promiscuous mode
[  475.928027][T14861] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.974449][T14861] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.998207][T14861] device bridge_slave_1 entered promiscuous mode
[  476.183698][T14861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.225638][T14861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.349053][T14861] team0: Port device team_slave_0 added
[  476.382426][T14861] team0: Port device team_slave_1 added
[  476.478391][T14861] batman_adv: batadv0: Adding interface: batadv_slave_0
[  476.503739][T14861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  476.572415][T14861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  476.613441][T14861] batman_adv: batadv0: Adding interface: batadv_slave_1
[  476.634249][T14861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  476.682112][T14861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  476.717940][T14908] netlink: 56 bytes leftover after parsing attributes in process `syz.7.3182'.
[  476.758403][T14908] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3182'.
[  476.828157][T14861] device hsr_slave_0 entered promiscuous mode
[  476.846076][T14861] device hsr_slave_1 entered promiscuous mode
[  476.863084][T14861] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  476.882698][T14861] Cannot create hsr debugfs directory
[  477.234571][ T3989] Bluetooth: hci4: command 0x0409 tx timeout
[  477.759935][T14923] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  477.786467][T14923] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  477.811762][T14906] loop6: detected capacity change from 0 to 32768
[  477.818640][T14923] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  477.831025][T14861] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  477.968049][    C0] vkms_vblank_simulate: vblank timer overrun
[  478.006839][T14906] jfs_unlink: dtDelete returned -116
[  478.026142][T14861] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.060816][T14906] jfs_unlink: dtDelete returned -116
[  478.249691][T14861] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.354142][T14861] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.476968][ T4474] kernel write not supported for file bpf-prog (pid: 4474 comm: kworker/0:14)
[  478.571384][T14861] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  478.623442][T14861] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  478.652063][T14861] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  478.687493][T14861] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  478.689300][T14946] loop6: detected capacity change from 0 to 1024
[  478.789599][T14946] EXT4-fs (loop6): inline encryption not supported
[  478.806311][T14946] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  478.901541][T14946] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback.
[  478.937329][T14861] 8021q: adding VLAN 0 to HW filter on device bond0
[  478.995837][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  479.009339][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  479.029423][T14861] 8021q: adding VLAN 0 to HW filter on device team0
[  479.054244][T14972] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3201'.
[  479.092827][T14972] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  479.135921][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  479.166195][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  479.189850][ T4275] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.197024][ T4275] bridge0: port 1(bridge_slave_0) entered forwarding state
[  479.246315][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  479.257931][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  479.281393][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  479.306753][ T4275] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.313979][ T4275] bridge0: port 2(bridge_slave_1) entered forwarding state
[  479.314465][ T1108] Bluetooth: hci4: command 0x041b tx timeout
[  479.402867][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  479.463779][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  479.481365][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  479.563795][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  479.595588][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  479.625915][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  479.638484][T14987] loop1: detected capacity change from 0 to 128
[  479.645428][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  479.685999][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  479.714797][T14987] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  479.715550][ T7192] Trying to write to read-only block-device loop7
[  479.741238][T14861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  479.752433][T14987] ext4 filesystem being mounted at /216/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  479.806666][T14861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  479.826715][T14987] EXT4-fs (loop1): shut down requested (1)
[  479.849789][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  479.879230][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  479.888789][T14987] fscrypt (loop1, inode 12): Error -5 getting encryption context
[  479.939582][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  480.347815][T15010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3211'.
[  480.392717][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  480.401359][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  480.418740][T14861] 8021q: adding VLAN 0 to HW filter on device batadv0
[  480.626243][T15018] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  480.681959][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  480.692167][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  480.718637][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  480.731210][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  480.744817][T14861] device veth0_vlan entered promiscuous mode
[  480.753690][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  480.764210][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  480.785772][T14861] device veth1_vlan entered promiscuous mode
[  480.832468][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  480.861643][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  480.870180][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  480.897133][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  480.909459][T14861] device veth0_macvtap entered promiscuous mode
[  480.940768][T14861] device veth1_macvtap entered promiscuous mode
[  480.981527][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.014332][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.014471][T14763] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  481.034364][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.055244][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.083469][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.115914][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.158625][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.184428][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.204383][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.239646][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.277840][T14861] batman_adv: batadv0: Interface activated: batadv_slave_0
[  481.308162][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  481.330008][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  481.416338][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.420193][ T1108] Bluetooth: hci4: command 0x040f tx timeout
[  481.444626][T14763] usb 7-1: config 7 has an invalid interface number: 30 but max is 0
[  481.458312][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.474320][T14763] usb 7-1: config 7 has no interface number 0
[  481.490742][T14763] usb 7-1: config 7 interface 30 has no altsetting 0
[  481.498231][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.518990][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.542622][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.563889][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.584864][   T26] audit: type=1326 audit(1754447471.017:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  481.591543][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.626302][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.654254][T14861] batman_adv: batadv0: Interface activated: batadv_slave_1
[  481.662563][   T26] audit: type=1326 audit(1754447471.037:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  481.700892][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  481.721032][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  481.751341][T14861] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  481.762983][   T26] audit: type=1326 audit(1754447471.037:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  481.790032][T14861] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  481.809354][T14861] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  481.828385][T14861] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.840785][   T26] audit: type=1326 audit(1754447471.037:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  481.864658][T14763] usb 7-1: string descriptor 0 read error: -22
[  481.872236][T14763] usb 7-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=10.9c
[  481.900066][T14763] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.941756][   T26] audit: type=1326 audit(1754447471.037:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  481.969929][   T26] audit: type=1326 audit(1754447471.037:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  482.001613][T14763] usb_ehset_test: probe of 7-1:7.30 failed with error -32
[  482.011238][   T26] audit: type=1326 audit(1754447471.037:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  482.102051][   T26] audit: type=1326 audit(1754447471.037:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  482.144551][ T4268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.145875][   T26] audit: type=1326 audit(1754447471.037:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  482.153332][ T4268] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.200812][ T5239] usb 7-1: USB disconnect, device number 11
[  482.262192][ T4316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.266150][   T26] audit: type=1326 audit(1754447471.037:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15045 comm="syz.3.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  482.275142][ T4316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.445790][T15061] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3228'.
[  482.497089][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  482.529387][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  482.695084][T15066] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  482.704959][T15066] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  482.868457][T15079] netlink: 'syz.3.3235': attribute type 10 has an invalid length.
[  482.902173][T15079] bond0: (slave batadv0): Error -22 calling dev_set_mtu
[  483.001820][T15084] batman_adv: batadv0: Interface deactivated: dummy0
[  483.031967][T15084] batman_adv: batadv0: Removing interface: dummy0
[  483.053493][T15084] batman_adv: batadv0: Removing interface: batadv_slave_0
[  483.074792][ T4472] Bluetooth: hci0: command 0x0406 tx timeout
[  483.108295][T15084] batman_adv: batadv0: Removing interface: batadv_slave_1
[  483.474396][ T4472] Bluetooth: hci4: command 0x0419 tx timeout
[  483.522788][T15115] loop6: detected capacity change from 0 to 128
[  483.635570][T15115] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  483.691012][T15115] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  483.778404][T15115] EXT4-fs (loop6): shut down requested (1)
[  483.816868][T15113] loop9: detected capacity change from 0 to 32768
[  483.841487][T15115] fscrypt (loop6, inode 12): Error -5 getting encryption context
[  484.294123][T15128] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3251'.
[  484.754854][ T7192] Trying to write to read-only block-device loop7
[  484.854306][T15121] loop1: detected capacity change from 0 to 32768
[  484.991629][T15121] jfs_unlink: dtDelete returned -116
[  485.047134][T15121] jfs_unlink: dtDelete returned -116
[  486.662656][T15173] device wg2 entered promiscuous mode
[  486.694385][    T7] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  486.944419][    T7] usb 7-1: Using ep0 maxpacket: 16
[  487.064629][    T7] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  487.072932][    T7] usb 7-1: config 0 has no interface number 0
[  487.254479][    T7] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  487.263897][    T7] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.284416][    T7] usb 7-1: Product: syz
[  487.290048][    T7] usb 7-1: Manufacturer: syz
[  487.303850][    T7] usb 7-1: SerialNumber: syz
[  487.311424][    T7] usb 7-1: config 0 descriptor??
[  487.356502][    T7] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  487.730769][T15186] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  488.140297][T15197] loop9: detected capacity change from 0 to 1024
[  488.191709][T15197] EXT4-fs (loop9): Ignoring removed orlov option
[  488.257708][T15197] EXT4-fs (loop9): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  488.296520][T15201] kvm [15199]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x187 data 0xc0010002c0010001
[  488.334396][T15201] kvm [15199]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010003 data 0xc0010006c0010005
[  488.372915][T15201] kvm [15199]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010007 data 0x4b564d0100000011
[  488.901911][T15218] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  489.267446][T15235] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3291'.
[  489.294050][T15235] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3291'.
[  489.317511][T15235] netlink: 172 bytes leftover after parsing attributes in process `syz.7.3291'.
[  489.354554][    T7] gspca_spca1528: reg_r err -71
[  489.359636][    T7] spca1528: probe of 7-1:0.1 failed with error -71
[  489.375638][    T7] usb 7-1: USB disconnect, device number 12
[  489.796366][ T7192] Trying to write to read-only block-device loop7
[  489.809628][T15265] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3303'.
[  490.538170][T15267] loop9: detected capacity change from 0 to 40427
[  490.591298][T15267] F2FS-fs (loop9): build fault injection attr: rate: 771, type: 0x1ffff
[  490.650020][T15267] F2FS-fs (loop9): invalid crc value
[  490.682416][T15267] F2FS-fs (loop9): Found nat_bits in checkpoint
[  490.772969][T15267] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  490.962150][T15307] F2FS-fs (loop9) : inject checkpoint error in f2fs_balance_fs of f2fs_vm_page_mkwrite+0x427/0xde0
[  491.330602][T15316] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3323'.
[  491.822245][ T5239] libceph: connect (1)[c::]:6789 error -101
[  491.834658][ T5239] libceph: mon0 (1)[c::]:6789 connect error
[  492.126451][ T5239] libceph: connect (1)[c::]:6789 error -101
[  492.136148][ T5239] libceph: mon0 (1)[c::]:6789 connect error
[  492.423598][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  492.423615][   T26] audit: type=1326 audit(1754447481.847:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15343 comm="syz.6.3331" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x0
[  492.603460][T15329] ceph: No mds server is up or the cluster is laggy
[  492.656462][ T5239] libceph: connect (1)[c::]:6789 error -101
[  492.662680][ T5239] libceph: mon0 (1)[c::]:6789 connect error
[  493.162039][T15372] loop1: detected capacity change from 0 to 512
[  493.335885][T15372] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  493.351736][T15381] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3344'.
