last executing test programs:

14m34.968130396s ago: executing program 32 (id=189):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = fcntl$getown(r1, 0x9)
sched_getscheduler(r2)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
unshare(0x40000000)
socket$inet6(0xa, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)

9m58.782429278s ago: executing program 33 (id=817):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
fcntl$getown(r1, 0x9)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
unshare(0x40000000)

8m12.618511477s ago: executing program 5 (id=1144):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000300)={{0x6, @null}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendto$netrom(r4, 0x0, 0x0, 0x40, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)

8m7.4751856s ago: executing program 5 (id=1157):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000900)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, 0x0, &(0x7f0000000080)=r0}, 0x20)
recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1, 0x0, 0x0, 0x300}, 0x0)
sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000b00)="9b174c71ddc0ff70da89cebb1985e5aa6e2218ad71a09310e007e786c1eb3485db015be60d4a00474a8973fc08d7a6274de654cbd1a787e0946198bd6eeb78c4f684b110d1dd5d2260844e6abdca4819b84c32fa99588cd0993a204b8ecde4ce3614cc78454beef9db6202c267272cdc91eed07bb8f27993f4af613c6ae67162bc9d0f537a0e0f60af0c4a21b01e4aa656fdc7260a86613c5d1ffce2f5319cb34054a895b9be7a4b812fbb7c83fb999fb4c8f41ac5e100519c4c125fd68949f7ef053401acd65051e963b108d9ac8d302aa3d27d2a39e9142584a1388c4c300a76bd28cecc47e95c65d5f0775a55c68d5c8640faded3723e32b1d01a26021567e853d1d85382b3700b3e9e6d26673ddc63f5f2464c1ca3ccf82eb8d21eb31572e286cff03c9e347df61270ca628e3c302a4bb4e8ca5d9da18227928eeaa0c3fe37cac8bb1a8b10b47427ec3f24a5f497ae1d5d5998fa0052040b8c3e32a5b89e266f0b53ba2689708e3ef62ea793382e2a3e0e027fe5d23003b874a00272c5f704f5694289f07360814f1eb16fd8a3b61c2f3c53c42a6eedb76977e35defa4f7a5d8af33e187ea35ac1e7300c4fed435385b8d98a4edb7b54545593dd1b260d70a9be726c3805715e73ebb6f3e480e97f8694efbf5e2b54e7fdbded3ab4cd7f84aab807264e275d4872a1382466765c91031ce05a9e5f529a7399f5f58c6e6d381864b0982f8df5a503fa5e064b0d70ec5de908e51d47a24ea0a8f4549f0bcdb37f7107033a38040248815a1afaeca241bcb6836dfd64ed07113bc6a484840430540a9cabcac3a18dbd49c11383b58106d583f451cbb6949d07f9f5503c6938faefb8f3b1a976adbdbd3c6a6c4184f26c03f1d7cf34e36697775c4b81adb19142f86241c4c802c1dba77b57d78a99913dd58c13aea10d107c1190d8c9ce89c993ace3f0d31214cce7206d435aea6085c44d7d2488c6d588370cd6a01cda8cd0b4905d3d3e392e793184708c164fd8ef1c5db16a0183c144bc4487a2555afabca3507bdc80a0442645bcafd8ff1f5f32ef512d18af9c51ed2f4830c08b3e21aa51db8c787c32430765963b5225af1659a9c76a111eb83497ca6639e7c69aea8c613f9df3d64a12563889b1268f2d721e67f09753aa91db8a6c4c5c0a1eddfb941e2439a357ec833b3a5618a17c00ed59dc9453a889e2eea6cc9aceec2144ea241643f3093c7d02b74886eecc5bd40a3f684a142db57bd64630a94a5e55ada8a31ad8f2f5a1b28cb2d7ce83f2746560c445fe46fef79ea21af454c059f1e3ca7d1dda514dcc5fbc4462fae593132907f4bb79828d807327450daff4506db66442ecc4f2a8d6f16dde6c166fb119506d6f749580753b8b6c3eb4c8de80b3329f592e72e1da0918b9d959be3faeafdf966c7fa715b82f278f2facdd2ad5a7e96ed9806a545b312e3fbcbf16883d10688185200ab506b757bda75bcb2a086d5bbc97035849c6492429831bb61d2dcc47746a03061f5d51f19efa53f676fbeb4c9cf6c92007cd91d1ef13fd0d748070952a9ca72b048441a74f1daec44c0e3dda6e25623154fbd807d883aab6f8c5373ec5c6720f5cd826742f5167e17b435b6791cdaee9511757fd8fd88eb2035559425ffa6fc16c60f3069f83d403853886f879a118409ae2b9bb402fd83e15e3eda764d152a1dea31972e4494c6cf045cf8c6202e4746d34270720e4f24a0a6091f2a8d046deacc1edba580555b861f16edaf1a067d6e7554d3e4d37d62010b60b4cd3dd2eba96908b063935eafa86f96d29a92a1953a7f8da43f476501a1085c0087f3316fd9eed2206b676b985b6a5179d3936157d47e34fe5d0ff3bdc573058463ad8e4b4c24b5a1a68d5c7a3587288c6f427ba8ed2affd9627e4a6f3cf660b3a8f8c57e638b759f3cf1e6c2dde0fbea23f8c7823a380c684beb4a3da2671bd443407eccc5273a40cafa2f9e4aebf6011bb27060ff3232238da67db2917fa60cd8609ce363d0ba92377ec24eacc222354d66e1ea964b44d7631d9e9ecb50139644246457bf914c5a8520cca972a3738c7cb7b1555bb0b201c3a3cc03b295c19d9bbda5cf8a222bffd5d518e4ca8600e3aa5b3a939d44e746a7d3fc3e9bad656df9f37aeaec5eef3ef49318ca68a1299d5c9f1a78ff852e0375a9c30d08daa22752e64a3abd1286c0188f216446a8e3c244b6bf809a665de9fe5229d2946dff5750cbdcba5f2836ebc1485b80a5d0a72e79f694bd69edb5413e3c293f74208421f3373ced03701d77cc5d4b1d1d9675f7a040fe6ac4169d599b07e34e46aee6840275f972d3a5ad8843c0a8fdde283cd69eb37602692ab97dd8fbb5907027af6e48bce2d255d5514b1332e5e521503470dc44f29c603dedd984764e9a96b4cb75de17d99133da66b9c83e0ae35fae2dba789a4879a77c12cae3c0cc3b36c5175fe9e3d7a622dd17f4f6da22e3b7e84b3aba75ab3be000a103fd5ec139191f1a25e25058505aac74513fe4143591231cec070a77839918f9a341f217f929a77ca0ea72c93763301d5d470a6f921165d26848802d910d0083f9ce68b4c20a50c70e504823a94cb842036954adaff1aa5aae7156484b2fb3fb1bbe3fab5d8b0685746c4ce13e26719e18d59debd1af0bf31fb494cd766c91145cbf315eed267996fcead1b0d859973709c0079f3fb89728ba1764cdcef008a30b97377d6d71e3ada0832cffc3271ecc5f0a3476eb1899b31fb0c465d0fc55aeb3ca5da121db8103dc68a2c35628d5dd29cb6a392b7a929eee6da59a13c94043b1a4137cac4a7b8371fbf7670da1e2bcddc5125e16262cc733125944d7d95500a49a748cb4635ef5249b57590f0c9b92d881c0ac6dfb3c54688cc33bef9c9e84d86edd83e085a5ba60106b623715e6737fc40d9b899d9d34f9589cc724e81531e101140d2227d2036d25ee50b8b3380058cee74c7e490b33716a8adcc1ee33ffe9d66592495c571854a2eb4135a91ff2f0afd70914feb4a3e21486c4e0c3557413c298aaf4ab51324505ffce8b88f3512cece196a5950a3cdab2aa524a3eb680365bead934acb7ef7885f41f2cf627f36553f2b7233e1812269618ea68b1dd600a9c3474ea0b9cbaa657ecb169401acd7b10157bbfb75179a41d660d876dc52f7831aeb880d96116a16466186eb877c887724c115ad58651212472fad0385a5f95d87aa3cf3ed69a0feff52b9aac2aa013d78059ad0498ced2688df4b94df974174fd05a4321c7b2338065556fca02584c1779c0e38fb35f33fb58e509b327b0573f9048d24fb5fd1ddd3043ea01000a28bb23f8c50b730dbde3d12930b8553bfeb68f20669d633016c2c2db366e62853ecdeb9b246d79441f5f1a6fda4ea3c233e2c6d033bb7b558d55ddbe2711e1b2bb1e322bbb597eba7bc63390dc8b0cec2094a1a3a1f55d188c23d6549e0380b9e98b0999cbdf076661cfce3f4fe0f242b2a4ff4f4329c48d7e72785610d94ff535a8870523f5febc6f3b25621efa54778cac6f03a1384e4d6376cd3f661ea5cff07fd1ed7118021b2d06313408765c8360bef0ba823e8226d54e243522ef04ba6aca4e66bb68f1f64bd354c628f05bde6b7179a1352f087536742be41c8f2a23408189fcd4d6c0b51fd91a781fb00eb3fc6093250a5e13255a2b636686eb700476699ea76fff16e80f7622071c3f02a4a59d47d85c230097a9153de035cc4b2ebdbe63fd1ca2f2ccbcdafeb277d5f23bf41b51cb21c928da558ac15184c0c22286417e506ed0ef74ad291d02a63d43c2b3d02c55528e5cebe06917eb44148c64bb07e01fecac29cf8217009742d2026a8f4f1e53f623f75b084c1004e96ed2e2f289ad134ef8cda7a10537581a654d63b8ce527bb1752844c26e0ab0eb124b81646d431498ab7528ff0ec9187d1c9edb2ada59059a28077aa121255e2b306ac1d6527613f89b50a9bded388ce7ff500f569e3e39715822984e3785be0642bdd7ef80ec385986a8ad929d81b351e2bfa255ee3a0ad635ec621a86f18931977995254871eefb91b0354acc25349fe14b05ddf10d6de5469a26d805a1bcb446e0157c25f6f4ddf4f1d2003609f72d2f41627e8e18a61ee354254c212f6e7c792d3f526ddb345bd5285bd5ae6fca04ab711962178a509f23cd0c51dd6c0803a6476b7dd7c8f260c69c1acfb29348a499508a1b4a2846bc50dc3f9145f23706a55740387bea42c06f6716ba22bceb538c3006c5b85ae0cfc94d5afc7fc35e6afb170981eaf90ed52f30a30bf5ffe63cf7fe6c150511e409f6c4014cd663671bfed58866347325e5a28f684a7061743e1d731c65d6a2b93dbc29ce1c3544496536f586b7dea4622e701592d47399a4b85bba4a835e848e71a7d40c2460dce7d1f6b1af2226dcab22d8511a684bbbfa008d1ad9541502f42c7db885836e024724a39bb5d02c57c9d5d73de5fa2dcbc9ad10254b87f5c72c23e66a28462b1b2586585381e4088aed7ddf9974ff679a4f1e8a2d2aa0e693e6936efa83863914f6b675b0e78300bef950b50bdd8373e58847064bed08c4b02415605d452f0c92c814efc80e487f4845e9af1d991a90f7690df9e14c5c89470c0ce949bca17c7340ab15aeb7474309c9b1bf3efa8419816a9badbecbd9ae3f4c9d321b100d22e143fbc85bb973f624fe9033c546194d6ea53a1e6865d884876948dcfe97b55a754ae3100065a513eaf1b10a63cbd3538e5eaeb399ad540a5a55d757b4d701de2384b604dc1fb7c7731c3ae6d0d41aed785a0470d2dc897c2c77d42a52f33c8ea9e62a6a4ef12bca29fb8f7d277672bcfae94674b2f2530e65c822f8708b1c7febd10c6ae714cc732d20b2cb93fcc5c8df6d0746fba8701f1260236942b3fbf0f1cce69720527312d58e7743a3444fac6db4d7027b8dd8906ea440eadce4e224309acf281cc712ffb88d1907325d7c3903c0f85552469c612666293ed569ba4afe74e33b3833b937bea2e134451f6a114778ec1d2f10ced194a8ec7fcc90d7f1218511e3193ba3a2a09f12394debc2a06a85dd4c5277049c3de14e6c73578c0b84744b925fa1e1c3c748d9b0f3b8ba7245c9d61416c51e00f4b9bafe65604a97b2f85ac6bd1b984e19308508fabfcc00c5607cb470f224c9ab7d13fee81daa7d559458d9f93910fda2111964939d649e03e7049d86b4c7ce8366b8b84b43abb70560203bfa6ad1f8719438378b44feb623a32dc6b46b7350019fc887d7b85ca1afb064b9f51ecf4dca35387584abffb6eaf159007074687606010c30c827b252f4915773b74bba305a437b7dcfd611aeedddabf474a3bdda2bdb73832f7989975e8a194bd7364e274ea346c3b2d4d155991cff1065d91a4c1e5110dbb8cb587f07fded9c05b2118dcbe55ef85d4f04bd7a698b5dd021ff53c6b5006f7f7cf755697e75a55b9bf64ce126916c058de88475926e2cdebb2a28cfd331226d94352eb2f1de85cb5d0927c9a579f9f9ea7acb014da6189296cad89ab662a11807e2ae44c029d76ee4e849c73bb0d945016a18238fb3c13fd1bd9766eaee17fb49f8d9e8e6f804032cc7b1bf34701c841f973a16b413bae94f742b4d49ebed0e8c23223bd9a80ae56c32e76d3c85985bf2a5d5fbb32136957e9afcc49f608b68c139a99d145ba8f19c3e9171967e33a63be4ac3c3b060a650b5a1ff87c3ceb08ec55fc80f94892094017eafbdea7077ff541680566d014f447556187710c8876adc4c2217fb41f63d8ebefda9694b41f0878c633", 0xfff}, {&(0x7f0000000180)="dd43", 0x2}], 0x2}, 0x0)