[  493.371242][T15372] ext4 filesystem being mounted at /231/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  493.382730][T15381] device bridge_slave_1 left promiscuous mode
[  493.392813][T15381] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.466713][T15381] device bridge_slave_0 left promiscuous mode
[  493.494657][T15381] bridge0: port 1(bridge_slave_0) entered disabled state
[  493.608151][T15372] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.3342: No space for directory leaf checksum. Please run e2fsck -D.
[  493.648130][T15372] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.3342: checksumming directory block 0
[  493.745892][T11928] EXT4-fs error (device loop1): __ext4_get_inode_loc:4321: comm syz-executor: Invalid inode table block 3874091957 in block_group 0
[  493.853378][T11928] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  493.924734][T11928] EXT4-fs error (device loop1): ext4_quota_off:6513: inode #4: comm syz-executor: mark_inode_dirty error
[  494.125847][T15408] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3352'.
[  494.149097][T15408] IPv6: ADDRCONF(NETDEV_CHANGE): gre6: link becomes ready
[  494.198608][T15408] netlink: 260 bytes leftover after parsing attributes in process `syz.1.3352'.
[  494.293497][T15415] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3358'.
[  494.613761][T15428] loop6: detected capacity change from 0 to 1024
[  494.724857][T15428] EXT4-fs error (device loop6): ext4_ext_check_inode:501: inode #4: comm syz.6.3364: pblk 98 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  494.754877][T15428] EXT4-fs error (device loop6): ext4_quota_enable:6418: comm syz.6.3364: Bad quota inode: 4, type: 1
[  494.787326][T15428] EXT4-fs warning (device loop6): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  494.807643][T15428] EXT4-fs (loop6): mount failed
[  494.834455][ T7192] Trying to write to read-only block-device loop7
[  495.515354][T15474] loop9: detected capacity change from 0 to 4096
[  495.604598][T15474] NILFS (loop9): unrecognized mount option "p±'L7žS#L7Öaºöršaºñ.åï	Ëmv™nbMíÖ—?Ö6®S»a˜­þ�¯³k†�ÙÙ•ÿäK>ÛS;vuá¥kª(°å>=™wñI’´éàòmðõè˜z°"7\çfܳ°9­¥�÷Vþƒç�ç‡-°ÓŸåWùïÞ²ÆaëìÖOSiWùÌÃñ8Âx˜¯ßïY^<Ñ챞ݎ#Ëñ…nõÛázlT·úÇÏÅnõ¥œ—×áDˆ·â{:"
[  495.608461][T15482] loop1: detected capacity change from 0 to 1024
[  495.711450][T15482] EXT4-fs (loop1): Ignoring removed bh option
[  495.765643][T15482] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none.
[  495.863507][T15482] overlayfs: cleanup of 'bus/work' failed (-1)
[  495.871674][T15482] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only
[  495.881752][T15482] overlayfs: conflicting lowerdir path
[  495.989699][T15496] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3389'.
[  496.463541][T15519] loop1: detected capacity change from 0 to 128
[  496.585279][T15519] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none.
[  496.618701][T15519] ext4 filesystem being mounted at /238/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  496.764800][ T4472] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  497.154663][ T4472] usb 7-1: config 8 has an invalid interface number: 177 but max is 0
[  497.163663][ T4472] usb 7-1: config 8 has no interface number 0
[  497.190539][ T4472] usb 7-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  497.212129][ T4472] usb 7-1: config 8 interface 177 has no altsetting 0
[  497.221274][ T4472] usb 7-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  497.237847][ T4472] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.274829][T15518] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  497.534668][ T4472] usb 7-1: string descriptor 0 read error: -71
[  497.574471][    C0] ir_toy 7-1:8.177: out urb status: -71
[  497.667718][T15539] loop9: detected capacity change from 0 to 1024
[  497.763175][T15539] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  497.777797][T15539] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  498.074548][ T4472] ir_toy 7-1:8.177: could not write reset command: -110
[  498.084436][    C0] ir_toy 7-1:8.177: failed to resubmit urb: -1
[  498.091672][ T4472] ir_toy: probe of 7-1:8.177 failed with error -110
[  498.106549][ T4472] usb 7-1: USB disconnect, device number 13
[  499.094627][ T4474] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  499.205028][T15587] input: syz0 as /devices/virtual/input/input26
[  499.504602][ T4474] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  499.516250][ T4474] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  499.526839][ T4474] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  499.540500][ T4474] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  499.550700][ T4474] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.564224][ T4474] usb 7-1: config 0 descriptor??
[  499.874504][ T7192] Trying to write to read-only block-device loop7
[  499.886066][T15591] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.893609][T15591] bridge0: port 1(bridge_slave_0) entered disabled state
[  500.076357][ T4474] plantronics 0003:047F:FFFF.0016: unknown main item tag 0xd
[  500.106815][ T4474] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving
[  500.119508][ T4474] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  500.376867][ T3989] usb 7-1: USB disconnect, device number 14
[  500.501010][T15608] overlayfs: upper fs does not support tmpfile.
[  500.739489][T15591] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  500.787634][T15591] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  500.933096][T15591] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  500.963931][T15591] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  500.993697][T15591] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  501.016762][T15591] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  501.211965][T15621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.326846][T15595] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3426'.
[  501.348801][T15595] IPv6: ADDRCONF(NETDEV_CHANGE): gre5: link becomes ready
[  501.365986][T15612] device veth1_macvtap left promiscuous mode
[  501.390848][T15616] device veth1_macvtap entered promiscuous mode
[  501.554691][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  501.561150][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  501.638384][T15624] loop1: detected capacity change from 0 to 32768
[  501.692158][T15624] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.3437 (15624)
[  501.763548][T15624] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  501.772925][T15624] BTRFS info (device loop1): turning on sync discard
[  501.779811][T15624] BTRFS info (device loop1): turning off barriers
[  501.786330][T15624] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  501.797233][T15624] BTRFS info (device loop1): trying to use backup root at mount time
[  501.805446][T15624] BTRFS info (device loop1): enabling auto defrag
[  501.812032][T15624] BTRFS info (device loop1): max_inline at 0
[  501.818196][T15624] BTRFS info (device loop1): using free space tree
[  501.824920][T15624] BTRFS info (device loop1): has skinny extents
[  501.923871][ T7466] BTRFS warning (device loop1): checksum verify failed on 5337088 wanted 0xe63dbdda found 0xc926492d level 0
[  501.939150][T15624] BTRFS warning (device loop1): failed to read root (objectid=2): -5
[  501.949469][ T4275] BTRFS warning (device loop1): checksum verify failed on 5324800 wanted 0x9f73850b found 0x80379423 level 0
[  501.974739][T15624] BTRFS warning (device loop1): couldn't read tree root
[  501.982380][T15624] BTRFS error (device loop1): parent transid verify failed on 5255168 wanted 5 found 7
[  501.992323][T15624] BTRFS warning (device loop1): couldn't read tree root
[  502.006203][T15624] BTRFS info (device loop1): enabling ssd optimizations
[  502.013813][T15624] BTRFS info (device loop1): clearing free space tree
[  502.020797][T15624] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  502.030608][T15624] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  502.060300][T15624] BTRFS info (device loop1): creating free space tree
[  502.068072][T15624] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  502.077798][T15624] BTRFS info (device loop1): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  502.655294][T15654] loop6: detected capacity change from 0 to 32768
[  502.873471][T15654] XFS (loop6): Mounting V5 Filesystem
[  502.949285][T15667] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3444'.
[  502.990057][T15654] XFS (loop6): Ending clean mount
[  503.010565][T15654] XFS (loop6): Quotacheck needed: Please wait.
[  503.025295][T15667] netlink: 65536 bytes leftover after parsing attributes in process `syz.1.3444'.
[  503.054656][T15667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3444'.
[  503.210408][T15654] XFS (loop6): Quotacheck: Done.
[  503.464901][T13603] XFS (loop6): Unmounting Filesystem
[  504.119039][   T26] audit: type=1326 audit(1754447749.541:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15696 comm="syz.9.3456" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb5e3e0be9 code=0x0
[  504.393250][T15711] loop1: detected capacity change from 0 to 512
[  504.481041][T15711] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3461: casefold flag without casefold feature
[  504.507841][T15711] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3461: couldn't read orphan inode 15 (err -117)
[  504.584367][T15711] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback.
[  504.913966][ T7192] Trying to write to read-only block-device loop7
[  505.293628][ T4479] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  505.553488][ T4479] usb 2-1: Using ep0 maxpacket: 32
[  505.669409][T15721] loop9: detected capacity change from 0 to 40427
[  505.693853][ T4479] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  505.701934][ T4479] usb 2-1: config 0 has no interface number 0
[  505.722070][T15743] loop6: detected capacity change from 0 to 1024
[  505.744527][T15740] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  505.757130][T15721] F2FS-fs (loop9): build fault injection attr: rate: 690, type: 0x1ffff
[  505.774976][T15740] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  505.787589][T15721] F2FS-fs (loop9): invalid crc value
[  505.807545][T15721] F2FS-fs (loop9): Found nat_bits in checkpoint
[  505.848776][T15743] EXT4-fs (loop6): Ignoring removed bh option
[  505.894300][T15743] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none.
[  505.918925][T15721] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  505.923654][ T4479] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  505.971670][T15721] attempt to access beyond end of device
[  505.971670][T15721] loop9: rw=10241, want=45104, limit=40427
[  505.973176][ T4479] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.989821][T15721] attempt to access beyond end of device
[  505.989821][T15721] loop9: rw=524288, want=45072, limit=40427
[  506.002980][T15721] attempt to access beyond end of device
[  506.002980][T15721] loop9: rw=0, want=45072, limit=40427
[  506.016599][T15721] F2FS-fs (loop9) : inject kmalloc in f2fs_kmalloc of f2fs_listxattr+0x7f/0x790
[  506.053553][ T4479] usb 2-1: Product: syz
[  506.054540][T14861] attempt to access beyond end of device
[  506.054540][T14861] loop9: rw=2049, want=45120, limit=40427
[  506.057866][ T4479] usb 2-1: Manufacturer: syz
[  506.101352][T15753] team0: Port device macvlan0 added
[  506.107212][T15743] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  506.150876][ T4479] usb 2-1: SerialNumber: syz
[  506.183927][ T4479] usb 2-1: config 0 descriptor??