8m7.053626973s ago: executing program 5 (id=1159):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000840)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$packet(0x11, 0xa, 0x300)
ioprio_set$pid(0x1, 0x0, 0x4000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)
setresuid(0x0, 0x0, 0x0)
pwrite64(r1, 0x0, 0x0, 0xfecc)
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r2, r2, 0x0, 0x548)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000000)='x', 0xf9f}, {&(0x7f00000001c0)='\x00\x00\x00\x00', 0x4}, {&(0x7f0000000400)='!', 0x1}], 0x3)

8m5.02948987s ago: executing program 5 (id=1165):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e5cf01406e0510401c20000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000dc0)={0x34, &(0x7f0000000ac0)={0x0, 0x0, 0x1, '='}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8m1.819098442s ago: executing program 5 (id=1177):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000380), 0x800)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x4010)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@quota}, {@grpquota_block_hardlimit={'grpquota_block_hardlimit', 0x3d, [0x33]}}]})
chdir(&(0x7f0000000100)='./file0\x00')
symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

8m0.437584768s ago: executing program 5 (id=1180):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000038000/0x1000)=nil)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f0000000040)={0x9, {0x40, 0x8, 0xff}})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r4, @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000100), 0x1001)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r7 = dup3(r6, r5, 0x0)
recvmmsg(r7, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xf, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703ffffffde0000850000001b000000b7000500000000000000010000000000"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x71, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r8 = shmat(r3, &(0x7f00004d8000/0x1000)=nil, 0x4000)
shmdt(r8)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$cramfs(&(0x7f0000000540), &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x208e411, &(0x7f0000003100)=ANY=[], 0x2, 0x154, &(0x7f0000000880)="$eJzszk9LKlEcxvHnMHPV+8crF25gQSa0aFBMm7BWURoJA9lA4aZNgU0kKEZCuQoj2rUI2rqwglbiW7CsjaUQ9ibauHZpHEeIoE3757MZzvec85uzstDW4AeOPRhYzuf2D6xCwdrxr5vJxMZbvR6T3QGg92nfPn8XA/bkVwW6J4DMD25gN5O1ptP5rFx3Y4AGIP4bS7JHZPsH/JLtv312BvZ9bRJojNhN/6LNDtuYCsQ9dpPz+lfAlJznBJDJWk77eSiWg7Xq01qraYQCt+MKzozgxA+50R8yQgGfda4nRm/+eBWkrMdrxIW89xpuhl7CtWqn3UqumosAdH1OAKVItGM+t4xo6QLqlvMQ2BSAwMd/HPD61JQLpwK4HMzq3gs3gEalZ+b+zleGb3MdKX5AFMvpbUWufwKKBgEiIiIiIiIiIiIiIiIiIqLveg8AAP//vzBjqA==")
sendto$l2tp(0xffffffffffffffff, 0x0, 0x0, 0x40080, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)

7m44.855046659s ago: executing program 34 (id=1180):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000038000/0x1000)=nil)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f0000000040)={0x9, {0x40, 0x8, 0xff}})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r4, @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000100), 0x1001)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r7 = dup3(r6, r5, 0x0)
recvmmsg(r7, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xf, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703ffffffde0000850000001b000000b7000500000000000000010000000000"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x71, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r8 = shmat(r3, &(0x7f00004d8000/0x1000)=nil, 0x4000)
shmdt(r8)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$cramfs(&(0x7f0000000540), &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x208e411, &(0x7f0000003100)=ANY=[], 0x2, 0x154, &(0x7f0000000880)="$eJzszk9LKlEcxvHnMHPV+8crF25gQSa0aFBMm7BWURoJA9lA4aZNgU0kKEZCuQoj2rUI2rqwglbiW7CsjaUQ9ibauHZpHEeIoE3757MZzvec85uzstDW4AeOPRhYzuf2D6xCwdrxr5vJxMZbvR6T3QGg92nfPn8XA/bkVwW6J4DMD25gN5O1ptP5rFx3Y4AGIP4bS7JHZPsH/JLtv312BvZ9bRJojNhN/6LNDtuYCsQ9dpPz+lfAlJznBJDJWk77eSiWg7Xq01qraYQCt+MKzozgxA+50R8yQgGfda4nRm/+eBWkrMdrxIW89xpuhl7CtWqn3UqumosAdH1OAKVItGM+t4xo6QLqlvMQ2BSAwMd/HPD61JQLpwK4HMzq3gs3gEalZ+b+zleGb3MdKX5AFMvpbUWufwKKBgEiIiIiIiIiIiIiIiIiIqLveg8AAP//vzBjqA==")
sendto$l2tp(0xffffffffffffffff, 0x0, 0x0, 0x40080, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)

5m15.434084105s ago: executing program 3 (id=1596):
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@bridge_delneigh={0x1c, 0x1c, 0xc07, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x40}}, 0x1c}}, 0x50)

5m15.197899254s ago: executing program 3 (id=1599):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_buf(r0, 0x0, 0x30, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000000)='.\x00', 0x400017e)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r8)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r7, &(0x7f0000000040), 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)

5m10.17648643s ago: executing program 3 (id=1604):
r0 = socket$kcm(0x11, 0x3, 0x300)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x0)

5m9.47832586s ago: executing program 3 (id=1609):
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@bridge_delneigh={0x1c, 0x1c, 0xc07, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x40}}, 0x1c}}, 0x50)

5m0.424529105s ago: executing program 3 (id=1633):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280))
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = dup(r1)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0, 0xd000})
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000080)={0x0, r2})
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)

4m56.200944057s ago: executing program 3 (id=1643):
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@bridge_delneigh={0x1c, 0x1c, 0xc07, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x40}}, 0x1c}}, 0x50)

4m40.79753893s ago: executing program 35 (id=1643):
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@bridge_delneigh={0x1c, 0x1c, 0xc07, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x40}}, 0x1c}}, 0x50)

2m50.336789591s ago: executing program 6 (id=2152):
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0a000000070000000200000004"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m50.138681182s ago: executing program 6 (id=2153):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000002c0)=""/110, 0x6e}, {&(0x7f00000047c0)=""/4060, 0xfdc}, {&(0x7f00000037c0)=""/4069, 0xfe5}, {&(0x7f0000000700)=""/244, 0xf4}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000001780)=""/14, 0xe}, {&(0x7f00000011c0)=""/209, 0xd1}, {&(0x7f00000012c0)=""/126, 0x7e}, {&(0x7f00000004c0)=""/38, 0x26}], 0x9}, 0x40000100)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000900)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
recvmsg$kcm(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002)

2m46.626737046s ago: executing program 6 (id=2156):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d80000001000810468", 0x9}], 0x1}, 0x20000880)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

2m46.30665619s ago: executing program 6 (id=2161):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="1400000038000b63d25a80648c251bfd07b5e9d1", 0x14}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x20)

2m45.826858035s ago: executing program 6 (id=2166):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x8, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @ringbuf_query]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000007c0)="d2ff030770030300000008ef88a8", 0x0, 0xd5b3, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m45.242583846s ago: executing program 6 (id=2169):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f00000001c0)=0x3)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$kcm(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @multicast})

2m29.896840513s ago: executing program 36 (id=2169):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, &(0x7f00000001c0)=0x3)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$kcm(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @multicast})

2m3.328805707s ago: executing program 7 (id=2292):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000080)=0xfffffffe, 0x4)
sendto$inet6(r0, &(0x7f0000f6f000), 0x0, 0x22000005, &(0x7f00000000c0)={0xa, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={r0, 0x9, 0xc6d, 0x2})
r1 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0xfffff004}]})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x43, &(0x7f0000000040), 0x3b)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
preadv2(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$USBDEVFS_BULK(r6, 0xc0185502, 0x0)

2m2.376195624s ago: executing program 7 (id=2293):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000341000/0x6000)=nil, 0x6000, 0x200000c, 0x810, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1f, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x1, 0x5, 0xc, 0x900}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000002240), &(0x7f0000002280)={'enc=', 'pkcs1', ' hash=', {'hmac(sha256-avx2)\x00'}}, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$unix(0x1, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144e4ceb18b32b5b819d56f4aa3fe1aaf904aa07b7b748ab54c9b47531624c0ca3cc3e9246587e7cea8af062e15c1c27d8e9d9328114f2bda697decbedc50cc278f543faa13098717d9f379121225b179faeebe79be6a82dea4403a3bc7990b1cfee9e5a1aaf11b32facecc76bc0ad86f4fa184dd6e", 0x9e}, {&(0x7f0000000340)="5fdbd61342a1560054f74cee82024cacdf79b6be94f99a7aea5b7678644cc1ef33880d4a59cad1fd0852b05064b02335eb6064c24f1ad3", 0x37}], 0x2}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
readv(r1, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xfa}, {&(0x7f0000003300)=""/4095, 0xfff}], 0x2)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x31]}}}}]})

2m1.062443422s ago: executing program 7 (id=2295):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$int_out(r3, 0x5460, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x513, &(0x7f0000000c40)="$eJzs3W9rJHcdAPDvTLJp7i41WxU5C7bFVu6K3m7S2DaKtBVEHxXU+jzGZBNCNtmQ3dRLKJriCxBEVPAF+ETwBQjSlyDCgT4XFUX0Th/qjczuRPNnN1mSTfbcfD4w2d9v/n2/vyE7O39+zARwbb0QEW9FxFhEvBwR08X4tBgW8sp+Z75HD99byocksuydvyWRFOMO1pXXxyPiVmeRmIyIr38l4lvJybjN3b31xXq9tl3Uq62NrWpzd+/e2sbiam21tjk3N/va/Ovzr87PZIULtbMcEW986U8/+v7PvvzGrz7z7d8v/OXud/K0vvCxTt4RsXShAD101l1qb4sD+TbavoxgQ5K3pzQ27CwAAOhHfoz/4Yj4ZPv4fzrG2kdzAAAAwCjJ3pyKfyURGQAAADCy0oiYiiStFH0BpiJNK5VOH96Pxs203mi2Pr3S2NlczqdFlKOUrqzVazNFX+FylJK8Plv0sT2ov3KsPhcRz0TED6dvtOuVpUZ9edgXPwAAAOCauPX80fP/f06n7TIAAAAwYso9KwAAAMCocMoPAAAAo8/5PwAAAIy0r779dj5kB+/xXn53d2e98e695VpzvbKxs1RZamxvVVYbjdX2M/s2zlpfvdHY+mxs7tyvtmrNVrW5u7ew0djZbC2sHXkFNgAAAHCFnnn+g98lEbH/+RvtIYrnAAIc8cdhJwAM0tiwEwCGZnzYCQBDUzpzDnsIGHXJGdNPdt7pXCuMX19OPgAAwODd+fjJ+/8TxbSzrw0A/8/09QGA68fdPbi+SuftAXh70JkAw/KhzsdTvab3fHhHH/f/O9cYsuxciQEAAAMz1R6StFIcp09FmlYqEU+3XwtQSlbW6rWZ4vzgt9Olp/L6bHvJ5Mw+wwAAAAAAAAAAAAAAAAAAAAAAAABAR5YlkQEAAAAjLSL9c9J+mn/EnemXpo5eHTj21q+fvvPj+4ut1vZsxETy9+l81EREtH5SjH8l80oAAAAAeAJ0ztOLz9lhZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn08L2lg+Eq4/71ixFR7hZ/PCbbn5NRioib/0hi/NBySUSMDSD+/vsRcbtb/CQeZ1lWLrLoFv/GJccvtzdN9/hpRNwaQHy4zj7I9z9vdfv+pfFC+7P792+8GC6q9/4v/e/+b6zH/ufpY/Venn3wi2rP+O9HPDveff9zED/pxD8SIq+82Gcbv/mNvb2uEw6tslv8w7GqrY2tanN3797axuJqbbW2OTc3+9r86/Ovzs9UV9bqteJv1zA/+MQvH5/W/ps94pePtv/E9n+pr9Zn8e8H9x9+pFMpdYt/98Xuv7+3e8RPi9++TxXlfPqdg/J+p3zYcz//zXOntX+5R/snz2j/3b7aH597+Wvf+0PXKSe2BgBwFZq7e+uL9Xpt+5TCZB/zXHHhzScjjQEW4slIY1iF7Lud/8eLreeCi58oZBdZfDwGkMbEie/pWJx3hUnEfr6uPv8hAQCAEfO/g/7T7iABAAAAAAAAAAAAAAAAAAAAl+mcjyWbjIi+Zz4ec384TQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONV/AgAA//8FStFZ")
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1m58.13510953s ago: executing program 7 (id=2301):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x48cf, &(0x7f0000000540)={[{@shortname_winnt}, {@shortname_winnt}, {@rodir}, {@shortname_winnt}, {@fat=@quiet}, {@shortname_winnt}, {@uni_xlateno}, {@fat=@discard}, {@fat=@dos1xfloppy}, {@uni_xlate}, {@utf8no}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)