[  506.225369][ T4479] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  506.243105][ T4479] usb 2-1: selecting invalid altsetting 1
[  506.249365][ T4479] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  506.284770][ T4479] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  506.310865][ T4479] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  506.352974][ T4479] usb 2-1: media controller created
[  506.389855][ T4479] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  506.513199][ T4479] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  506.521506][ T4479] zl10353_read_register: readreg error (reg=127, ret==-71)
[  506.603796][ T4479] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  506.686910][ T4479] usb 2-1: USB disconnect, device number 9
[  506.911610][T15760] all (unregistering): Released all slaves
[  506.946994][T15734] overlayfs: failed to clone upperpath
[  507.007215][T15771] loop1: detected capacity change from 0 to 16
[  507.021195][   T26] audit: type=1326 audit(1754447752.442:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.076706][   T26] audit: type=1326 audit(1754447752.452:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.105564][   T26] audit: type=1326 audit(1754447752.452:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.113044][T15771] erofs: (device loop1): mounted with root inode @ nid 36.
[  507.183608][   T26] audit: type=1326 audit(1754447752.452:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.235777][   T26] audit: type=1326 audit(1754447752.452:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.259322][   T26] audit: type=1326 audit(1754447752.452:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.284118][   T26] audit: type=1326 audit(1754447752.452:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.292731][T14764] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  507.308879][T15781] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3486'.
[  507.328570][T15781] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  507.337150][   T26] audit: type=1326 audit(1754447752.452:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.380187][   T26] audit: type=1326 audit(1754447752.452:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15770 comm="syz.6.3482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  507.460407][T15790] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  507.469771][T15790] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  507.516905][T11928] erofs: (device loop1): erofs_fill_dentries: bogus dirent @ nid 46
[  507.517349][T15790] bond0: (slave macvlan3): Error -98 calling set_mac_address
[  507.568431][T11928] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  507.582482][T14764] usb 7-1: Using ep0 maxpacket: 8
[  507.597328][T11928] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  507.712696][T14764] usb 7-1: config 0 has an invalid interface number: 200 but max is 0
[  507.725783][T14764] usb 7-1: config 0 has no interface number 0
[  507.735389][T14764] usb 7-1: config 0 interface 200 has no altsetting 0
[  507.918778][T14764] usb 7-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39
[  507.931596][T14764] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.946856][T14764] usb 7-1: Product: syz
[  507.951315][T14764] usb 7-1: Manufacturer: syz
[  507.956655][T14764] usb 7-1: SerialNumber: syz
[  507.966275][T14764] usb 7-1: config 0 descriptor??
[  507.979006][ T5230] tipc: Subscription rejected, illegal request
[  508.228073][T15820] loop9: detected capacity change from 0 to 16
[  508.280462][T15820] erofs: (device loop9): mounted with root inode @ nid 36.
[  508.304736][T14764] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.200/input/input28
[  508.323291][T15818] block nbd0: shutting down sockets
[  508.346829][T14764] usb 7-1: USB disconnect, device number 15
[  508.544606][T14861] erofs: (device loop9): erofs_fill_dentries: bogus dirent @ nid 46
[  508.571215][T14861] erofs: (device loop9): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  508.591967][T14861] erofs: (device loop9): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  508.801820][T15833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3514'.
[  508.870367][T15833] IPv6: ADDRCONF(NETDEV_CHANGE): gre7: link becomes ready
[  509.951211][ T7192] Trying to write to read-only block-device loop7
[  510.001286][T15863] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.3516'.
[  510.010495][T15863] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3516'.
[  510.993128][T15884] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3523'.
[  511.002613][T15884] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3523'.
[  511.112207][T15888] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  511.120917][T15888] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  511.503390][T15902] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  512.553958][T15930] syz.9.3537[15930] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  512.554076][T15930] syz.9.3537[15930] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  512.700026][T15937] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3540'.
[  512.867067][T15939] loop6: detected capacity change from 0 to 8192
[  513.564633][T15966] Trying to write to read-only block-device loop7
[  513.604534][ T7192] Trying to write to read-only block-device loop7
[  513.751943][T15973] all (unregistering): Released all slaves
[  513.954373][T15977] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  514.222469][T15988] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  514.256575][T15988] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  515.033497][T16015] all (unregistering): Released all slaves
[  515.115397][T16024] loop6: detected capacity change from 0 to 1024
[  515.226017][T16024] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  515.268292][T16036] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3574'.
[  516.895054][T16071] kvm [16070]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x187 data 0xc0010002c0010001
[  516.922962][T16071] kvm [16070]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010003 data 0xc0010006c0010005
[  516.958907][T16074] all (unregistering): Released all slaves
[  516.969521][T16071] kvm [16070]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010007 data 0x4b564d0100000011
[  517.550942][ T4477] kernel write not supported for file bpf-prog (pid: 4477 comm: kworker/0:15)
[  517.560528][T16092] device wg2 entered promiscuous mode
[  517.847415][T16100] netlink: 'syz.6.3597': attribute type 10 has an invalid length.
[  517.900560][T16100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  517.921030][T16100] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  517.985440][T16101] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  518.020942][T16101] batman_adv: batadv0: Removing interface: batadv_slave_0
[  518.088456][T16101] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  518.116624][T16101] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.153625][T16088] loop9: detected capacity change from 0 to 32768
[  518.189799][T16101] bond0: (slave batadv0): Releasing backup interface
[  518.244331][T16088] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 scanned by syz.9.3591 (16088)
[  518.319959][T16088] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm
[  518.343327][T16088] BTRFS info (device loop9): setting nodatacow, compression disabled
[  518.386981][T16088] BTRFS info (device loop9): max_inline at 0
[  518.423144][T16088] BTRFS info (device loop9): enabling disk space caching
[  518.448523][T16088] BTRFS info (device loop9): turning off barriers
[  518.455014][T16088] BTRFS info (device loop9): turning on flush-on-commit
[  518.493872][T16088] BTRFS info (device loop9): doing ref verification
[  518.520394][T16088] BTRFS info (device loop9): force clearing of disk cache
[  518.535620][T16088] BTRFS info (device loop9): enabling ssd optimizations
[  518.556959][T16088] BTRFS info (device loop9): max_inline at 4096
[  518.563363][T16088] BTRFS info (device loop9): disk space caching is enabled
[  518.579991][T16088] BTRFS info (device loop9): has skinny extents
[  518.825786][T16088] BTRFS info (device loop9): clearing free space tree
[  518.856825][T16088] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  518.877109][T16130] all (unregistering): Released all slaves
[  518.890102][T16088] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  520.316589][T16163] loop9: detected capacity change from 0 to 128
[  520.548373][T16168] netlink: 'syz.3.3613': attribute type 12 has an invalid length.
[  520.587091][T16168] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3613'.
[  520.739084][T16163] EXT4-fs (loop9): Ignoring removed oldalloc option
[  520.758676][T16174] tipc: Started in network mode
[  520.758851][T16163] EXT4-fs (loop9): Ignoring removed nomblk_io_submit option
[  520.763812][T16174] tipc: Node identity 080211000001, cluster identity 7
[  520.779921][T16174] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  520.826769][T16163] EXT4-fs (loop9): mounted filesystem without journal. Opts: oldalloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  520.895896][T16163] ext4 filesystem being mounted at /80/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  521.028310][   T26] kauditd_printk_skb: 37 callbacks suppressed
[  521.028327][   T26] audit: type=1326 audit(1754447766.459:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16183 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  521.110738][   T26] audit: type=1326 audit(1754447766.489:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16183 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  521.195580][   T26] audit: type=1326 audit(1754447766.489:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16183 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  521.245592][   T26] audit: type=1326 audit(1754447766.489:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16183 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  521.335088][   T26] audit: type=1326 audit(1754447766.489:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16183 comm="syz.3.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  521.420588][T16180] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  521.455525][T16180] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  521.676904][T16191] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3623'.
[  521.895442][ T4472] tipc: Node number set to 134418688
[  521.935265][T16197] capability: warning: `syz.9.3624' uses 32-bit capabilities (legacy support in use)
[  523.827196][T16214] tipc: Started in network mode
[  523.838711][T16214] tipc: Node identity 4, cluster identity 4711
[  523.863378][T16214] tipc: Node number set to 4
[  525.072523][T16224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3633'.
[  525.125704][T16224] IPv6: ADDRCONF(NETDEV_CHANGE): gre6: link becomes ready
[  526.005421][T16251] loop9: detected capacity change from 0 to 64
[  526.018893][T16249] overlayfs: failed to resolve './file1': -2
[  526.216742][T16256] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3649'.
[  526.254790][T16256] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3649'.
[  528.748953][T16156] ODEBUG: Out of memory. ODEBUG disabled
[  529.923639][T16156] net_ratelimit: 11 callbacks suppressed
[  529.923662][T16156] Set syz1 is full, maxelem 65536 reached
[  529.985898][   T26] audit: type=1326 audit(1754447775.424:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16277 comm="syz.6.3662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x0
[  530.022987][T16273] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3653'.
[  530.047980][T16273] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  530.566369][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  530.602684][T16295] bridge0: port 3(vlan3) entered blocking state
[  530.624093][T16295] bridge0: port 3(vlan3) entered disabled state
[  530.672107][T16295] device vlan3 entered promiscuous mode
[  530.761958][T16297] netlink: 'syz.7.3663': attribute type 12 has an invalid length.
[  530.769930][T16297] netlink: 'syz.7.3663': attribute type 29 has an invalid length.
[  530.779417][T16291] loop1: detected capacity change from 0 to 32768
[  530.786230][T16297] netlink: 148 bytes leftover after parsing attributes in process `syz.7.3663'.
[  530.819700][T16297] netlink: 'syz.7.3663': attribute type 2 has an invalid length.
[  530.874675][T16302] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3665'.
[  530.918938][T16291] XFS (loop1): Mounting V5 Filesystem
[  531.076524][T16291] XFS (loop1): Ending clean mount
[  531.107893][T16291] XFS (loop1): Quotacheck needed: Please wait.
[  531.309160][T16328] netlink: 88 bytes leftover after parsing attributes in process `syz.6.3673'.
[  531.327483][T16291] XFS (loop1): Quotacheck: Done.
[  531.360740][T16328] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3673'.
[  531.546734][T11928] XFS (loop1): Unmounting Filesystem
[  531.606490][T16339] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3677'.
[  531.992666][T16351] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3682'.
[  532.251538][T16359] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  532.312568][T16362] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3689'.
[  532.347059][T16362] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3689'.
[  532.380063][T16362] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3689'.
[  532.494854][T16371] device bridge_slave_0 entered promiscuous mode
[  534.285394][T16419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3711'.
[  536.169412][T16485] loop1: detected capacity change from 0 to 1024
[  536.328499][T16485] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  537.001179][T16508] loop1: detected capacity change from 0 to 1024
[  537.137167][T16508] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  537.149908][T16508] ext4 filesystem being mounted at /293/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  537.188959][T16508] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  537.242786][T16512] loop6: detected capacity change from 0 to 512
[  537.297918][T16508] EXT4-fs error (device loop1): ext4_dirty_inode:6040: inode #15: comm syz.1.3743: mark_inode_dirty error
[  537.360549][T16508] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  537.392311][T16508] EXT4-fs error (device loop1): ext4_dirty_inode:6040: inode #15: comm syz.1.3743: mark_inode_dirty error
[  537.414906][T16508] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  537.437507][T16512] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002]
[  537.445606][T16512] System zones: 0-2, 18-18, 34-35
[  537.455931][T16512] EXT4-fs error (device loop6): ext4_quota_enable:6415: inode #4: comm syz.6.3745: iget: bad i_size value: 5910974510929920
[  537.482865][T16508] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #15: comm syz.1.3743: mark_inode_dirty error
[  537.488059][T16512] EXT4-fs error (device loop6): ext4_quota_enable:6418: comm syz.6.3745: Bad quota inode: 4, type: 1
[  537.512914][T16516] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  537.522763][T16508] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  537.535781][T16516] EXT4-fs error (device loop1): ext4_update_disksize_before_punch:3930: inode #15: comm syz.1.3743: mark_inode_dirty error
[  537.549048][T16508] EXT4-fs (loop1): This should not happen!! Data will be lost
[  537.549048][T16508] 
[  537.567906][T16512] EXT4-fs warning (device loop6): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  537.595077][T16518] overlayfs: failed to clone upperpath
[  537.698224][T16512] EXT4-fs (loop6): mount failed
[  537.789968][T16527] loop9: detected capacity change from 0 to 1024
[  537.874060][T16527] EXT4-fs (loop9): Ignoring removed bh option
[  537.893801][T16527] EXT4-fs (loop9): Mount option "nouser_xattr" will be removed by 3.5
[  537.893801][T16527] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  537.893801][T16527] 
[  537.987825][T16527] EXT4-fs (loop9): mounted filesystem without journal. Opts: discard,bh,nouser_xattr,,errors=continue. Quota mode: writeback.
[  538.030589][T16536] tipc: Started in network mode
[  538.035507][T16536] tipc: Node identity de08d12ce09d, cluster identity 4711
[  538.057216][T16536] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  538.214469][T16536] device syzkaller0 entered promiscuous mode
[  538.307793][T16549] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3758'.
[  538.397308][T16535] tipc: Resetting bearer <eth:syzkaller0>
[  538.462010][T16535] tipc: Disabling bearer <eth:syzkaller0>
[  538.963594][T16591] overlayfs: failed to clone upperpath
[  539.244912][T16600] overlayfs: failed to clone upperpath
[  539.272808][T16600] overlayfs: failed to clone upperpath
[  539.570310][T16610] Error parsing options; rc = [-22]
[  539.676097][T16614] netlink: 52 bytes leftover after parsing attributes in process `syz.9.3777'.
[  539.714711][T16614] device vlan3 left promiscuous mode
[  539.724930][T16614] bridge0: port 3(vlan3) entered disabled state
[  539.742440][T16614] device bridge_slave_1 left promiscuous mode
[  539.754698][T16614] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.773505][T16614] device bridge_slave_0 left promiscuous mode
[  539.797776][T16614] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.590796][T16644] loop1: detected capacity change from 0 to 1024
[  540.682594][T16644] EXT4-fs (loop1): Ignoring removed nobh option
[  540.694020][T16644] EXT4-fs (loop1): Ignoring removed bh option
[  540.707195][T16644] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  540.797669][T16644] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  541.688230][T16673] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  541.924570][   T26] audit: type=1326 audit(1754447787.360:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  541.963243][T16686] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3807'.
[  541.985744][   T26] audit: type=1326 audit(1754447787.400:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.003236][T16682] loop6: detected capacity change from 0 to 256
[  542.074739][   T26] audit: type=1326 audit(1754447787.400:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.132154][   T26] audit: type=1326 audit(1754447787.400:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.154534][    C0] vkms_vblank_simulate: vblank timer overrun
[  542.170936][T16682] FAT-fs (loop6): Directory bread(block 64) failed
[  542.185587][T16682] FAT-fs (loop6): Directory bread(block 65) failed
[  542.192243][T16682] FAT-fs (loop6): Directory bread(block 66) failed
[  542.229469][T16682] FAT-fs (loop6): Directory bread(block 67) failed
[  542.249824][T16682] FAT-fs (loop6): Directory bread(block 68) failed
[  542.253560][   T26] audit: type=1326 audit(1754447787.400:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.277056][T16682] FAT-fs (loop6): Directory bread(block 69) failed
[  542.306163][T16682] FAT-fs (loop6): Directory bread(block 70) failed
[  542.312778][T16682] FAT-fs (loop6): Directory bread(block 71) failed
[  542.334126][   T26] audit: type=1326 audit(1754447787.400:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.350268][T16682] FAT-fs (loop6): Directory bread(block 72) failed
[  542.359468][   T26] audit: type=1326 audit(1754447787.420:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.385471][    C0] vkms_vblank_simulate: vblank timer overrun
[  542.418263][T16682] FAT-fs (loop6): Directory bread(block 73) failed
[  542.444010][   T26] audit: type=1326 audit(1754447787.420:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.466465][    C0] vkms_vblank_simulate: vblank timer overrun
[  542.529319][   T26] audit: type=1326 audit(1754447787.420:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f06771f0be9 code=0x7ffc0000
[  542.551695][    C0] vkms_vblank_simulate: vblank timer overrun
[  542.565455][T16699] netlink: 'syz.1.3812': attribute type 1 has an invalid length.
[  542.604901][   T26] audit: type=1326 audit(1754447787.420:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16681 comm="syz.6.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f06771f0c23 code=0x7ffc0000
[  542.669493][T16699] 8021q: adding VLAN 0 to HW filter on device bond1
[  542.690887][T16702] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3814'.
[  542.784183][T16704] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  542.811711][T16704] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  542.834572][T16704] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  542.854289][T16704] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  542.881596][T16704] bond1: (slave geneve2): making interface the new active one
[  542.898933][T16704] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  542.935281][T16707] device bond1 entered promiscuous mode
[  542.940923][T16707] device geneve2 entered promiscuous mode
[  542.983857][T16708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3813'.
[  543.301204][T16737] tipc: Enabled bearer <udp:syz2>, priority 10
[  543.509597][ T4268] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.588643][ T4268] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.671896][ T4268] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.748305][ T4268] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.934709][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3837'.
[  544.036811][    C0] vkms_vblank_simulate: vblank timer overrun
[  544.250197][T16761] chnl_net:caif_netlink_parms(): no params data found
[  544.395129][T16761] bridge0: port 1(bridge_slave_0) entered blocking state
[  544.402281][T16761] bridge0: port 1(bridge_slave_0) entered disabled state
[  544.415451][T16761] device bridge_slave_0 entered promiscuous mode
[  544.426761][T16761] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.434327][T16761] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.442541][T16761] device bridge_slave_1 entered promiscuous mode
[  544.478521][T16761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  544.491037][T16761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  544.551853][T16761] team0: Port device team_slave_0 added
[  544.565021][T16761] team0: Port device team_slave_1 added
[  544.591580][T16761] batman_adv: batadv0: Adding interface: batadv_slave_0
[  544.599000][T16761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.636040][T16761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  544.650229][T16761] batman_adv: batadv0: Adding interface: batadv_slave_1
[  544.658177][T16761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.684585][T16761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  544.740238][T16761] device hsr_slave_0 entered promiscuous mode
[  544.754986][T16761] device hsr_slave_1 entered promiscuous mode
[  544.770085][T16761] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  544.784398][T16761] Cannot create hsr debugfs directory
[  544.931169][T16796] nbd9: detected capacity change from 0 to 1024
[  544.978938][T16799] block nbd9: NBD_DISCONNECT
[  544.993989][T16799] block nbd9: Send disconnect failed -89
[  545.012045][  T150] block nbd9: Send control failed (result -89)
[  545.018804][  T150] block nbd9: Request send failed, requeueing
[  545.029687][  T150] block nbd9: Disconnected due to user request.
[  545.039049][  T150] print_req_error: 41 callbacks suppressed
[  545.039066][  T150] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.057336][  T150] buffer_io_error: 40 callbacks suppressed
[  545.057351][  T150] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.071466][ T1092] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.082643][ T1092] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.092534][  T150] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.103551][  T150] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.111885][  T150] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.122933][  T150] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.131176][  T150] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.142238][  T150] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.150408][ T1092] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.161969][ T1092] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.170185][ T1092] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.181340][ T1092] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.193784][ T1092] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.204712][ T1092] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.212657][T16799] ldm_validate_partition_table(): Disk read failed.
[  545.227638][ T1092] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.238619][ T1092] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.247566][  T150] blk_update_request: I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  545.258723][  T150] Buffer I/O error on dev nbd9, logical block 0, async page read
[  545.266342][T16803] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3850'.
[  545.268109][T16799] Dev nbd9: unable to read RDB block 0
[  545.312158][T16799]  nbd9: unable to read partition table
[  545.659627][T16761] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  545.684429][T16761] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  545.734054][T16761] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  545.748148][T16761] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  545.866024][ T4268] device hsr_slave_0 left promiscuous mode
[  545.877686][ T4268] batman_adv: batadv0: Removing interface: batadv_slave_0
[  545.895184][ T4268] batman_adv: batadv0: Removing interface: batadv_slave_1
[  545.925375][ T4268] device bridge_slave_1 left promiscuous mode
[  545.931691][ T4268] bridge0: port 2(bridge_slave_1) entered disabled state
[  545.939519][ T5307] Bluetooth: hci0: command 0x0409 tx timeout
[  545.955660][ T4268] device bridge_slave_0 left promiscuous mode
[  545.968144][ T4268] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.071358][ T4268] bond1 (unregistering): (slave geneve2): Releasing active interface
[  546.100096][ T4268] device geneve2 left promiscuous mode
[  546.118724][ T4268] bond1 (unregistering): Released all slaves
[  546.381448][ T4268] team0 (unregistering): Port device team_slave_1 removed
[  546.399547][ T4268] team0 (unregistering): Port device team_slave_0 removed
[  546.419080][ T4268] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  546.447644][ T4268] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  546.549554][ T4268] bond0 (unregistering): Released all slaves
[  546.583574][T16861] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  546.593216][T16861] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  546.737292][T16853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3865'.