1m57.403944757s ago: executing program 7 (id=2304):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000341000/0x6000)=nil, 0x6000, 0x200000c, 0x810, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1f, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x1, 0x5, 0xc, 0x900}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000002240), &(0x7f0000002280)={'enc=', 'pkcs1', ' hash=', {'hmac(sha256-avx2)\x00'}}, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$unix(0x1, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144e4ceb18b32b5b819d56f4aa3fe1aaf904aa07b7b748ab54c9b47531624c0ca3cc3e9246587e7cea8af062e15c1c27d8e9d9328114f2bda697decbedc50cc278f543faa13098717d9f379121225b179faeebe79be6a82dea4403a3bc7990b1cfee9e5a1aaf11b32facecc76bc0ad86f4fa184dd6e", 0x9e}, {&(0x7f0000000340)="5fdbd61342a1560054f74cee82024cacdf79b6be94f99a7aea5b7678644cc1ef33880d4a59cad1fd0852b05064b02335eb6064c24f1ad3", 0x37}], 0x2}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
readv(r1, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xfa}, {&(0x7f0000003300)=""/4095, 0xfff}], 0x2)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x31]}}}}]})

1m55.566687084s ago: executing program 7 (id=2307):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r0, &(0x7f0000000140)='attr/fscreate\x00')

1m54.94273507s ago: executing program 37 (id=2307):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r0, &(0x7f0000000140)='attr/fscreate\x00')

1m35.949510306s ago: executing program 4 (id=2349):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x19, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

1m34.279367715s ago: executing program 4 (id=2350):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000038000/0x1000)=nil)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f0000000040)={0x9, {0x40, 0x8, 0xff}})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000100), 0x1001)
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r7 = dup3(r6, r5, 0x0)
recvmmsg(r7, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
r8 = shmat(r3, &(0x7f00004d8000/0x1000)=nil, 0x4000)
shmdt(r8)

1m32.658122849s ago: executing program 4 (id=2353):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1f, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000fce5ffff000000000900000018100000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a6000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m32.528189354s ago: executing program 4 (id=2354):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x48cf, &(0x7f0000000540)={[{@shortname_winnt}, {@shortname_winnt}, {@rodir}, {@shortname_winnt}, {@fat=@quiet}, {@shortname_winnt}, {@uni_xlateno}, {@fat=@discard}, {@fat=@dos1xfloppy}, {@uni_xlate}, {@utf8no}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)

1m32.130189712s ago: executing program 4 (id=2357):
socket$netlink(0x10, 0x3, 0x12)
pipe(&(0x7f0000000480))
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000002340)={0xc, {"a2e3ad214fc752f91b2547f70e06d038e7ff7fc6e5539b3250078b089b39083872090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x1fa7}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x259fdbfc, {0x0, 0x0, 0x0, r12, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0x9, 0x5, 0xffffffff}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x2004c000)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x52)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})

1m28.601370765s ago: executing program 4 (id=2363):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000ddc0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x24, 0x0, 0x41046100, 0xffff, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x1}}, 0x50)

1m27.449952337s ago: executing program 38 (id=2363):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000ddc0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x24, 0x0, 0x41046100, 0xffff, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x1}}, 0x50)

6.277197513s ago: executing program 2 (id=2560):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)={0x28, 0x1a, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x3ffc, 0x0, 0x0, @str=':*^${\x00'}, @nested={0xc, 0x1b, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='}\x00'}]}]}, 0x28}], 0x1}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r5, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x8, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5)
writev(r5, &(0x7f0000000880)=[{0x0}, {0x0}, {0x0}], 0x3)
shutdown(r5, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)

4.954677166s ago: executing program 0 (id=2569):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x17)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x18, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

4.76444125s ago: executing program 1 (id=2571):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="7a0a00ff000000007110810000000000"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.274617203s ago: executing program 0 (id=2574):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x40)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x6001, 0x8084}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @private=0xa010101}]}}}]}, 0x3c}}, 0x800)
sendmsg$nl_route(r0, 0x0, 0x20004000)

4.13164486s ago: executing program 1 (id=2576):
pipe(&(0x7f0000000480))
syz_io_uring_setup(0x9e, 0x0, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000002340)={0xc, {"a2e3ad214fc752f91b2547f70e06d038e7ff7fc6e5539b3250078b089b39083872090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x1fa7}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x259fdbfc, {0x0, 0x0, 0x0, r12, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0x9, 0x5, 0xffffffff}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x2004c000)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x52)

3.982690875s ago: executing program 2 (id=2577):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000005c0)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
sendfile(r0, r0, 0x0, 0x800000009)

3.982363036s ago: executing program 0 (id=2578):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0)
preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)

3.777756674s ago: executing program 8 (id=2580):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)

3.318245779s ago: executing program 9 (id=2582):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x0, 0x12, 0x60a, 0x130, 0x202, 0x238, 0x2e8, 0x2e8, 0x238, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, @mcast2, [0x4000000], [0x4000000], 'veth1_to_bond\x00', 'xfrm0\x00', {0xff}, {}, 0xc}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@inet=@socket2={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}, {0xffffffffffffffff, 0xf9}}}}, {{@ipv6={@private2, @loopback, [], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)

3.318031791s ago: executing program 8 (id=2583):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000bc0)=ANY=[@ANYBLOB="180100002800010004000040fcdbdf2507"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

3.085771766s ago: executing program 9 (id=2584):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x17)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x18, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

2.946012726s ago: executing program 1 (id=2585):
mknod$loop(&(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x0)

2.901738885s ago: executing program 8 (id=2586):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="7a0a00ff00000000711081000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.899374653s ago: executing program 0 (id=2587):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c01250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x19, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

2.810741831s ago: executing program 2 (id=2588):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
socket$kcm(0x10, 0x400000002, 0x0)
socket$kcm(0x1e, 0x4, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x20000, 0x4, 0x3, 0x141, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

2.783174311s ago: executing program 1 (id=2589):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
write$binfmt_script(r1, &(0x7f0000000440)={'#! ', './file0'}, 0xb)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

2.768280957s ago: executing program 9 (id=2590):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="03000000040000000400"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r5}, &(0x7f0000000540), &(0x7f0000000580)}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r5, &(0x7f0000000780)}, 0x20)
rt_sigsuspend(0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r6, 0x0, 0xfffffffffffffff9}, 0x18)
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x4}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

2.56846346s ago: executing program 8 (id=2591):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
close(r0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000001540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2.27072467s ago: executing program 1 (id=2592):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRES64=r0, @ANYBLOB="612557ec188afb5d34b464b5d0296ef370473fd2dd5f05da37e35e6a82a558d2c28998488477448e4304cbc78dbf0b84395cd791e1d3a707bca4edb67fe5543d2974fbee1407c9d47b5671371acfa16571b867f6efc65ea6d45a7ce1e37d1d971bb32833b9aa94c0bb970bbf3bab20cd193be8a765a9b04fbb144806e3ecb1a61e7a522dd6aeda1bc0b510938810e806c2", @ANYRESHEX])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2.270427331s ago: executing program 0 (id=2593):
ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x280}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2b, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2.103735617s ago: executing program 8 (id=2594):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x4, 0x0, 0x0, 'queue0\x00'})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8882)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x4}, 0xd023})

2.021739334s ago: executing program 2 (id=2595):
r0 = socket$inet6(0xa, 0x805, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}}]}, &(0x7f00000002c0)=0x10)

1.806409649s ago: executing program 2 (id=2596):
pipe(&(0x7f0000000480))
syz_io_uring_setup(0x9e, 0x0, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000002340)={0xc, {"a2e3ad214fc752f91b2547f70e06d038e7ff7fc6e5539b3250078b089b39083872090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x1fa7}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x259fdbfc, {0x0, 0x0, 0x0, r12, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0x9, 0x5, 0xffffffff}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x2004c000)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x52)

1.806153806s ago: executing program 8 (id=2597):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x2c060000)
unshare(0x2c020400)

1.68325038s ago: executing program 9 (id=2598):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
creat(&(0x7f0000000080)='./file0/file1\x00', 0x90)
unlink(&(0x7f0000000100)='./file0/file1\x00')

1.289427143s ago: executing program 9 (id=2599):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@discard}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x0)

636.704914ms ago: executing program 9 (id=2600):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x17)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x18, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

635.924061ms ago: executing program 0 (id=2601):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)

488.496291ms ago: executing program 2 (id=2602):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvlan1\x00', <r1=>0x0})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="400000001000030500000000fddbdf0000000000", @ANYRES32=0x0, @ANYBLOB="02880100373004002000128008000100687372001400028008000100", @ANYRES32=r1, @ANYBLOB="08000200", @ANYRES32=r3], 0x40}}, 0x4)

0s ago: executing program 1 (id=2603):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="7a0af8ff75257025bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
brk(0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28)

kernel console output (not intermixed with test programs):

 0 to 256
[  868.645261][T13451] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  869.135869][T13454] syzkaller0: entered promiscuous mode
[  869.146733][T13454] syzkaller0: entered allmulticast mode
[  869.378715][   T30] audit: type=1800 audit(1750517552.937:49): pid=13463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2100" name="bus" dev="loop1" ino=1048653 res=0 errno=0
[  869.498870][T13463] exFAT-fs (loop1): start_clu is invalid cluster(0xffffffff)
[  869.532238][   T30] audit: type=1804 audit(1750517552.977:50): pid=13465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2100" name="/newroot/443/file2/bus" dev="loop1" ino=1048653 res=1 errno=0
[  870.318740][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.325279][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  871.849187][ T7571] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  872.314148][T13485] netlink: 'syz.4.2112': attribute type 3 has an invalid length.
[  872.331576][T13485] netlink: 201372 bytes leftover after parsing attributes in process `syz.4.2112'.
[  873.910949][T13510] netlink: 'syz.4.2123': attribute type 3 has an invalid length.
[  873.932892][T13510] netlink: 201372 bytes leftover after parsing attributes in process `syz.4.2123'.
[  878.120701][T13536] netlink: 'syz.8.2134': attribute type 3 has an invalid length.
[  878.151966][T13536] netlink: 201372 bytes leftover after parsing attributes in process `syz.8.2134'.
[  879.432607][T13544] syzkaller0: entered promiscuous mode
[  880.603063][T13544] syzkaller0: entered allmulticast mode
[  880.613935][T13548] netlink: 'syz.8.2139': attribute type 12 has an invalid length.
[  880.629222][T13548] netlink: 132 bytes leftover after parsing attributes in process `syz.8.2139'.
[  880.800829][T13558] loop8: detected capacity change from 0 to 256
[  880.834948][T13558] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  881.968785][T13561] exFAT-fs (loop8): start_clu is invalid cluster(0xffffffff)
[  881.969177][   T30] audit: type=1800 audit(1750517565.527:51): pid=13560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2142" name="bus" dev="loop8" ino=1048655 res=0 errno=0
[  884.239252][ T6310] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  887.503261][T13587] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2153'.
[  887.534819][T13595] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2155'.
[  887.568544][T13596] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2155'.
[  887.926369][   T61] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  887.944059][ T6310] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  888.049554][T13609] netlink: 'syz.6.2161': attribute type 3 has an invalid length.
[  888.080915][T13609] netlink: 201372 bytes leftover after parsing attributes in process `syz.6.2161'.
[  888.952150][T13624] loop7: detected capacity change from 0 to 256
[  889.011648][T13624] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  889.038229][   T24] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  889.988231][   T24] usb 9-1: Using ep0 maxpacket: 32
[  889.997062][T13631] exFAT-fs (loop7): start_clu is invalid cluster(0xffffffff)
[  890.005319][   T30] audit: type=1800 audit(1750517573.547:52): pid=13630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2167" name="bus" dev="loop7" ino=1048657 res=0 errno=0
[  890.151466][   T24] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  890.202887][   T24] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  890.256154][   T24] usb 9-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9
[  890.286352][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  890.335245][   T24] usb 9-1: Product: syz
[  890.348792][   T24] usb 9-1: Manufacturer: syz
[  890.371114][   T24] usb 9-1: SerialNumber: syz
[  890.404709][T13629] syzkaller0: entered promiscuous mode
[  890.406941][   T24] usb 9-1: config 0 descriptor??
[  890.418566][T13629] syzkaller0: entered allmulticast mode
[  890.645147][T10872] usb 9-1: USB disconnect, device number 13
[  891.051015][T13648] netlink: 'syz.1.2176': attribute type 3 has an invalid length.
[  891.065273][T13648] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.2176'.
[  891.985992][T13659] loop7: detected capacity change from 0 to 256
[  892.159362][T13659] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  893.548718][T13665] exFAT-fs (loop7): start_clu is invalid cluster(0xffffffff)
[  893.550549][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  893.621953][   T30] audit: type=1800 audit(1750517577.107:53): pid=13664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2181" name="bus" dev="loop7" ino=1048659 res=0 errno=0
[  894.224786][ T5151] Bluetooth: hci5: command 0x0405 tx timeout
[  894.384503][T13680] netlink: 'syz.8.2189': attribute type 3 has an invalid length.
[  894.393087][T13680] netlink: 201372 bytes leftover after parsing attributes in process `syz.8.2189'.
[  896.755221][T13710] netlink: 200 bytes leftover after parsing attributes in process `syz.8.2198'.
[  900.472619][T13739] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2206'.
[  901.788596][T13750] netlink: 200 bytes leftover after parsing attributes in process `syz.1.2210'.
[  903.329014][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  904.672130][T13771] fuse: Bad value for 'rootmode'
[  905.543988][T13782] lo speed is unknown, defaulting to 1000
[  906.511815][T13800] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2227'.
[  906.664671][ T5151] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  906.676253][ T5151] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  906.684725][ T5151] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  906.696058][ T5151] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  906.705458][ T5151] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  906.955596][T13805] fuse: Bad value for 'rootmode'
[  906.968269][T13804] loop4: detected capacity change from 0 to 256
[  907.027895][T13804] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  907.137756][T13798] lo speed is unknown, defaulting to 1000
[  907.561675][   T30] audit: type=1800 audit(1750517591.117:54): pid=13812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2228" name="bus" dev="loop4" ino=1048661 res=0 errno=0
[  907.567907][T13812] exFAT-fs (loop4): start_clu is invalid cluster(0xffffffff)
[  907.619858][   T30] audit: type=1804 audit(1750517591.117:55): pid=13812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2228" name="/newroot/458/file2/bus" dev="loop4" ino=1048661 res=1 errno=0
[  907.920838][   T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.128806][   T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.419567][   T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.677684][   T36] bridge0: port 3(netdevsim0) entered disabled state
[  908.783534][T10159] Bluetooth: hci2: command tx timeout
[  908.797847][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): left allmulticast mode
[  908.978304][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): left promiscuous mode
[  908.989586][   T36] bridge0: port 3(netdevsim0) entered disabled state
[  909.728880][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  910.054204][T13798] chnl_net:caif_netlink_parms(): no params data found
[  910.115431][T13835] loop8: detected capacity change from 0 to 256
[  910.283253][T13835] FAT-fs (loop8): Directory bread(block 64) failed
[  910.328721][T13835] FAT-fs (loop8): Directory bread(block 65) failed
[  910.368434][T13835] FAT-fs (loop8): Directory bread(block 66) failed
[  910.375024][T13835] FAT-fs (loop8): Directory bread(block 67) failed
[  910.433380][T13835] FAT-fs (loop8): Directory bread(block 68) failed
[  910.460769][T13835] FAT-fs (loop8): Directory bread(block 69) failed
[  910.468992][T13835] FAT-fs (loop8): Directory bread(block 70) failed
[  910.475645][T13835] FAT-fs (loop8): Directory bread(block 71) failed
[  910.492370][T13835] FAT-fs (loop8): Directory bread(block 72) failed
[  910.538221][T13835] FAT-fs (loop8): Directory bread(block 73) failed
[  910.878449][T10159] Bluetooth: hci2: command tx timeout
[  911.905533][T13798] bridge0: port 1(bridge_slave_0) entered blocking state
[  911.918267][T13798] bridge0: port 1(bridge_slave_0) entered disabled state
[  912.578696][T13798] bridge_slave_0: entered allmulticast mode
[  912.590875][T13798] bridge_slave_0: entered promiscuous mode
[  912.607457][T13798] bridge0: port 2(bridge_slave_1) entered blocking state
[  912.614802][T13798] bridge0: port 2(bridge_slave_1) entered disabled state
[  912.622185][T13798] bridge_slave_1: entered allmulticast mode
[  912.660461][T13798] bridge_slave_1: entered promiscuous mode
[  912.673528][   T36] bridge_slave_1: left allmulticast mode
[  912.693570][   T36] bridge_slave_1: left promiscuous mode
[  912.720296][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  912.815622][   T36] bridge_slave_0: left allmulticast mode
[  912.858717][   T36] bridge_slave_0: left promiscuous mode
[  912.864624][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  912.945219][T10159] Bluetooth: hci2: command tx timeout
[  913.064330][T13870] loop8: detected capacity change from 0 to 256
[  913.105989][T13870] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  914.357231][   T30] audit: type=1800 audit(1750517597.907:56): pid=13885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2248" name="bus" dev="loop8" ino=1048663 res=0 errno=0
[  914.612873][T13885] exFAT-fs (loop8): start_clu is invalid cluster(0xffffffff)
[  914.639627][   T30] audit: type=1804 audit(1750517598.157:57): pid=13888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.2248" name="/newroot/94/file2/bus" dev="loop8" ino=1048663 res=1 errno=0
[  914.705086][T13892] 9p: Unknown Cache mode or invalid value fsca
[  915.022015][T10159] Bluetooth: hci2: command tx timeout
[  915.275414][ T3443] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  915.418929][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  915.612260][    T9] usb 2-1: Using ep0 maxpacket: 16
[  915.647802][    T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  915.688161][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.713904][    T9] usb 2-1: config 0 descriptor??
[  916.176649][    T9] lenovo 0003:17EF:6047.000A: item fetching failed at offset 3/5
[  916.219467][    T9] lenovo 0003:17EF:6047.000A: hid_parse failed
[  916.225783][    T9] lenovo 0003:17EF:6047.000A: probe with driver lenovo failed with error -22
[  916.477978][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  916.499253][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  916.519526][   T36] bond0 (unregistering): Released all slaves
[  916.681398][T13798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  916.704795][T13798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  916.753827][T13882] ªªªªªª: renamed from vlan0 (while UP)
[  917.960499][T13798] team0: Port device team_slave_0 added
[  918.045554][   T30] audit: type=1326 audit(1750517601.597:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.112959][   T36] tipc: Left network mode
[  918.122558][   T30] audit: type=1326 audit(1750517601.597:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.127493][T13798] team0: Port device team_slave_1 added
[  918.280797][    T9] usb 2-1: USB disconnect, device number 16
[  918.388373][   T30] audit: type=1326 audit(1750517601.617:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.411621][   T30] audit: type=1326 audit(1750517601.617:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.434822][   T30] audit: type=1326 audit(1750517601.617:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.520513][   T30] audit: type=1326 audit(1750517601.627:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.834544][T13931] loop1: detected capacity change from 0 to 512
[  918.854011][   T30] audit: type=1326 audit(1750517601.627:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  918.999805][T13931] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  919.116318][   T30] audit: type=1326 audit(1750517601.627:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13921 comm="syz.4.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6111f8e929 code=0x7ffc0000
[  919.144234][T13931] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e01c, mo2=0102]
[  919.164669][T13931] EXT4-fs (loop1): orphan cleanup on readonly fs
[  919.188710][T13931] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2262: bg 0: block 361: padding at end of block bitmap is not set
[  919.281054][T13931] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  919.319283][T13931] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #11: comm syz.1.2262: attempt to clear invalid blocks 33619980 len 1
[  919.398328][T13931] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2262: invalid indirect mapped block 1811939328 (level 0)
[  919.498780][T13931] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2262: invalid indirect mapped block 2185560079 (level 1)
[  919.660204][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  919.660259][   T30] audit: type=1800 audit(1750517603.167:72): pid=13942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2263" name="bus" dev="overlay" ino=516 res=0 errno=0
[  919.826827][T13931] EXT4-fs (loop1): 1 truncate cleaned up
[  919.934855][T13931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  920.185027][ T6007] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  920.206938][ T7571] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  920.431766][T13947] 9p: Unknown Cache mode or invalid value fscach
[  920.748857][T13798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  920.755866][T13798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  920.872603][T13956] futex_wake_op: syz.1.2262 tries to shift op by -1; fix this program
[  921.786861][T13798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  921.820741][T13798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  921.827736][T13798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  923.116299][T13798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  923.140575][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  924.408276][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  924.568410][   T24] usb 5-1: Using ep0 maxpacket: 16
[  924.592382][   T24] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  924.624288][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  924.670281][   T24] usb 5-1: config 0 descriptor??
[  925.125096][T13980] loop1: detected capacity change from 0 to 256