[  546.882334][T16761] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.906727][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  546.989244][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  547.013381][T16761] 8021q: adding VLAN 0 to HW filter on device team0
[  547.038028][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  547.063361][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  547.072052][ T7460] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.079190][ T7460] bridge0: port 1(bridge_slave_0) entered forwarding state
[  547.117834][    C0] vkms_vblank_simulate: vblank timer overrun
[  547.132763][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  547.147958][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  547.157674][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  547.167275][ T7460] bridge0: port 2(bridge_slave_1) entered blocking state
[  547.174416][ T7460] bridge0: port 2(bridge_slave_1) entered forwarding state
[  547.221371][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  547.246671][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  547.265423][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  547.289813][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  547.310782][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  547.335467][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  547.371987][T16761] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  547.399258][T16761] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  547.421639][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  547.445294][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  547.467733][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  547.485014][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  547.496302][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  547.513479][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  547.564500][    C0] vkms_vblank_simulate: vblank timer overrun
[  547.830533][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  547.839706][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  547.868257][T16761] 8021q: adding VLAN 0 to HW filter on device batadv0
[  548.012152][T14762] Bluetooth: hci0: command 0x041b tx timeout
[  548.117788][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  548.130413][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  548.161156][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  548.179420][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  548.220336][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  548.242916][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  548.282125][T16913] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3883'.
[  548.324291][T16761] device veth0_vlan entered promiscuous mode
[  548.363407][T16761] device veth1_vlan entered promiscuous mode
[  548.426475][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  548.440956][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  548.459568][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  548.478742][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  548.502439][T16761] device veth0_macvtap entered promiscuous mode
[  548.536186][T16761] device veth1_macvtap entered promiscuous mode
[  548.601579][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  548.632176][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.652889][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  548.691803][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.721776][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  548.741728][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.764891][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  548.800458][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.853723][T16761] batman_adv: batadv0: Interface activated: batadv_slave_0
[  548.862379][T16925] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3887'.
[  548.960761][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  549.002635][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  549.030147][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  549.058656][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  549.094598][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  549.121569][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.141600][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  549.165464][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.211733][T16761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  549.239617][T16761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.266854][T16761] batman_adv: batadv0: Interface activated: batadv_slave_1
[  549.294301][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  549.314845][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  549.349946][T16761] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  549.391460][T16761] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  549.400327][T16761] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  549.444513][T16761] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  549.505126][T16958] netlink: 'syz.3.3899': attribute type 12 has an invalid length.
[  549.612449][ T4243] Bluetooth: hci1: command 0x0406 tx timeout
[  549.665649][ T4316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.686613][ T4316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.699853][ T7460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.726837][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  549.742780][ T7460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.763000][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  549.822511][T16966] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3912'.
[  549.865293][T16966] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3912'.
[  550.091759][T14763] Bluetooth: hci0: command 0x040f tx timeout
[  550.888831][T16994] netlink: 128 bytes leftover after parsing attributes in process `syz.7.3913'.
[  551.214441][ T2286] kernel write not supported for file bpf-prog (pid: 2286 comm: kworker/0:3)
[  551.376780][T17013] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3920'.
[  551.548681][T17021] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  551.585620][T17021] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  551.610789][T17021] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  551.652161][T17021] device bridge_slave_0 left promiscuous mode
[  551.681418][T17021] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.692276][T17021] device bridge_slave_1 left promiscuous mode
[  551.698561][T17021] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.710151][T17021] bond0: (slave bond_slave_0): Releasing backup interface
[  551.733876][T17021] bond0: (slave bond_slave_1): Releasing backup interface
[  551.816979][T17021] team0: Port device team_slave_0 removed
[  551.881630][T17021] team0: Port device team_slave_1 removed
[  551.900826][T17021] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  551.919942][T17021] batman_adv: batadv0: Removing interface: batadv_slave_0
[  551.929365][T17021] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  551.939394][T17021] batman_adv: batadv0: Removing interface: batadv_slave_1
[  551.984324][T17027] netlink: 'syz.9.3935': attribute type 10 has an invalid length.
[  552.031294][T17027] 8021q: adding VLAN 0 to HW filter on device batadv0
[  552.040553][T17027] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  552.067865][T17033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  552.077668][T17033] batman_adv: batadv0: Removing interface: batadv_slave_0
[  552.103000][T17033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  552.111265][T17033] batman_adv: batadv0: Removing interface: batadv_slave_1
[  552.150403][T17033] bond0: (slave batadv0): Releasing backup interface
[  552.170132][ T3989] Bluetooth: hci0: command 0x0419 tx timeout
[  552.358172][T17044] loop5: detected capacity change from 0 to 256
[  552.423041][T17044] exfat: Deprecated parameter 'utf8'
[  552.464659][T17044] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  552.639347][T17048] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3931'.
[  552.675455][T17048] loop5: detected capacity change from 0 to 512
[  552.741246][T17048] EXT4-fs (loop5): 1 truncate cleaned up
[  552.747424][T17048] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  553.007448][T17062] loop9: detected capacity change from 0 to 1024
[  553.112001][T17069] netlink: 'syz.6.3948': attribute type 12 has an invalid length.
[  553.196577][T17062] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  553.240064][T17080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3941'.
[  553.400196][T17084] overlayfs: failed to clone upperpath
[  553.651361][T17096] netlink: 'syz.5.3946': attribute type 10 has an invalid length.
[  553.716580][T17096] 8021q: adding VLAN 0 to HW filter on device batadv0
[  553.746991][T17096] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  553.766301][T17098] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3951'.
[  553.797235][T17103] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3951'.
[  553.966008][T17101] bond0: (slave batadv0): Releasing backup interface
[  553.997333][T17106] batman_adv: batadv0: Removing interface: dummy0
[  554.010284][T17106] bond0: (slave batadv0): Releasing backup interface
[  554.027580][T17106] device bridge_slave_0 left promiscuous mode
[  554.047390][T17106] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.065613][T17106] device bridge_slave_1 left promiscuous mode
[  554.081155][T17106] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.114076][T17106] bond0: (slave bond_slave_0): Releasing backup interface
[  554.155449][T17106] bond0: (slave bond_slave_1): Releasing backup interface
[  554.210000][T17106] team0: Port device team_slave_1 removed
[  554.216184][T17106] batman_adv: batadv0: Removing interface: batadv_slave_0
[  554.264845][T17106] team0: Port device macvlan0 removed
[  554.290374][T17106] device macsec0 left promiscuous mode
[  554.296160][T17106] bridge0: port 3(macsec0) entered disabled state
[  554.322289][T17106] bond1: (slave veth3): Releasing active interface
[  554.339101][T17106] bond1: (slave veth3): the permanent HWaddr of slave - 72:7c:a7:33:07:41 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  554.397679][T17106] device batadv1 entered promiscuous mode
[  554.432184][T17106] bond1: (slave batadv1): Releasing active interface
[  554.440488][T17106] device batadv1 left promiscuous mode
[  554.448535][T17106] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  554.457013][T17106] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  554.474204][T17106] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  554.502380][T17106] bond0: (slave macvlan2): Releasing backup interface
[  554.831406][T17129] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3961'.
[  554.894492][T17136] device macvlan4 entered promiscuous mode
[  554.903300][T17136] device bond4 entered promiscuous mode
[  554.910140][T17136] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  554.968525][T17136] device bond4 left promiscuous mode
[  555.035736][T17137] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3962'.
[  555.054961][T17137] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3962'.
[  555.171217][T17141] overlayfs: failed to clone upperpath
[  555.647722][ T4268] tipc: Disabling bearer <udp:syz0>
[  555.664521][ T4268] tipc: Left network mode
[  555.977189][T17164] overlayfs: failed to clone upperpath
[  556.293861][ T4268] bond1: (slave gretap1): Releasing active interface
[  556.537651][T17180] netlink: 'syz.6.3981': attribute type 12 has an invalid length.
[  556.555996][   T26] kauditd_printk_skb: 50 callbacks suppressed
[  556.556013][   T26] audit: type=1326 audit(1754447802.007:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17177 comm="syz.7.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  556.567664][T17180] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3981'.
[  556.655870][   T26] audit: type=1326 audit(1754447802.047:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17177 comm="syz.7.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  556.738547][   T26] audit: type=1326 audit(1754447802.057:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17177 comm="syz.7.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  556.823416][   T26] audit: type=1326 audit(1754447802.057:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17177 comm="syz.7.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  556.832866][T17185] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3983'.
[  556.880157][   T26] audit: type=1326 audit(1754447802.057:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17177 comm="syz.7.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  556.918412][ T4268] device hsr_slave_0 left promiscuous mode
[  556.928652][ T4268] device hsr_slave_1 left promiscuous mode
[  556.950065][ T4268] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  556.974730][ T4268] batman_adv: batadv0: Removing interface: batadv_slave_0
[  556.998698][ T4268] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  557.016453][ T4268] batman_adv: batadv0: Removing interface: batadv_slave_1
[  557.051429][ T4268] device veth1_macvtap left promiscuous mode
[  557.065934][ T4268] device veth0_macvtap left promiscuous mode
[  557.079750][T17187] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3984'.
[  557.083124][ T4268] device veth1_vlan left promiscuous mode
[  557.107693][ T4268] device veth0_vlan left promiscuous mode
[  557.448814][ T4268] bond2 (unregistering): (slave batadv1): Releasing active interface
[  557.474677][ T4268] bond2 (unregistering): (slave veth5): Releasing active interface
[  557.491760][ T4268] bond2 (unregistering): Released all slaves
[  557.579739][ T4268] bond1 (unregistering): Released all slaves
[  557.685413][ T4268] team0 (unregistering): Port device team_slave_1 removed
[  557.700789][ T4268] team0 (unregistering): Port device team_slave_0 removed
[  557.716293][ T4268] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  557.732482][ T4268] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  557.823734][ T4268] bond0 (unregistering): Released all slaves
[  558.269912][T17218] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  558.322616][T17218] bond0: (slave bond_slave_0): Releasing backup interface
[  558.352639][T17218] bond0: (slave bond_slave_1): Releasing backup interface
[  558.464765][T17218] team0: Port device team_slave_0 removed
[  558.488899][T17218] team0: Port device team_slave_1 removed
[  558.509373][T17218] bond0: (slave wlan1): Releasing backup interface
[  558.571361][T17218] bond2: (slave veth3): Releasing active interface
[  558.588329][T17218] bond2: (slave veth3): the permanent HWaddr of slave - ee:05:51:17:34:fb - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  558.626942][T17218] device batadv2 entered promiscuous mode
[  558.637699][T17218] bond2: (slave batadv2): Releasing active interface
[  558.661588][T17218] device batadv2 left promiscuous mode
[  558.680311][T17218] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  558.688667][T17218] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  558.697838][T17218] bond0: (slave macvlan3): Releasing backup interface
[  558.718985][T17218] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  558.733387][T17218] IPv6: ADDRCONF(NETDEV_CHANGE): gre5: link becomes ready
[  558.741602][T17218] IPv6: ADDRCONF(NETDEV_CHANGE): gre6: link becomes ready
[  558.750258][T17217] netlink: 'syz.7.3992': attribute type 10 has an invalid length.