[  925.320898][T13980] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  925.361395][   T24] lenovo 0003:17EF:6047.000B: item fetching failed at offset 3/5
[  925.395822][   T24] lenovo 0003:17EF:6047.000B: hid_parse failed
[  925.628229][   T24] lenovo 0003:17EF:6047.000B: probe with driver lenovo failed with error -22
[  925.869730][   T30] audit: type=1800 audit(1750517609.347:73): pid=13991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2278" name="bus" dev="overlay" ino=1190 res=0 errno=0
[  926.597013][T13992] exFAT-fs (loop1): start_clu is invalid cluster(0xffffffff)
[  926.605657][   T30] audit: type=1800 audit(1750517610.147:74): pid=13992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2272" name="bus" dev="loop1" ino=1048665 res=0 errno=0
[  926.677159][   T30] audit: type=1804 audit(1750517610.147:75): pid=13998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2272" name="/newroot/479/file2/bus" dev="loop1" ino=1048665 res=1 errno=0
[  926.877289][T13798] hsr_slave_0: entered promiscuous mode
[  926.886791][T14003] 9p: Unknown Cache mode or invalid value fscach
[  926.895738][T13798] hsr_slave_1: entered promiscuous mode
[  926.903306][T13798] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  926.912433][T13798] Cannot create hsr debugfs directory
[  926.944446][   T36] hsr_slave_0: left promiscuous mode
[  926.966096][   T36] hsr_slave_1: left promiscuous mode
[  926.983636][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  926.998175][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  927.044924][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  927.053810][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  927.075428][  T978] usb 5-1: USB disconnect, device number 15
[  927.177389][   T36] veth1_macvtap: left promiscuous mode
[  927.202773][   T36] veth0_macvtap: left promiscuous mode
[  927.219774][   T36] veth1_vlan: left promiscuous mode
[  927.225201][   T36] veth0_vlan: left promiscuous mode
[  928.719492][ T5151] Bluetooth: hci5: command 0x0405 tx timeout
[  930.223548][   T30] audit: type=1800 audit(1750517613.717:76): pid=14043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2289" name="bus" dev="overlay" ino=2597 res=0 errno=0
[  931.062516][T14050] sock: sock_set_timeout: `syz.7.2292' (pid 14050) tries to set negative timeout
[  931.159163][   T36] team0 (unregistering): Port device team_slave_1 removed
[  931.211231][   T36] team0 (unregistering): Port device team_slave_0 removed
[  931.248484][   T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  931.418391][   T24] usb 2-1: Using ep0 maxpacket: 16
[  931.430984][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  931.445672][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.461142][   T24] usb 2-1: config 0 descriptor??
[  931.746038][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.754072][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.908029][   T24] lenovo 0003:17EF:6047.000C: item fetching failed at offset 3/5
[  931.925487][   T24] lenovo 0003:17EF:6047.000C: hid_parse failed
[  931.933241][   T24] lenovo 0003:17EF:6047.000C: probe with driver lenovo failed with error -22
[  933.228272][T14061] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2294'.
[  933.656235][T14021] lo speed is unknown, defaulting to 1000
[  933.805490][T14075] loop7: detected capacity change from 0 to 512
[  933.860963][T14075] EXT4-fs (loop7): blocks per group (95) and clusters per group (32768) inconsistent
[  934.665014][ T3538] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  934.765444][T10872] usb 2-1: USB disconnect, device number 17
[  936.621987][T14088] loop7: detected capacity change from 0 to 128
[  938.568265][T14107] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2305'.
[  938.880134][   T36] IPVS: stop unused estimator thread 0...
[  939.003706][T13798] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  939.125505][T13798] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  939.197494][T13798] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  939.293767][   T36] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  939.414391][T13798] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  940.698005][   T36] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  940.993901][   T36] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  941.272978][   T36] bridge0: port 3(netdevsim0) entered disabled state
[  941.530126][T10159] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  941.539989][   T36] netdevsim netdevsim7 netdevsim0 (unregistering): left allmulticast mode
[  941.550054][   T36] netdevsim netdevsim7 netdevsim0 (unregistering): left promiscuous mode
[  941.552971][T10159] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  941.560429][   T36] bridge0: port 3(netdevsim0) entered disabled state
[  941.574119][T10159] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  941.728882][   T36] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  942.301445][T10159] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  942.311170][T10159] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  942.466641][T14154] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2317'.
[  943.487567][T14160] can: request_module (can-proto-0) failed.
[  944.388329][ T5151] Bluetooth: hci1: command tx timeout
[  946.285554][   T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  946.400138][  T257] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  946.459477][   T10] usb 5-1: Using ep0 maxpacket: 16
[  946.475033][ T5151] Bluetooth: hci1: command tx timeout
[  946.476438][   T10] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  946.504345][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  946.525819][   T10] usb 5-1: config 0 has no interface number 0
[  946.568925][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  946.587685][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  946.611604][   T10] usb 5-1: Product: syz
[  946.615788][   T10] usb 5-1: Manufacturer: syz
[  946.630440][   T10] usb 5-1: SerialNumber: syz
[  946.648852][   T10] usb 5-1: config 0 descriptor??
[  946.668489][   T10] usb 5-1: Found UVC 0.00 device syz (046d:08f3)
[  946.674851][   T10] usb 5-1: No valid video chain found.
[  946.896392][ T5844] usb 5-1: USB disconnect, device number 16
[  948.538287][ T5151] Bluetooth: hci1: command tx timeout
[  949.407417][T14188] netlink: 'syz.8.2328': attribute type 27 has an invalid length.
[  950.409666][   T24] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  950.556333][T14189] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2327'.
[  950.570507][   T24] usb 9-1: Using ep0 maxpacket: 16
[  950.594478][   T24] usb 9-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[  950.604086][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.620335][ T5151] Bluetooth: hci1: command tx timeout
[  950.647082][   T24] usb 9-1: Product: syz
[  950.657207][   T24] usb 9-1: Manufacturer: syz
[  950.661378][T14151] lo speed is unknown, defaulting to 1000
[  950.669147][   T24] usb 9-1: SerialNumber: syz
[  951.404459][   T24] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  951.419807][T14198] netlink: 200 bytes leftover after parsing attributes in process `syz.1.2331'.
[  951.435699][   T36] batadv0: left allmulticast mode
[  951.457634][   T36] bridge0: port 4(batadv0) entered disabled state
[  951.472052][   T24] snd-usb-audio 9-1:222.0: probe with driver snd-usb-audio failed with error -71
[  951.484132][   T24] usb 9-1: USB disconnect, device number 14
[  951.501951][   T36] bridge_slave_1: left allmulticast mode
[  951.507644][   T36] bridge_slave_1: left promiscuous mode
[  951.531601][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  951.662621][ T7576] udevd[7576]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  951.740844][   T36] bridge_slave_0: left allmulticast mode
[  951.746556][   T36] bridge_slave_0: left promiscuous mode
[  951.795084][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.538274][T14231] netlink: 'syz.8.2337': attribute type 27 has an invalid length.
[  954.895778][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  954.896478][ T3538] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  955.461819][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  955.492115][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  955.512850][   T36] bond0 (unregistering): Released all slaves
[  955.823250][T14241] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2340'.
[  955.838011][T13798] 8021q: adding VLAN 0 to HW filter on device bond0
[  956.182568][   T30] audit: type=1107 audit(1750517639.737:77): pid=14248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='£'
[  956.243853][T13798] 8021q: adding VLAN 0 to HW filter on device team0
[  956.551866][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state
[  956.559129][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state
[  956.734035][ T6007] bridge0: port 2(bridge_slave_1) entered blocking state
[  956.741326][ T6007] bridge0: port 2(bridge_slave_1) entered forwarding state
[  957.626868][T14265] netlink: 'syz.4.2347': attribute type 3 has an invalid length.
[  958.459138][T14270] loop1: detected capacity change from 0 to 512
[  958.862674][   T36] hsr_slave_0: left promiscuous mode
[  958.957403][   T36] hsr_slave_1: left promiscuous mode
[  959.050801][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  959.131987][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  959.221392][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  959.283670][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  959.607102][T14270] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  959.620351][T14270] ext4 filesystem being mounted at /499/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  960.393547][   T36] veth1_macvtap: left promiscuous mode
[  960.408591][   T36] veth0_macvtap: left promiscuous mode
[  960.416714][   T36] veth1_vlan: left promiscuous mode
[  960.862722][   T36] veth0_vlan: left promiscuous mode
[  961.435050][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  961.800632][T14290] fuse: Unknown parameter '0x0000000000000003'
[  961.842265][T14292] loop4: detected capacity change from 0 to 128
[  963.174172][   T36] team0 (unregistering): Port device team_slave_1 removed
[  963.286493][   T36] team0 (unregistering): Port device team_slave_0 removed
[  964.163457][T14314] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2360'.
[  966.273256][T14151] chnl_net:caif_netlink_parms(): no params data found
[  966.904663][T14342] loop1: detected capacity change from 0 to 512
[  967.027310][T14342] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  967.069889][T14342] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e01c, mo2=0102]
[  967.108988][T14342] EXT4-fs (loop1): orphan cleanup on readonly fs
[  967.119386][T14342] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2366: bg 0: block 361: padding at end of block bitmap is not set
[  967.166914][T14342] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  967.182563][T14342] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #11: comm syz.1.2366: attempt to clear invalid blocks 33619980 len 1
[  967.184328][T14151] bridge0: port 1(bridge_slave_0) entered blocking state
[  967.407687][T14342] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2366: invalid indirect mapped block 1811939328 (level 0)
[  967.672197][T14342] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2366: invalid indirect mapped block 2185560079 (level 1)
[  967.826841][T14342] EXT4-fs (loop1): 1 truncate cleaned up
[  967.853245][T14342] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  967.901503][T14151] bridge0: port 1(bridge_slave_0) entered disabled state
[  967.908850][T14151] bridge_slave_0: entered allmulticast mode
[  967.916877][T14151] bridge_slave_0: entered promiscuous mode
[  967.928971][T14151] bridge0: port 2(bridge_slave_1) entered blocking state
[  967.936133][T14151] bridge0: port 2(bridge_slave_1) entered disabled state
[  967.943536][T14151] bridge_slave_1: entered allmulticast mode
[  967.960014][T14151] bridge_slave_1: entered promiscuous mode
[  968.041516][T10159] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  968.052106][T10159] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  968.061832][T10159] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  968.070636][T10159] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  968.081345][T10159] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  968.174893][T14348] lo speed is unknown, defaulting to 1000
[  968.391273][T14353] futex_wake_op: syz.1.2366 tries to shift op by -1; fix this program
[  970.358229][ T5151] Bluetooth: hci2: command tx timeout
[  970.931575][T14151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  971.065690][T14151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  971.098836][T10159] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  971.121763][T10159] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  971.130593][T10159] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  971.140335][T10159] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  971.148476][T10159] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  971.275494][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  971.495569][T14151] team0: Port device team_slave_0 added
[  971.523460][T14151] team0: Port device team_slave_1 added
[  972.341980][T14379] syz.1.2371: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  972.356927][T14379] CPU: 1 UID: 0 PID: 14379 Comm: syz.1.2371 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[  972.356955][T14379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  972.356967][T14379] Call Trace:
[  972.356976][T14379]  <TASK>
[  972.356985][T14379]  dump_stack_lvl+0x189/0x250
[  972.357021][T14379]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  972.357048][T14379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  972.357077][T14379]  ? __pfx__printk+0x10/0x10
[  972.357099][T14379]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  972.357129][T14379]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  972.357168][T14379]  warn_alloc+0x214/0x310
[  972.357189][T14379]  ? stack_depot_save_flags+0x40/0x900
[  972.357214][T14379]  ? __pfx_warn_alloc+0x10/0x10
[  972.357237][T14379]  ? kasan_save_track+0x4f/0x80
[  972.357264][T14379]  ? xskq_create+0x56/0x170
[  972.357281][T14379]  ? xsk_init_queue+0xb0/0x110
[  972.357305][T14379]  ? xsk_setsockopt+0x43f/0x710
[  972.357337][T14379]  ? do_sock_setsockopt+0x257/0x3e0
[  972.357362][T14379]  ? __x64_sys_setsockopt+0x18b/0x220
[  972.357385][T14379]  ? do_syscall_64+0xfa/0x3b0
[  972.357403][T14379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.357430][T14379]  __vmalloc_node_range_noprof+0x125/0x12f0
[  972.357485][T14379]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  972.357512][T14379]  ? __kasan_kmalloc+0x93/0xb0
[  972.357544][T14379]  vmalloc_user_noprof+0xad/0xf0
[  972.357563][T14379]  ? xskq_create+0xbf/0x170
[  972.357583][T14379]  xskq_create+0xbf/0x170
[  972.357604][T14379]  xsk_init_queue+0xb0/0x110
[  972.357636][T14379]  xsk_setsockopt+0x43f/0x710
[  972.357673][T14379]  ? __pfx_xsk_setsockopt+0x10/0x10
[  972.357700][T14379]  ? security_socket_setsockopt+0x18/0x2c0
[  972.357726][T14379]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  972.357746][T14379]  ? aa_sock_opt_perm+0xff/0x1b0
[  972.357779][T14379]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  972.357801][T14379]  ? __pfx_xsk_setsockopt+0x10/0x10
[  972.357830][T14379]  do_sock_setsockopt+0x257/0x3e0
[  972.357860][T14379]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  972.357892][T14379]  ? __fget_files+0x2a/0x420
[  972.357921][T14379]  __x64_sys_setsockopt+0x18b/0x220
[  972.357955][T14379]  do_syscall_64+0xfa/0x3b0
[  972.357974][T14379]  ? lockdep_hardirqs_on+0x9c/0x150
[  972.357992][T14379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.358010][T14379]  ? clear_bhb_loop+0x60/0xb0
[  972.358034][T14379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.358057][T14379] RIP: 0033:0x7ff7a898e929
[  972.358076][T14379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  972.358091][T14379] RSP: 002b:00007ff7a57cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  972.358112][T14379] RAX: ffffffffffffffda RBX: 00007ff7a8bb64e0 RCX: 00007ff7a898e929
[  972.358126][T14379] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  972.358139][T14379] RBP: 00007ff7a8a10b39 R08: 0000000000000052 R09: 0000000000000000
[  972.358151][T14379] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  972.358163][T14379] R13: 0000000000000000 R14: 00007ff7a8bb64e0 R15: 00007ffccc92e568
[  972.358197][T14379]  </TASK>
[  972.468347][ T5151] Bluetooth: hci2: command tx timeout
[  972.476147][T14379] Mem-Info:
[  972.686289][T14379] active_anon:14436 inactive_anon:0 isolated_anon:0
[  972.686289][T14379]  active_file:11419 inactive_file:40218 isolated_file:0
[  972.686289][T14379]  unevictable:768 dirty:93 writeback:0
[  972.686289][T14379]  slab_reclaimable:11410 slab_unreclaimable:103940
[  972.686289][T14379]  mapped:39945 shmem:7150 pagetables:1590
[  972.686289][T14379]  sec_pagetables:0 bounce:0
[  972.686289][T14379]  kernel_misc_reclaimable:0
[  972.686289][T14379]  free:1295990 free_pcp:20321 free_cma:0
[  972.686357][T14379] Node 0 active_anon:57744kB inactive_anon:0kB active_file:45676kB inactive_file:160672kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:159780kB dirty:372kB writeback:0kB shmem:27064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13116kB pagetables:6236kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  972.686409][T14379] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  972.686458][T14379] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  972.686514][T14379] lowmem_reserve[]: 0 2498 2500 2500 2500
[  972.836901][T14379] Node 0 DMA32 free:1281176kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:57596kB inactive_anon:0kB active_file:45676kB inactive_file:159084kB unevictable:1536kB writepending:368kB present:3129332kB managed:2558572kB mlocked:0kB bounce:0kB free_pcp:62044kB local_pcp:29168kB free_cma:0kB
[  972.869769][T14379] lowmem_reserve[]: 0 0 1 1 1
[  972.881237][T14379] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  972.913677][T14379] lowmem_reserve[]: 0 0 0 0 0
[  972.920142][T14379] Node 1 Normal free:3887424kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18760kB local_pcp:8264kB free_cma:0kB
[  972.951876][T14379] lowmem_reserve[]: 0 0 0 0 0
[  972.956660][T14379] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  972.973299][T14379] Node 0 DMA32: 36*4kB (ME) 1*8kB (E) 13*16kB (UME) 12*32kB (ME) 54*64kB (ME) 60*128kB (ME) 49*256kB (M) 24*512kB (UM) 11*1024kB (UME) 6*2048kB (M) 298*4096kB (UM) = 1280872kB
[  972.997218][T14379] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  973.008862][T14379] Node 1 Normal: 160*4kB (UE) 38*8kB (UME) 33*16kB (UME) 66*32kB (UME) 31*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3887424kB
[  973.028199][T14379] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  973.037779][T14379] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  973.048496][T14379] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  973.058175][T14379] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  973.067540][T14379] 58766 total pagecache pages
[  973.072377][T14379] 0 pages in swap cache
[  973.076606][T14379] Free swap  = 124996kB
[  973.080847][T14379] Total swap = 124996kB
[  973.085082][T14379] 2097051 pages RAM
[  973.088974][T14379] 0 pages HighMem/MovableOnly
[  973.093719][T14379] 425366 pages reserved
[  973.097936][T14379] 0 pages cma reserved
[  973.258255][ T5151] Bluetooth: hci3: command tx timeout
[  973.401489][T14360] lo speed is unknown, defaulting to 1000
[  973.488858][T14387] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2370'.
[  973.599597][T14348] chnl_net:caif_netlink_parms(): no params data found
[  973.768717][T14151] batman_adv: batadv0: Adding interface: batadv_slave_0
[  973.775718][T14151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  973.804405][T14151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  973.875779][T14151] batman_adv: batadv0: Adding interface: batadv_slave_1
[  973.904433][T14151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  973.946451][T14151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  974.338384][T14151] hsr_slave_0: entered promiscuous mode
[  974.349939][T14151] hsr_slave_1: entered promiscuous mode
[  974.360931][T14151] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  974.538575][ T5151] Bluetooth: hci2: command tx timeout
[  975.036815][T14151] Cannot create hsr debugfs directory
[  975.338214][ T5151] Bluetooth: hci3: command tx timeout
[  975.697454][T14426] loop8: detected capacity change from 0 to 512
[  975.780877][T14426] EXT4-fs error (device loop8): ext4_orphan_get:1393: inode #15: comm syz.8.2380: casefold flag without casefold feature
[  975.879764][T14426] EXT4-fs error (device loop8): ext4_orphan_get:1398: comm syz.8.2380: couldn't read orphan inode 15 (err -117)
[  975.936858][T14426] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  975.952602][T14348] bridge0: port 1(bridge_slave_0) entered blocking state
[  975.970812][T14348] bridge0: port 1(bridge_slave_0) entered disabled state
[  975.995712][T14348] bridge_slave_0: entered allmulticast mode
[  976.018508][T14348] bridge_slave_0: entered promiscuous mode
[  976.086488][T14348] bridge0: port 2(bridge_slave_1) entered blocking state
[  976.107540][T14348] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.127892][T14348] bridge_slave_1: entered allmulticast mode
[  976.136365][T14348] bridge_slave_1: entered promiscuous mode
[  976.284257][T12303] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  976.625549][ T5151] Bluetooth: hci2: command tx timeout
[  976.664129][T14441] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2379'.
[  976.677748][T14348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  976.711696][T14348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  977.987321][ T5151] Bluetooth: hci3: command tx timeout
[  978.026953][  T257] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  979.122692][T14348] team0: Port device team_slave_0 added
[  980.016843][T14348] team0: Port device team_slave_1 added
[  980.058594][ T5151] Bluetooth: hci3: command tx timeout
[  980.171415][T14360] chnl_net:caif_netlink_parms(): no params data found
[  980.413367][ T7571] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  980.757910][T14348] batman_adv: batadv0: Adding interface: batadv_slave_0
[  980.775448][T14348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  980.838273][T14348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  981.045492][ T7571] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.206349][T14348] batman_adv: batadv0: Adding interface: batadv_slave_1
[  981.217701][T14348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  981.252210][T14348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  981.449715][T14493] input: syz0 as /devices/virtual/input/input23
[  981.471675][T14491] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2390'.
[  981.734722][ T7571] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.446538][T14360] bridge0: port 1(bridge_slave_0) entered blocking state
[  982.490448][T14360] bridge0: port 1(bridge_slave_0) entered disabled state
[  982.552014][T14360] bridge_slave_0: entered allmulticast mode
[  982.646258][T14360] bridge_slave_0: entered promiscuous mode
[  982.677254][T14360] bridge0: port 2(bridge_slave_1) entered blocking state
[  982.708668][T14360] bridge0: port 2(bridge_slave_1) entered disabled state
[  982.716045][T14360] bridge_slave_1: entered allmulticast mode
[  982.754951][T14360] bridge_slave_1: entered promiscuous mode
[  982.802870][ T7571] bridge0: port 3(netdevsim0) entered disabled state
[  982.897030][ T7571] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode
[  982.926296][ T7571] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[  982.961901][ T7571] bridge0: port 3(netdevsim0) entered disabled state
[  983.007172][ T7571] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.575959][T14348] hsr_slave_0: entered promiscuous mode
[  983.603810][T14348] hsr_slave_1: entered promiscuous mode
[  983.610509][T14348] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  983.619389][T14348] Cannot create hsr debugfs directory
[  983.721901][T14360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  983.852409][T14360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  984.145968][T14360] team0: Port device team_slave_0 added
[  984.379702][T14360] team0: Port device team_slave_1 added
[  985.229404][T14526] warn_alloc: 1 callbacks suppressed
[  985.229423][T14526] syz.1.2394: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  985.334658][T14526] CPU: 0 UID: 0 PID: 14526 Comm: syz.1.2394 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[  985.334689][T14526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  985.334701][T14526] Call Trace:
[  985.334710][T14526]  <TASK>
[  985.334719][T14526]  dump_stack_lvl+0x189/0x250
[  985.334758][T14526]  ? __pfx_dump_stack_lvl+0x10/0x10
[  985.334788][T14526]  ? __pfx__printk+0x10/0x10
[  985.334811][T14526]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  985.334844][T14526]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  985.334878][T14526]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  985.334913][T14526]  warn_alloc+0x214/0x310
[  985.334934][T14526]  ? stack_depot_save_flags+0x40/0x900
[  985.334968][T14526]  ? __pfx_warn_alloc+0x10/0x10
[  985.334992][T14526]  ? kasan_save_track+0x4f/0x80
[  985.335019][T14526]  ? xskq_create+0x56/0x170
[  985.335036][T14526]  ? xsk_init_queue+0xb0/0x110
[  985.335061][T14526]  ? xsk_setsockopt+0x43f/0x710
[  985.335085][T14526]  ? do_sock_setsockopt+0x257/0x3e0
[  985.335108][T14526]  ? __x64_sys_setsockopt+0x18b/0x220
[  985.335133][T14526]  ? do_syscall_64+0xfa/0x3b0
[  985.335150][T14526]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  985.335179][T14526]  __vmalloc_node_range_noprof+0x125/0x12f0
[  985.335232][T14526]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  985.335259][T14526]  ? __kasan_kmalloc+0x93/0xb0
[  985.335292][T14526]  vmalloc_user_noprof+0xad/0xf0
[  985.335311][T14526]  ? xskq_create+0xbf/0x170
[  985.335330][T14526]  xskq_create+0xbf/0x170
[  985.335352][T14526]  xsk_init_queue+0xb0/0x110
[  985.335384][T14526]  xsk_setsockopt+0x43f/0x710
[  985.335415][T14526]  ? __pfx_xsk_setsockopt+0x10/0x10
[  985.335441][T14526]  ? __lock_acquire+0xab9/0xd20
[  985.335470][T14526]  ? aa_sock_opt_perm+0xff/0x1b0
[  985.335503][T14526]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  985.335525][T14526]  ? __pfx_xsk_setsockopt+0x10/0x10
[  985.335555][T14526]  do_sock_setsockopt+0x257/0x3e0
[  985.335586][T14526]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  985.335619][T14526]  ? __fget_files+0x2a/0x420
[  985.335649][T14526]  __x64_sys_setsockopt+0x18b/0x220
[  985.335684][T14526]  do_syscall_64+0xfa/0x3b0
[  985.335702][T14526]  ? lockdep_hardirqs_on+0x9c/0x150
[  985.335721][T14526]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  985.335740][T14526]  ? clear_bhb_loop+0x60/0xb0
[  985.335763][T14526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  985.335781][T14526] RIP: 0033:0x7ff7a898e929
[  985.335800][T14526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  985.335815][T14526] RSP: 002b:00007ff7a57cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  985.335837][T14526] RAX: ffffffffffffffda RBX: 00007ff7a8bb64e0 RCX: 00007ff7a898e929
[  985.335852][T14526] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  985.335864][T14526] RBP: 00007ff7a8a10b39 R08: 0000000000000052 R09: 0000000000000000
[  985.335876][T14526] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  985.335888][T14526] R13: 0000000000000000 R14: 00007ff7a8bb64e0 R15: 00007ffccc92e568
[  985.335920][T14526]  </TASK>
[  985.335928][T14526] Mem-Info:
[  985.688144][T14526] active_anon:11600 inactive_anon:0 isolated_anon:0
[  985.688144][T14526]  active_file:11419 inactive_file:40223 isolated_file:0
[  985.688144][T14526]  unevictable:768 dirty:124 writeback:0
[  985.688144][T14526]  slab_reclaimable:11537 slab_unreclaimable:106669
[  985.688144][T14526]  mapped:37087 shmem:4317 pagetables:1526
[  985.688144][T14526]  sec_pagetables:0 bounce:0
[  985.688144][T14526]  kernel_misc_reclaimable:0
[  985.688144][T14526]  free:1301460 free_pcp:14734 free_cma:0
[  985.788868][T14526] Node 0 active_anon:46400kB inactive_anon:0kB active_file:45676kB inactive_file:160692kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:148348kB dirty:496kB writeback:0kB shmem:15732kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13316kB pagetables:5880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  985.836292][T14526] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  985.882207][T14526] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  986.002006][ T3538] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  986.012458][T14526] lowmem_reserve[]: 0 2498 2500 2500 2500