[  558.770364][T17217] 8021q: adding VLAN 0 to HW filter on device batadv0
[  558.796241][T17217] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  558.849432][T17220] bond0: (slave batadv0): Releasing backup interface
[  558.876575][T17228] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  558.973996][T17229] device syzkaller0 entered promiscuous mode
[  559.001395][T17223] loop5: detected capacity change from 0 to 32768
[  559.054302][T17223] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.3995 (17223)
[  559.067681][T17219] tipc: Resetting bearer <eth:syzkaller0>
[  559.113545][T17223] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  559.130653][T17219] tipc: Disabling bearer <eth:syzkaller0>
[  559.136163][T17223] BTRFS info (device loop5): setting nodatacow, compression disabled
[  559.155236][T17223] BTRFS info (device loop5): max_inline at 0
[  559.166047][T17223] BTRFS info (device loop5): enabling disk space caching
[  559.173691][T17223] BTRFS info (device loop5): turning off barriers
[  559.187326][T17223] BTRFS info (device loop5): turning on flush-on-commit
[  559.194394][T17223] BTRFS info (device loop5): doing ref verification
[  559.201516][T17223] BTRFS info (device loop5): force clearing of disk cache
[  559.209109][T17223] BTRFS info (device loop5): enabling ssd optimizations
[  559.227669][T17223] BTRFS info (device loop5): max_inline at 4096
[  559.240423][T17223] BTRFS info (device loop5): disk space caching is enabled
[  559.255894][T17223] BTRFS info (device loop5): has skinny extents
[  559.342166][T17250] loop6: detected capacity change from 0 to 2048
[  559.354665][T17223] BTRFS info (device loop5): clearing free space tree
[  559.376496][T17223] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  559.411939][T17223] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  559.975950][T17278] loop9: detected capacity change from 0 to 512
[  560.112549][T17280] tipc: Started in network mode
[  560.125653][T17280] tipc: Node identity 4, cluster identity 4711
[  560.155113][T17280] tipc: Node number set to 4
[  560.365547][T17278] EXT4-fs (loop9): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  560.402228][T17278] ext4 filesystem being mounted at /144/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  560.571969][T17278] EXT4-fs warning (device loop9): ext4_dirblock_csum_verify:406: inode #2: comm syz.9.4009: No space for directory leaf checksum. Please run e2fsck -D.
[  560.625069][T17278] EXT4-fs error (device loop9): __ext4_find_entry:1696: inode #2: comm syz.9.4009: checksumming directory block 0
[  560.743185][T14861] EXT4-fs error (device loop9): __ext4_get_inode_loc:4321: comm syz-executor: Invalid inode table block 3874091957 in block_group 0
[  560.774342][T14861] EXT4-fs error (device loop9) in ext4_reserve_inode_write:5836: Corrupt filesystem
[  560.792489][T14861] EXT4-fs error (device loop9): ext4_quota_off:6513: inode #4: comm syz-executor: mark_inode_dirty error
[  560.818357][T17291] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4010'.
[  560.994737][T17297] netlink: 'syz.9.4013': attribute type 1 has an invalid length.
[  561.022117][T17297] netlink: 168864 bytes leftover after parsing attributes in process `syz.9.4013'.
[  561.095555][T17299] overlayfs: failed to resolve './file1': -2
[  561.134815][T17307] netlink: 'syz.5.4017': attribute type 10 has an invalid length.
[  561.891467][T17327] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  562.381915][T17345] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4034'.
[  562.444672][T17347] loop5: detected capacity change from 0 to 2048
[  562.533462][T17347] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  562.618020][T17348] device macvlan3 entered promiscuous mode
[  562.629155][T17348] device bond2 entered promiscuous mode
[  562.680075][T17348] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  562.727176][T17348] device bond2 left promiscuous mode
[  562.889109][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  562.895524][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  563.384008][ T4268] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  563.478831][ T4268] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  563.592341][ T4268] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  563.702159][ T4268] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.124075][ T4460] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  564.186469][T17360] chnl_net:caif_netlink_parms(): no params data found
[  564.383967][ T4460] usb 10-1: Using ep0 maxpacket: 32
[  564.500215][T17360] bridge0: port 1(bridge_slave_0) entered blocking state
[  564.504058][ T4460] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  564.526512][ T4460] usb 10-1: config 0 has no interface number 0
[  564.536800][T17360] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.568781][T17360] device bridge_slave_0 entered promiscuous mode
[  564.607816][T17388] netlink: 'syz.7.4050': attribute type 1 has an invalid length.
[  564.620075][T17388] netlink: 168864 bytes leftover after parsing attributes in process `syz.7.4050'.
[  564.629603][T17360] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.629711][T17360] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.663292][T17360] device bridge_slave_1 entered promiscuous mode
[  564.694160][ T4460] usb 10-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  564.711350][ T4460] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.733737][ T4460] usb 10-1: Product: syz
[  564.738085][ T4460] usb 10-1: Manufacturer: syz
[  564.742839][ T4460] usb 10-1: SerialNumber: syz
[  564.750759][T17360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  564.770648][T17360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  564.775905][ T4460] usb 10-1: config 0 descriptor??
[  564.835599][ T4460] usb 10-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  564.853013][T17360] team0: Port device team_slave_0 added
[  564.853803][ T4460] usb 10-1: selecting invalid altsetting 1
[  564.866481][T17360] team0: Port device team_slave_1 added
[  564.883691][ T4460] usb 10-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  564.925590][ T4460] usb 10-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  564.943853][ T4460] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  564.966194][T17360] batman_adv: batadv0: Adding interface: batadv_slave_0
[  564.973694][ T4460] usb 10-1: media controller created
[  564.983396][T17360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  565.011339][ T4460] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  565.058056][T17360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  565.103988][T17360] batman_adv: batadv0: Adding interface: batadv_slave_1
[  565.113384][T17360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  565.159314][T17360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  565.258659][T17360] device hsr_slave_0 entered promiscuous mode
[  565.272946][T17360] device hsr_slave_1 entered promiscuous mode
[  565.287975][T17360] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  565.305996][T17360] Cannot create hsr debugfs directory
[  565.697743][ T4268] device hsr_slave_0 left promiscuous mode
[  565.707909][ T4268] device hsr_slave_1 left promiscuous mode
[  565.748809][ T4268] device veth1_macvtap left promiscuous mode
[  565.760229][ T4268] device veth0_macvtap left promiscuous mode
[  565.770375][ T4268] device veth1_vlan left promiscuous mode
[  565.781602][ T4268] device veth0_vlan left promiscuous mode
[  565.843275][T14763] Bluetooth: hci0: command 0x0409 tx timeout
[  566.030359][T17332] Set syz1 is full, maxelem 65536 reached
[  566.183171][ T4460] usb 10-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  566.191758][ T4460] zl10353_read_register: readreg error (reg=127, ret==-110)
[  566.224625][ T4460] usb 10-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  566.281404][ T4268] bond0 (unregistering): Released all slaves
[  566.296712][ T4460] usb 10-1: USB disconnect, device number 3
[  566.431306][T17417] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.457353][T17420] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4063'.
[  566.474853][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): gre5: link becomes ready
[  566.620412][T17417] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.828051][T17417] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.900590][T17438] overlayfs: failed to clone upperpath
[  567.148091][T17417] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  567.610468][T17417] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  567.714245][T17417] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  567.742372][T17417] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  567.786259][T17417] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  567.924466][ T4460] Bluetooth: hci0: command 0x041b tx timeout
[  568.022188][T17454] device bridge_slave_0 entered promiscuous mode
[  568.036722][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  568.059654][T17360] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  568.100081][T17360] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  568.148287][T17360] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  568.191360][T17360] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  568.515331][T17360] 8021q: adding VLAN 0 to HW filter on device bond0
[  568.569253][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  568.611410][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  568.633672][T17360] 8021q: adding VLAN 0 to HW filter on device team0
[  568.669280][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  568.695806][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  568.732324][ T7455] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.739477][ T7455] bridge0: port 1(bridge_slave_0) entered forwarding state
[  568.810925][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  568.842319][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  568.888580][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  568.915986][ T4316] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.923189][ T4316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  568.971475][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  568.993462][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  569.029302][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  569.064571][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  569.105274][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  569.137820][T17490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4085'.
[  569.158543][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  569.179440][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  569.209681][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  569.260558][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  569.299899][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  569.316355][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  569.346389][T17360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  569.668278][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  569.681540][ T7460] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  569.706851][T17360] 8021q: adding VLAN 0 to HW filter on device batadv0
[  569.783181][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  569.807511][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  569.860490][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  569.882442][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  569.914069][T17360] device veth0_vlan entered promiscuous mode
[  569.922312][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  569.959264][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  570.001005][T17360] device veth1_vlan entered promiscuous mode
[  570.009143][T14762] Bluetooth: hci0: command 0x040f tx timeout
[  570.038274][T17505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4089'.
[  570.110593][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  570.120277][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  570.143636][T17360] device veth0_macvtap entered promiscuous mode
[  570.162462][T17360] device veth1_macvtap entered promiscuous mode
[  570.198340][T17360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  570.232329][T17360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  570.255889][T17360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  570.278955][T17360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  570.306121][T17360] batman_adv: batadv0: Interface activated: batadv_slave_0
[  570.330759][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  570.341450][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  570.370401][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  570.400271][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  570.438435][T17360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  570.470415][T17360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  570.511620][T17360] batman_adv: batadv0: Interface activated: batadv_slave_1
[  570.535419][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  570.556036][ T7455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  570.591839][T17360] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  570.607383][T17360] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  570.617104][T17360] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  570.633328][T17360] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  570.854255][ T7455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  570.876966][ T7455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  570.936148][ T7455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  570.956100][ T7455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  570.957419][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  571.009128][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  571.287223][T17534] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  571.755470][T17434] Set syz1 is full, maxelem 65536 reached
[  572.091423][T14762] Bluetooth: hci0: command 0x0419 tx timeout
[  572.116624][T17577] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4112'.
[  573.537664][T17595] netlink: 'syz.3.4117': attribute type 10 has an invalid length.
[  573.638808][T17600] sch_tbf: burst 480 is lower than device lo mtu (65550) !
[  573.689147][T17545] loop2: detected capacity change from 0 to 32768
[  573.767253][T17545] (syz.2.4102,17545,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "heartbåat=none" or missing value
[  573.796329][T17545] (syz.2.4102,17545,0):ocfs2_fill_super:1177 ERROR: status = -22
[  574.750531][T17632] netlink: 'syz.7.4133': attribute type 10 has an invalid length.
[  574.824663][T17638] sctp: [Deprecated]: syz.6.4135 (pid 17638) Use of int in max_burst socket option deprecated.
[  574.824663][T17638] Use struct sctp_assoc_value instead
[  575.067408][T17648] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4141'.