[  986.018853][  T257] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  986.030937][T14526] Node 0 DMA32 free:1294956kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52452kB inactive_anon:0kB active_file:45676kB inactive_file:159104kB unevictable:1536kB writepending:492kB present:3129332kB managed:2558572kB mlocked:0kB bounce:0kB free_pcp:42116kB local_pcp:37804kB free_cma:0kB
[  986.125059][T14526] lowmem_reserve[]: 0 0 1 1 1
[  986.130232][T14526] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  986.161372][T14526] lowmem_reserve[]: 0 0 0 0 0
[  986.166140][T14526] Node 1 Normal free:3887424kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18760kB local_pcp:8264kB free_cma:0kB
[  986.198266][T14526] lowmem_reserve[]: 0 0 0 0 0
[  986.203031][T14526] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  986.217813][T14526] Node 0 DMA32: 51*4kB (UM) 71*8kB (UM) 6*16kB (UM) 2*32kB (U) 212*64kB (UME) 62*128kB (ME) 49*256kB (M) 17*512kB (UM) 11*1024kB (UME) 6*2048kB (M) 298*4096kB (UM) = 1287844kB
[  986.241459][T14526] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  986.381284][T14526] Node 1 Normal: 160*4kB (UE) 38*8kB (UME) 33*16kB (UME) 66*32kB (UME) 31*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3887424kB
[  986.619982][T14526] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  986.747473][T14526] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  986.777373][T14526] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  986.807175][T14526] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  986.817627][T14526] 58788 total pagecache pages
[  986.837519][T14526] 0 pages in swap cache
[  986.846242][T14526] Free swap  = 124996kB
[  986.857410][T14526] Total swap = 124996kB
[  986.862760][T14526] 2097051 pages RAM
[  986.866662][T14526] 0 pages HighMem/MovableOnly
[  986.871884][T14526] 425366 pages reserved
[  986.876151][T14526] 0 pages cma reserved
[  986.909074][T14360] batman_adv: batadv0: Adding interface: batadv_slave_0
[  986.916052][T14360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  986.975274][T14360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  987.023780][T14534] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2398'.
[  987.187549][T14360] batman_adv: batadv0: Adding interface: batadv_slave_1
[  987.197402][T14360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  987.226279][T14360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  987.286777][ T7571] bridge_slave_1: left allmulticast mode
[  987.506015][ T7571] bridge_slave_1: left promiscuous mode
[  987.518149][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.533953][ T7571] bridge_slave_0: left allmulticast mode
[  987.545863][ T7571] bridge_slave_0: left promiscuous mode
[  987.555828][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.818750][ T7571] bridge_slave_1: left allmulticast mode
[  987.887639][ T7571] bridge_slave_1: left promiscuous mode
[  987.943708][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state
[  988.083163][ T7571] bridge_slave_0: left allmulticast mode
[  988.109257][ T7571] bridge_slave_0: left promiscuous mode
[  988.135522][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state
[  988.877732][T14545] input: syz0 as /devices/virtual/input/input24
[  989.423192][T14404] usb 9-1: new full-speed USB device number 15 using dummy_hcd
[  989.581080][T14404] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  989.601107][T14404] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  989.616617][T14404] usb 9-1: New USB device found, idVendor=0b05, idProduct=1837, bcdDevice= 0.00
[  989.634577][T14404] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.671202][T14404] usb 9-1: config 0 descriptor??
[  989.678939][T14548] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  989.782914][ T7571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  989.817902][ T7571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  989.847778][ T7571] bond0 (unregistering): Released all slaves
[  990.539858][T14404] usbhid 9-1:0.0: can't add hid device: -71
[  990.758684][T14404] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  990.790112][T14404] usb 9-1: USB disconnect, device number 15
[  991.222232][ T7571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  991.303258][ T7571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  991.315953][ T7571] bond0 (unregistering): Released all slaves
[  991.617459][T14151] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  992.055105][T14563] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2406'.
[  992.109595][T14151] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  992.289735][T14360] hsr_slave_0: entered promiscuous mode
[  992.296577][T14360] hsr_slave_1: entered promiscuous mode
[  992.311044][T14360] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  992.335088][T14360] Cannot create hsr debugfs directory
[  992.356852][T14151] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  992.440146][ T7571] tipc: Left network mode
[  992.757201][T14151] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  993.186262][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  993.193744][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  994.979754][ T7571] hsr_slave_0: left promiscuous mode
[  994.995315][ T7571] hsr_slave_1: left promiscuous mode
[  995.009153][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_0
[  995.037424][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_1
[  995.057661][ T7571] hsr_slave_0: left promiscuous mode
[  995.073129][ T7571] hsr_slave_1: left promiscuous mode
[  995.080744][ T7571] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  995.089025][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_0
[  995.097240][ T7571] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  995.106913][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_1
[  995.172847][ T7571] veth1_macvtap: left promiscuous mode
[  995.188493][ T7571] veth0_macvtap: left promiscuous mode
[  995.224731][T14605] input: syz0 as /devices/virtual/input/input25
[  999.161570][ T7571] team0 (unregistering): Port device team_slave_1 removed
[  999.230509][ T7571] team0 (unregistering): Port device team_slave_0 removed
[ 1000.434852][T14630] warn_alloc: 1 callbacks suppressed
[ 1000.434894][T14630] syz.8.2418: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1000.455975][T10159] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1000.483464][T10159] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1000.493395][T10159] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1000.517730][T10159] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1000.520271][T14630] CPU: 0 UID: 0 PID: 14630 Comm: syz.8.2418 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[ 1000.520294][T14630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1000.520304][T14630] Call Trace:
[ 1000.520312][T14630]  <TASK>
[ 1000.520320][T14630]  dump_stack_lvl+0x189/0x250
[ 1000.520353][T14630]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1000.520378][T14630]  ? __pfx__printk+0x10/0x10
[ 1000.520398][T14630]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1000.520425][T14630]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1000.520453][T14630]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1000.520482][T14630]  warn_alloc+0x214/0x310
[ 1000.520499][T14630]  ? stack_depot_save_flags+0x40/0x900
[ 1000.520521][T14630]  ? __pfx_warn_alloc+0x10/0x10
[ 1000.520541][T14630]  ? kasan_save_track+0x4f/0x80
[ 1000.520563][T14630]  ? xskq_create+0x56/0x170
[ 1000.520578][T14630]  ? xsk_init_queue+0xb0/0x110
[ 1000.520599][T14630]  ? xsk_setsockopt+0x43f/0x710
[ 1000.520622][T14630]  ? do_sock_setsockopt+0x257/0x3e0
[ 1000.520642][T14630]  ? __x64_sys_setsockopt+0x18b/0x220
[ 1000.520661][T14630]  ? do_syscall_64+0xfa/0x3b0
[ 1000.520677][T14630]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1000.520702][T14630]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1000.520751][T14630]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1000.520776][T14630]  ? __kasan_kmalloc+0x93/0xb0
[ 1000.520802][T14630]  vmalloc_user_noprof+0xad/0xf0
[ 1000.520819][T14630]  ? xskq_create+0xbf/0x170
[ 1000.520835][T14630]  xskq_create+0xbf/0x170
[ 1000.520855][T14630]  xsk_init_queue+0xb0/0x110
[ 1000.520882][T14630]  xsk_setsockopt+0x43f/0x710
[ 1000.520908][T14630]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1000.520930][T14630]  ? __lock_acquire+0xab9/0xd20
[ 1000.520969][T14630]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1000.520998][T14630]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1000.521018][T14630]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1000.521045][T14630]  do_sock_setsockopt+0x257/0x3e0
[ 1000.521096][T14630]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1000.521124][T14630]  ? __fget_files+0x2a/0x420
[ 1000.521151][T14630]  __x64_sys_setsockopt+0x18b/0x220
[ 1000.521181][T14630]  do_syscall_64+0xfa/0x3b0
[ 1000.521196][T14630]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1000.521220][T14630]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1000.521236][T14630]  ? clear_bhb_loop+0x60/0xb0
[ 1000.521257][T14630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1000.521273][T14630] RIP: 0033:0x7f2d2fb8e929
[ 1000.521290][T14630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1000.521304][T14630] RSP: 002b:00007f2d309cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1000.521323][T14630] RAX: ffffffffffffffda RBX: 00007f2d2fdb6240 RCX: 00007f2d2fb8e929
[ 1000.521336][T14630] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[ 1000.521347][T14630] RBP: 00007f2d2fc10b39 R08: 0000000000000052 R09: 0000000000000000
[ 1000.521358][T14630] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1000.521369][T14630] R13: 0000000000000000 R14: 00007f2d2fdb6240 R15: 00007fff09856438
[ 1000.521399][T14630]  </TASK>
[ 1000.521405][T14630] Mem-Info:
[ 1000.608171][T10159] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1000.895799][T14630] active_anon:14772 inactive_anon:0 isolated_anon:0
[ 1000.895799][T14630]  active_file:11419 inactive_file:40229 isolated_file:0
[ 1000.895799][T14630]  unevictable:768 dirty:136 writeback:0
[ 1000.895799][T14630]  slab_reclaimable:11623 slab_unreclaimable:105440
[ 1000.895799][T14630]  mapped:45076 shmem:7167 pagetables:1557
[ 1000.895799][T14630]  sec_pagetables:0 bounce:0
[ 1000.895799][T14630]  kernel_misc_reclaimable:0
[ 1000.895799][T14630]  free:1287144 free_pcp:15416 free_cma:0
[ 1000.941444][T14630] Node 0 active_anon:59088kB inactive_anon:0kB active_file:45676kB inactive_file:160716kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:180304kB dirty:544kB writeback:0kB shmem:27132kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13384kB pagetables:6104kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1000.976406][T14630] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1001.010646][T14630] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1001.042910][T14630] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1001.070618][T14630] Node 0 DMA32 free:1245244kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59036kB inactive_anon:0kB active_file:45676kB inactive_file:159132kB unevictable:1536kB writepending:532kB present:3129332kB managed:2558572kB mlocked:0kB bounce:0kB free_pcp:43528kB local_pcp:9876kB free_cma:0kB
[ 1001.115682][T14630] lowmem_reserve[]: 0 0 1 1 1
[ 1001.122293][T14630] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1001.156085][T14630] lowmem_reserve[]: 0 0 0 0 0
[ 1001.161285][T14630] Node 1 Normal free:3887424kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18760kB local_pcp:10496kB free_cma:0kB
[ 1001.194279][T14630] lowmem_reserve[]: 0 0 0 0 0
[ 1001.199133][T14630] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1001.212683][T14630] Node 0 DMA32: 3*4kB (UME) 22*8kB (E) 4*16kB (UME) 134*32kB (UME) 236*64kB (UME) 65*128kB (UME) 51*256kB (UME) 12*512kB (UME) 4*1024kB (M) 7*2048kB (UM) 288*4096kB (M) = 1245244kB
[ 1001.231203][T14630] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1001.242833][T14630] Node 1 Normal: 160*4kB (UE) 38*8kB (UME) 33*16kB (UME) 66*32kB (UME) 31*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3887424kB
[ 1001.264731][T14630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1001.276489][T14630] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1001.287961][T14630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1001.297695][T14630] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1001.307540][T14630] 58794 total pagecache pages
[ 1001.313463][T14630] 0 pages in swap cache
[ 1001.317646][T14630] Free swap  = 124996kB
[ 1001.323271][T14630] Total swap = 124996kB
[ 1001.327463][T14630] 2097051 pages RAM
[ 1001.331366][T14630] 0 pages HighMem/MovableOnly
[ 1001.336274][T14630] 425366 pages reserved
[ 1001.346258][T14630] 0 pages cma reserved
[ 1001.565763][ T7571] team0 (unregistering): Port device team_slave_1 removed
[ 1001.622750][ T7571] team0 (unregistering): Port device team_slave_0 removed
[ 1002.268955][T14624] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2415'.
[ 1002.633983][T14632] lo speed is unknown, defaulting to 1000
[ 1002.938301][T10159] Bluetooth: hci4: command tx timeout
[ 1003.140619][T14348] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1003.621415][T14348] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1003.675343][T14348] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1003.884288][T14665] input: syz0 as /devices/virtual/input/input26
[ 1004.885108][T14348] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1005.023611][T10159] Bluetooth: hci4: command tx timeout
[ 1005.621311][T14632] chnl_net:caif_netlink_parms(): no params data found
[ 1005.847992][T14686] program syz.1.2425 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1005.951594][ T7571] IPVS: stop unused estimator thread 0...
[ 1006.036041][T14360] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1006.054437][T14360] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1006.072654][T14360] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1006.099979][T14360] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1006.111968][T14686] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1006.119718][T14686] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1006.127778][T14686] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1006.135543][T14686] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1006.321238][T14694] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2426'.