[  575.195060][T17630] loop9: detected capacity change from 0 to 32768
[  575.246549][T17630] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.4132 (17630)
[  575.311256][T17634] loop2: detected capacity change from 0 to 32768
[  575.326779][T17630] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm
[  575.341580][T17630] BTRFS info (device loop9): using free space tree
[  575.348142][T17630] BTRFS info (device loop9): has skinny extents
[  575.388258][T17630] BTRFS info (device loop9): enabling ssd optimizations
[  575.424800][T17634] XFS (loop2): Mounting V5 Filesystem
[  575.466201][   T26] audit: type=1800 audit(1754447820.927:526): pid=17630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.4132" name="bus" dev="loop9" ino=263 res=0 errno=0
[  575.679105][T17694] Error parsing options; rc = [-22]
[  575.770481][T17634] XFS (loop2): Ending clean mount
[  575.808295][T17634] XFS (loop2): Quotacheck needed: Please wait.
[  576.104903][T17634] XFS (loop2): Quotacheck: Done.
[  576.200395][T17634] XFS (loop2): User initiated shutdown received.
[  576.229555][T17634] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:487).  Shutting down filesystem.
[  576.288719][T17634] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  576.648756][T17360] XFS (loop2): Unmounting Filesystem
[  576.785587][T17720] overlayfs: failed to clone upperpath
[  577.056758][T17729] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  577.358089][   T26] audit: type=1326 audit(1754447822.827:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.451689][   T26] audit: type=1326 audit(1754447822.827:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.524743][   T26] audit: type=1326 audit(1754447822.827:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.593123][T17749] sctp: [Deprecated]: syz.7.4169 (pid 17749) Use of int in maxseg socket option.
[  577.593123][T17749] Use struct sctp_assoc_value instead
[  577.603067][   T26] audit: type=1326 audit(1754447822.827:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.668965][   T26] audit: type=1326 audit(1754447822.857:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.699595][   T26] audit: type=1326 audit(1754447822.857:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.733154][   T26] audit: type=1326 audit(1754447822.857:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.796911][   T26] audit: type=1326 audit(1754447822.857:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  577.854152][   T26] audit: type=1326 audit(1754447822.857:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17737 comm="syz.3.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f95a5fc3be9 code=0x7ffc0000
[  578.076439][T17766] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  578.117406][T17766] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  578.639200][T17781] fuse: Bad value for 'fd'
[  580.629320][T17799] netlink: 44 bytes leftover after parsing attributes in process `syz.9.4186'.
[  580.685196][T17801] loop2: detected capacity change from 0 to 256
[  580.868515][T17801] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  581.044962][T17801] loop_set_status: loop2 () has still dirty pages (nrpages=2)
[  581.206406][   T26] kauditd_printk_skb: 8 callbacks suppressed
[  581.206422][   T26] audit: type=1326 audit(1754447826.669:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.325927][   T26] audit: type=1326 audit(1754447826.699:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.384736][   T26] audit: type=1326 audit(1754447826.699:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.409212][   T26] audit: type=1326 audit(1754447826.699:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.435267][   T26] audit: type=1326 audit(1754447826.699:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.492447][T17828] fuse: Bad value for 'fd'
[  581.553067][   T26] audit: type=1326 audit(1754447826.709:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.598702][   T26] audit: type=1326 audit(1754447826.709:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.641198][T17835] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  581.646704][   T26] audit: type=1326 audit(1754447826.729:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f21c9583be9 code=0x7ffc0000
[  581.700656][   T26] audit: type=1326 audit(1754447826.729:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f21c9583c23 code=0x7ffc0000
[  581.762723][   T26] audit: type=1326 audit(1754447826.739:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17818 comm="syz.7.4194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f21c958269f code=0x7ffc0000
[  582.308712][T17850] netlink: 'syz.9.4210': attribute type 1 has an invalid length.
[  582.347681][T17850] 8021q: adding VLAN 0 to HW filter on device bond1
[  582.377077][T17853] overlayfs: failed to clone upperpath
[  582.504091][T17855] bond1: (slave geneve2): making interface the new active one
[  582.539887][T17855] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  582.565232][ T5230] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  582.917723][T17878] 9pnet: p9_client_clunk (17878): Trying to clunk with invalid fid
[  582.967276][T17878] CPU: 1 PID: 17878 Comm: syz.9.4217 Not tainted 5.15.189-syzkaller #0
[  582.975582][T17878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  582.985683][T17878] Call Trace:
[  582.988996][T17878]  <TASK>
[  582.991957][T17878]  dump_stack_lvl+0x168/0x230
[  582.996802][T17878]  ? __rwlock_init+0x140/0x140
[  583.001619][T17878]  ? show_regs_print_info+0x20/0x20
[  583.006874][T17878]  ? load_image+0x3b0/0x3b0
[  583.011423][T17878]  ? v9fs_fid_find+0x2d1/0x320
[  583.016231][T17878]  p9_client_clunk+0x2b3/0x380
[  583.021039][T17878]  v9fs_statfs+0x192/0x350
[  583.025487][T17878]  ? slab_free_freelist_hook+0xea/0x170
[  583.031072][T17878]  ? v9fs_drop_inode+0x130/0x130
[  583.036089][T17878]  vfs_statfs+0x13d/0x2c0
[  583.040461][T17878]  ovl_get_lowerstack+0x1fd/0x1bf0
[  583.045639][T17878]  ? ovl_get_upper+0x580/0x580
[  583.050447][T17878]  ? ovl_get_workdir+0x11a0/0x11a0
[  583.055620][T17878]  ovl_fill_super+0x174d/0x2ae0
[  583.060541][T17878]  ? ovl_mount+0x30/0x30
[  583.064818][T17878]  ? preempt_count_add+0x8d/0x190
[  583.069897][T17878]  ? sget+0x427/0x440
[  583.073918][T17878]  ? free_anon_bdev+0x20/0x20
[  583.078637][T17878]  ? ovl_mount+0x30/0x30
[  583.082913][T17878]  mount_nodev+0x52/0xe0
[  583.087194][T17878]  legacy_get_tree+0xe6/0x180
[  583.091902][T17878]  ? virtio_fs_zero_page_range+0x120/0x120
[  583.097754][T17878]  vfs_get_tree+0x88/0x270
[  583.102208][T17878]  do_new_mount+0x24a/0xa40
[  583.106749][T17878]  __se_sys_mount+0x2d6/0x3c0
[  583.111463][T17878]  ? __x64_sys_mount+0xc0/0xc0
[  583.116265][T17878]  ? lockdep_hardirqs_on+0x94/0x140
[  583.121488][T17878]  ? __x64_sys_mount+0x1c/0xc0
[  583.126285][T17878]  do_syscall_64+0x4c/0xa0
[  583.130732][T17878]  ? clear_bhb_loop+0x30/0x80
[  583.135439][T17878]  ? clear_bhb_loop+0x30/0x80
[  583.140159][T17878]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  583.146099][T17878] RIP: 0033:0x7feb5e3e0be9
[  583.150547][T17878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  583.170292][T17878] RSP: 002b:00007feb5c248038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  583.178748][T17878] RAX: ffffffffffffffda RBX: 00007feb5e607fa0 RCX: 00007feb5e3e0be9
[  583.186755][T17878] RDX: 0000200000000340 RSI: 00002000000000c0 RDI: 0000000000000000
[  583.194781][T17878] RBP: 00007feb5e463e19 R08: 0000200000000080 R09: 0000000000000000
[  583.195706][T17857] chnl_net:caif_netlink_parms(): no params data found
[  583.202792][T17878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  583.202810][T17878] R13: 00007feb5e608038 R14: 00007feb5e607fa0 R15: 00007ffdc14a6318
[  583.202850][T17878]  </TASK>
[  583.224153][T17878] overlayfs: statfs failed on './file0'
[  583.385225][ T7455] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.462682][ T7455] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.480397][T17857] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.487914][T17857] bridge0: port 1(bridge_slave_0) entered disabled state
[  583.496052][T17857] device bridge_slave_0 entered promiscuous mode
[  583.520748][ T7455] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.533278][T17857] bridge0: port 2(bridge_slave_1) entered blocking state
[  583.540680][T17857] bridge0: port 2(bridge_slave_1) entered disabled state
[  583.549831][T17857] device bridge_slave_1 entered promiscuous mode
[  583.564527][ T7455] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.603952][T17857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  583.619483][T17857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  583.665322][T17900] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  583.702840][T17857] team0: Port device team_slave_0 added
[  583.722736][T17857] team0: Port device team_slave_1 added
[  583.769351][T17857] batman_adv: batadv0: Adding interface: batadv_slave_0
[  583.781652][T17857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  583.807858][T17857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  583.820806][T17857] batman_adv: batadv0: Adding interface: batadv_slave_1
[  583.828880][T17857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  583.887411][T17857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  584.202903][T17857] device hsr_slave_0 entered promiscuous mode
[  584.233721][T17857] device hsr_slave_1 entered promiscuous mode
[  584.252248][T17857] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  584.261227][T17857] Cannot create hsr debugfs directory
[  584.410383][T17930] overlayfs: failed to clone upperpath
[  584.553912][T14762] Bluetooth: hci0: command 0x0409 tx timeout
[  584.639808][T17937] netlink: 'syz.7.4242': attribute type 4 has an invalid length.
[  584.670158][T17937] netlink: 'syz.7.4242': attribute type 4 has an invalid length.
[  584.828695][T17857] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  584.838098][T17857] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  584.859865][T17857] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  584.869413][T17857] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  584.959992][T17857] 8021q: adding VLAN 0 to HW filter on device bond0
[  584.975239][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  584.985017][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  584.996817][T17857] 8021q: adding VLAN 0 to HW filter on device team0
[  585.017362][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  585.029905][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  585.039364][ T4268] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.046523][ T4268] bridge0: port 1(bridge_slave_0) entered forwarding state
[  585.058206][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  585.076155][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  585.085408][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  585.094117][ T4316] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.101268][ T4316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  585.132071][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  585.142573][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  585.152396][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  585.169029][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  585.182442][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  585.213565][T17857] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  585.224246][T17857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  585.237438][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  585.249463][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  585.260151][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  585.274885][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  585.284435][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  585.294483][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  585.302886][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  585.317177][ T7455] device hsr_slave_0 left promiscuous mode
[  585.324272][ T7455] device hsr_slave_1 left promiscuous mode
[  585.330719][ T7455] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  585.338529][ T7455] batman_adv: batadv0: Removing interface: batadv_slave_0
[  585.347481][ T7455] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  585.355201][ T7455] batman_adv: batadv0: Removing interface: batadv_slave_1
[  585.365198][ T7455] device bridge_slave_1 left promiscuous mode
[  585.389578][ T7455] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.410129][ T7455] device bridge_slave_0 left promiscuous mode
[  585.423645][ T7455] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.465415][ T7455] device veth1_macvtap left promiscuous mode
[  585.471513][ T7455] device veth0_macvtap left promiscuous mode
[  585.483580][ T7455] device veth1_vlan left promiscuous mode
[  585.499662][ T7455] device veth0_vlan left promiscuous mode
[  585.742223][T17959] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  585.876967][ T7455] team0 (unregistering): Port device team_slave_1 removed
[  585.897336][ T7455] team0 (unregistering): Port device team_slave_0 removed
[  585.915929][ T7455] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  585.947363][ T7455] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  586.065388][ T7455] bond0 (unregistering): Released all slaves
[  586.349955][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  586.359834][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  586.386396][T17857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  586.607825][T17959] infiniband syz0: set down
[  586.621202][T17959] infiniband syz0: added batadv_slave_0
[  586.653689][ T4460] Bluetooth: hci0: command 0x041b tx timeout
[  586.836278][T17959] RDS/IB: syz0: added
[  586.845681][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  586.873484][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  586.882112][T17959] smc: adding ib device syz0 with port count 1
[  586.922333][T17959] smc:    ib device syz0 port 1 has pnetid 
[  586.938286][T17857] device veth0_vlan entered promiscuous mode
[  586.976618][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  587.031213][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  587.050399][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  587.079220][ T4316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  587.109035][T17857] device veth1_vlan entered promiscuous mode
[  587.178476][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  587.197353][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  587.258322][T17857] device veth0_macvtap entered promiscuous mode
[  587.283279][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  587.301019][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  587.326459][T17857] device veth1_macvtap entered promiscuous mode
[  587.343860][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  587.368340][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  587.433111][T17857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  587.452355][T17857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.472360][T17857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  587.492325][T17857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.531640][T17857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  587.564313][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  587.574628][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  587.599402][T17857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  587.620518][T17857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.657615][T17857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  587.677338][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  587.696444][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  587.726157][T17857] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  587.752198][T17857] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  587.762453][ T4306] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  587.782193][T17857] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  587.790965][T17857] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  588.012014][ T4268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  588.012366][ T4306] usb 10-1: Using ep0 maxpacket: 16
[  588.052467][ T4268] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.081595][ T4275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  588.114669][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  588.123240][ T4275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.151226][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  588.159113][ T4306] usb 10-1: config 0 has an invalid interface number: 105 but max is 0
[  588.185158][ T4306] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  588.222178][ T4306] usb 10-1: config 0 has no interface number 0
[  588.277487][T18006] device veth5 entered promiscuous mode
[  588.402192][ T4306] usb 10-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  588.448264][ T4306] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.487078][ T4306] usb 10-1: Product: syz
[  588.491437][ T4306] usb 10-1: Manufacturer: syz
[  588.509629][ T4306] usb 10-1: SerialNumber: syz
[  588.536424][ T4306] usb 10-1: config 0 descriptor??
[  588.614106][ T4306] usb 10-1: Found UVC 0.00 device syz (046d:08f3)
[  588.630946][ T4306] usb 10-1: No valid video chain found.
[  588.712812][ T4243] Bluetooth: hci0: command 0x040f tx timeout
[  588.825777][ T4306] usb 10-1: USB disconnect, device number 4
[  588.829167][T18026] netlink: 'syz.4.4269': attribute type 4 has an invalid length.
[  588.903346][T18030] netlink: 'syz.4.4269': attribute type 4 has an invalid length.
[  590.052273][T18045] netlink: 24 bytes leftover after parsing attributes in process `syz.9.4276'.
[  590.195350][T18047] netlink: 'syz.4.4277': attribute type 11 has an invalid length.
[  590.800971][T14764] Bluetooth: hci0: command 0x0419 tx timeout
[  590.960894][T14764] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  591.183479][T18056] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4280'.
[  591.213560][T14764] usb 10-1: Using ep0 maxpacket: 32
[  591.224259][T18056] device bridge_slave_1 left promiscuous mode
[  591.240658][T18056] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.280741][T18056] device bridge_slave_0 left promiscuous mode
[  591.287013][T18056] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.360752][T14764] usb 10-1: config 0 has an invalid interface number: 250 but max is 1
[  591.379259][T14764] usb 10-1: config 0 has no interface number 1
[  591.395081][T14764] usb 10-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  591.556023][T18072] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4286'.
[  591.573556][T18066] netlink: 'syz.6.4283': attribute type 4 has an invalid length.
[  591.612188][T14764] usb 10-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[  591.626101][T14764] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.644461][T14764] usb 10-1: Product: syz
[  591.653311][T14764] usb 10-1: Manufacturer: syz
[  591.663822][T14764] usb 10-1: SerialNumber: syz
[  591.671470][T14764] usb 10-1: config 0 descriptor??
[  591.742360][T14764] usb 10-1: Found UVC 0.00 device syz (0408:3090)
[  591.756021][T14764] usb 10-1: No valid video chain found.
[  591.939149][T18083] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4290'.
[  591.963939][T14764] usb 10-1: USB disconnect, device number 5
[  698.566710][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  698.573734][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P18102/1:b..l
[  698.582621][    C0] 	(detected by 0, t=10502 jiffies, g=97461, q=15)
[  698.589120][    C0] task:syz.3.4298      state:R  running task     stack:27840 pid:18102 ppid:  4184 flags:0x00004000
[  698.602179][    C0] Call Trace:
[  698.605470][    C0]  <TASK>
[  698.608430][    C0]  __schedule+0x11b8/0x43b0
[  698.612958][    C0]  ? release_firmware_map_entry+0x190/0x190
[  698.618850][    C0]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  698.624842][    C0]  ? preempt_schedule_irq+0xa6/0x150
[  698.630129][    C0]  preempt_schedule_irq+0xb1/0x150
[  698.635237][    C0]  ? __cond_resched+0xb0/0xb0
[  698.639913][    C0]  ? rcu_is_watching+0x11/0xa0
[  698.644671][    C0]  ? rcu_irq_exit_check_preempt+0xdb/0x200
[  698.650478][    C0]  irqentry_exit+0x63/0x70
[  698.654910][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  698.660887][    C0] RIP: 0010:copy_creds+0x414/0xd00
[  698.665995][    C0] Code: 21 58 08 89 c5 31 ff 89 c6 e8 98 b5 27 00 85 ed 74 1f e8 9f ea 12 00 89 c5 31 ff 89 c6 e8 84 b5 27 00 85 ed 0f 84 8e 00 00 00 <e8> 17 b2 27 00 eb 05 e8 10 b2 27 00 49 be 00 00 00 00 00 fc ff df
[  698.685594][    C0] RSP: 0018:ffffc9000310f9b0 EFLAGS: 00000202
[  698.691659][    C0] RAX: ffffffff815011fc RBX: ffff88801fbc4b40 RCX: ffff88807772bb80
[  698.699644][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  698.707628][    C0] RBP: 0000000000000001 R08: dffffc0000000000 R09: fffffbfff1ff6e19
[  698.715601][    C0] R10: fffffbfff1ff6e19 R11: 1ffffffff1ff6e18 R12: ffff88807d5a08b0
[  698.723578][    C0] R13: 1ffff1100fab4115 R14: dffffc0000000000 R15: ffff88801fbc4b58
[  698.731573][    C0]  ? copy_creds+0x40c/0xd00
[  698.736092][    C0]  copy_process+0x87a/0x3e00
[  698.740690][    C0]  ? __might_fault+0xb7/0x110
[  698.745380][    C0]  ? __lock_acquire+0x7c60/0x7c60
[  698.750406][    C0]  ? __pidfd_prepare+0x140/0x140
[  698.755345][    C0]  ? memset+0x1e/0x40
[  698.759332][    C0]  kernel_clone+0x219/0x930
[  698.763837][    C0]  ? create_io_thread+0x130/0x130
[  698.768873][    C0]  ? __might_fault+0xb7/0x110
[  698.773672][    C0]  __se_sys_clone3+0x2d5/0x360
[  698.778457][    C0]  ? __x64_sys_clone3+0x60/0x60
[  698.783340][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  698.788541][    C0]  do_syscall_64+0x4c/0xa0
[  698.792986][    C0]  ? clear_bhb_loop+0x30/0x80
[  698.797662][    C0]  ? clear_bhb_loop+0x30/0x80
[  698.802419][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  698.808309][    C0] RIP: 0033:0x7f95a5ff8449
[  698.812732][    C0] RSP: 002b:00007ffcfe3f2f68 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3
[  698.821145][    C0] RAX: ffffffffffffffda RBX: 00007f95a5f7a830 RCX: 00007f95a5ff8449
[  698.829110][    C0] RDX: 00007f95a5f7a830 RSI: 0000000000000058 RDI: 00007ffcfe3f2fb0
[  698.837076][    C0] RBP: 00007f95a3e0a6c0 R08: 00007f95a3e0a6c0 R09: 00007ffcfe3f3097
[  698.845041][    C0] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8
[  698.853008][    C0] R13: 000000000000006e R14: 00007ffcfe3f2fb0 R15: 00007ffcfe3f3098
[  698.861010][    C0]  </TASK>
[  698.864041][    C0] rcu: rcu_preempt kthread starved for 10330 jiffies! g97461 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  698.875310][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  698.885434][    C0] rcu: RCU grace-period kthread stack dump:
[  698.891331][    C0] task:rcu_preempt     state:R  running task     stack:28032 pid:   15 ppid:     2 flags:0x00004000
[  698.902202][    C0] Call Trace:
[  698.905487][    C0]  <TASK>
[  698.908420][    C0]  __schedule+0x11b8/0x43b0
[  698.912948][    C0]  ? release_firmware_map_entry+0x190/0x190
[  698.918846][    C0]  schedule+0x11b/0x1e0
[  698.923109][    C0]  schedule_timeout+0x15c/0x280
[  698.927961][    C0]  ? console_conditional_schedule+0x40/0x40
[  698.933848][    C0]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  698.939740][    C0]  ? update_process_times+0x200/0x200
[  698.945110][    C0]  ? prepare_to_swait_event+0x331/0x350
[  698.950666][    C0]  rcu_gp_fqs_loop+0x29e/0x11b0
[  698.955522][    C0]  ? dyntick_save_progress_counter+0x230/0x230
[  698.961672][    C0]  ? rcu_gp_init+0x10e0/0x10e0
[  698.966455][    C0]  ? finish_swait+0xc0/0x1d0
[  698.971050][    C0]  rcu_gp_kthread+0x98/0x350
[  698.975643][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[  698.980770][    C0]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  698.986666][    C0]  ? __kthread_parkme+0x157/0x1b0
[  698.991690][    C0]  kthread+0x436/0x520
[  698.995769][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[  699.000887][    C0]  ? kthread_blkcg+0xd0/0xd0
[  699.005488][    C0]  ret_from_fork+0x1f/0x30
[  699.009910][    C0]  </TASK>
[  699.012926][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  699.019243][    C0] Sending NMI from CPU 0 to CPUs 1:
[  699.024456][    C1] NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10