[ 1006.352610][T14632] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1006.360603][T14632] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1006.367933][T14632] bridge_slave_0: entered allmulticast mode
[ 1006.377634][T14632] bridge_slave_0: entered promiscuous mode
[ 1006.417702][T14632] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1006.426609][T14632] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1006.435475][T14632] bridge_slave_1: entered allmulticast mode
[ 1006.457644][T14632] bridge_slave_1: entered promiscuous mode
[ 1006.480560][T14348] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1007.099359][T10159] Bluetooth: hci4: command tx timeout
[ 1007.465076][T14632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1007.547417][T14632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1007.565294][T14348] 8021q: adding VLAN 0 to HW filter on device team0
[ 1007.775503][T14632] team0: Port device team_slave_0 added
[ 1007.787324][T14632] team0: Port device team_slave_1 added
[ 1007.883086][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1007.890355][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1008.051853][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1008.059107][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1008.495065][T14632] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1008.523126][T14632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1008.617062][T14632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1008.803519][T14632] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1008.826576][T14632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1008.998445][T14632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1009.178396][T10159] Bluetooth: hci4: command tx timeout
[ 1009.788013][ T2137] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1010.460702][T14632] hsr_slave_0: entered promiscuous mode
[ 1010.485501][T14632] hsr_slave_1: entered promiscuous mode
[ 1010.855818][T14360] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1010.898736][ T7571] bridge_slave_1: left allmulticast mode
[ 1010.904417][ T7571] bridge_slave_1: left promiscuous mode
[ 1010.932024][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1010.954813][ T7571] bridge_slave_0: left allmulticast mode
[ 1010.971971][ T7571] bridge_slave_0: left promiscuous mode
[ 1010.994466][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1011.149870][T14733] input: syz0 as /devices/virtual/input/input27
[ 1011.662993][ T7571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1011.692706][T14735] loop1: detected capacity change from 0 to 2048
[ 1011.704147][ T7571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1011.717621][ T7571] bond0 (unregistering): Released all slaves
[ 1011.755895][ T7576]  loop1: p1 < > p4
[ 1011.770523][ T7576] loop1: p4 size 8388608 extends beyond EOD, truncated
[ 1011.815586][T14735]  loop1: p1 < > p4
[ 1011.854046][T14735] loop1: p4 size 8388608 extends beyond EOD, truncated
[ 1012.395670][ T7571] hsr_slave_0: left promiscuous mode
[ 1012.430203][ T7571] hsr_slave_1: left promiscuous mode
[ 1012.436819][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1012.467838][ T7576] udevd[7576]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[ 1012.480499][ T7571] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1012.496437][ T7780] udevd[7780]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[ 1012.604873][ T7780] udevd[7780]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[ 1012.620694][ T7576] udevd[7576]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[ 1013.365961][T14754] warn_alloc: 1 callbacks suppressed
[ 1013.365979][T14754] syz.1.2438: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1013.386342][T14754] CPU: 0 UID: 0 PID: 14754 Comm: syz.1.2438 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[ 1013.386371][T14754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1013.386383][T14754] Call Trace:
[ 1013.386392][T14754]  <TASK>
[ 1013.386401][T14754]  dump_stack_lvl+0x189/0x250
[ 1013.386438][T14754]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1013.386467][T14754]  ? __pfx__printk+0x10/0x10
[ 1013.386489][T14754]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1013.386521][T14754]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1013.386554][T14754]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1013.386588][T14754]  warn_alloc+0x214/0x310
[ 1013.386608][T14754]  ? stack_depot_save_flags+0x40/0x900
[ 1013.386634][T14754]  ? __pfx_warn_alloc+0x10/0x10
[ 1013.386656][T14754]  ? kasan_save_track+0x4f/0x80
[ 1013.386682][T14754]  ? xskq_create+0x56/0x170
[ 1013.386697][T14754]  ? xsk_init_queue+0xb0/0x110
[ 1013.386723][T14754]  ? xsk_setsockopt+0x43f/0x710
[ 1013.386748][T14754]  ? do_sock_setsockopt+0x257/0x3e0
[ 1013.386771][T14754]  ? __x64_sys_setsockopt+0x18b/0x220
[ 1013.386794][T14754]  ? do_syscall_64+0xfa/0x3b0
[ 1013.386812][T14754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.386840][T14754]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1013.386895][T14754]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1013.386922][T14754]  ? __kasan_kmalloc+0x93/0xb0
[ 1013.386963][T14754]  vmalloc_user_noprof+0xad/0xf0
[ 1013.386982][T14754]  ? xskq_create+0xbf/0x170
[ 1013.387001][T14754]  xskq_create+0xbf/0x170
[ 1013.387023][T14754]  xsk_init_queue+0xb0/0x110
[ 1013.387055][T14754]  xsk_setsockopt+0x43f/0x710
[ 1013.387086][T14754]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1013.387112][T14754]  ? __lock_acquire+0xab9/0xd20
[ 1013.387142][T14754]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1013.387174][T14754]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1013.387197][T14754]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1013.387226][T14754]  do_sock_setsockopt+0x257/0x3e0
[ 1013.387256][T14754]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1013.387288][T14754]  ? __fget_files+0x2a/0x420
[ 1013.387318][T14754]  __x64_sys_setsockopt+0x18b/0x220
[ 1013.387352][T14754]  do_syscall_64+0xfa/0x3b0
[ 1013.387370][T14754]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1013.387389][T14754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.387407][T14754]  ? clear_bhb_loop+0x60/0xb0
[ 1013.387431][T14754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.387450][T14754] RIP: 0033:0x7ff7a898e929
[ 1013.387468][T14754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1013.387484][T14754] RSP: 002b:00007ff7a57cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1013.387504][T14754] RAX: ffffffffffffffda RBX: 00007ff7a8bb64e0 RCX: 00007ff7a898e929
[ 1013.387518][T14754] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[ 1013.387530][T14754] RBP: 00007ff7a8a10b39 R08: 0000000000000052 R09: 0000000000000000
[ 1013.387542][T14754] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1013.387554][T14754] R13: 0000000000000000 R14: 00007ff7a8bb64e0 R15: 00007ffccc92e568
[ 1013.387587][T14754]  </TASK>
[ 1013.387595][T14754] Mem-Info:
[ 1013.703672][T14754] active_anon:14580 inactive_anon:0 isolated_anon:0
[ 1013.703672][T14754]  active_file:11419 inactive_file:40234 isolated_file:0
[ 1013.703672][T14754]  unevictable:768 dirty:122 writeback:0
[ 1013.703672][T14754]  slab_reclaimable:11629 slab_unreclaimable:104958
[ 1013.703672][T14754]  mapped:39994 shmem:7159 pagetables:1552
[ 1013.703672][T14754]  sec_pagetables:0 bounce:0
[ 1013.703672][T14754]  kernel_misc_reclaimable:0
[ 1013.703672][T14754]  free:1295811 free_pcp:17595 free_cma:0
[ 1013.749928][T14754] Node 0 active_anon:58320kB inactive_anon:0kB active_file:45676kB inactive_file:160736kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:159976kB dirty:488kB writeback:0kB shmem:27100kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13380kB pagetables:6084kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1013.785229][T14754] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1013.816734][T14754] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1013.831074][ T7571] team0 (unregistering): Port device team_slave_1 removed
[ 1013.846221][T14754] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1013.859551][T14754] Node 0 DMA32 free:1280460kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:58272kB inactive_anon:0kB active_file:45676kB inactive_file:159148kB unevictable:1536kB writepending:484kB present:3129332kB managed:2558572kB mlocked:0kB bounce:0kB free_pcp:50984kB local_pcp:14456kB free_cma:0kB
[ 1013.893709][T14754] lowmem_reserve[]: 0 0 1 1 1
[ 1013.898779][T14754] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1013.927732][T14754] lowmem_reserve[]: 0 0 0 0 0
[ 1013.932570][T14754] Node 1 Normal free:3887424kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18792kB local_pcp:8296kB free_cma:0kB
[ 1013.964088][T14754] lowmem_reserve[]: 0 0 0 0 0
[ 1013.968944][T14754] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1013.983653][T14754] Node 0 DMA32: 757*4kB (UE) 501*8kB (UE) 521*16kB (UME) 490*32kB (UME) 242*64kB (UME) 74*128kB (UME) 51*256kB (UM) 12*512kB (UME) 5*1024kB (UM) 8*2048kB (UM) 289*4096kB (UM) = 1280460kB
[ 1014.002402][T14754] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1014.014046][T14754] Node 1 Normal: 160*4kB (UE) 38*8kB (UME) 33*16kB (UME) 66*32kB (UME) 31*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3887424kB
[ 1014.032503][T14754] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1014.042648][T14754] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1014.043364][ T7571] team0 (unregistering): Port device team_slave_0 removed
[ 1014.052121][T14754] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1014.052143][T14754] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1014.052160][T14754] 58790 total pagecache pages
[ 1014.052169][T14754] 0 pages in swap cache
[ 1014.052178][T14754] Free swap  = 124996kB
[ 1014.052187][T14754] Total swap = 124996kB
[ 1014.052197][T14754] 2097051 pages RAM
[ 1014.052206][T14754] 0 pages HighMem/MovableOnly
[ 1014.052215][T14754] 425366 pages reserved
[ 1014.052223][T14754] 0 pages cma reserved
[ 1014.330439][T14360] 8021q: adding VLAN 0 to HW filter on device team0
[ 1014.337617][T14745] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2436'.
[ 1014.406001][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1014.413234][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1014.577950][T14348] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1014.850395][  T257] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.857645][  T257] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1016.044083][T14774] input: syz0 as /devices/virtual/input/input28
[ 1016.068227][  T978] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[ 1016.275442][  T978] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1016.362526][  T978] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1016.419046][  T978] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1016.463321][T14348] veth0_vlan: entered promiscuous mode
[ 1016.481721][  T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1016.516092][  T978] usb 2-1: Product: syz
[ 1016.536293][  T978] usb 2-1: Manufacturer: syz
[ 1016.554278][T14348] veth1_vlan: entered promiscuous mode
[ 1016.566435][  T978] usb 2-1: SerialNumber: syz
[ 1016.567015][T14778] 9pnet_fd: Insufficient options for proto=fd
[ 1016.731099][T14348] veth0_macvtap: entered promiscuous mode
[ 1016.799931][  T978] usb 2-1: 0:2 : does not exist
[ 1016.830886][  T978] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1016.852042][T14348] veth1_macvtap: entered promiscuous mode
[ 1016.945942][  T978] usb 2-1: USB disconnect, device number 18
[ 1017.016750][T14348] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1017.136304][ T7576] udevd[7576]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1017.155001][ T3443] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1017.183197][T14348] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1017.290154][ T3443] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.299851][ T3443] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.311370][T14632] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1017.327625][T14632] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1017.551103][ T3443] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.760849][T14360] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1017.887890][T14632] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1018.051116][T14632] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1018.112467][ T3443] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1018.629684][ T3538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1018.637660][ T3538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1018.655467][T14360] veth0_vlan: entered promiscuous mode
[ 1018.700009][T14360] veth1_vlan: entered promiscuous mode
[ 1018.806481][T14360] veth0_macvtap: entered promiscuous mode
[ 1019.133950][T14806] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2447'.
[ 1019.342074][T14360] veth1_macvtap: entered promiscuous mode
[ 1019.665551][T14360] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1019.667150][  T257] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1020.358795][T14360] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1020.474702][ T7571] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.501953][  T257] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1020.579933][ T7571] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.599643][ T7571] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.610518][T14817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2449'.
[ 1020.624653][T14632] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1020.643559][T14817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2449'.
[ 1020.675334][ T7571] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.721213][T14817] erspan0: entered promiscuous mode
[ 1020.753590][T14817] gretap0: entered promiscuous mode
[ 1020.935265][T14632] 8021q: adding VLAN 0 to HW filter on device team0
[ 1020.983793][T14821] 9pnet_fd: Insufficient options for proto=fd
[ 1021.048956][ T7571] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.056160][ T7571] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1021.282673][ T6007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1021.315963][    T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1021.351664][ T6007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1021.396567][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.403866][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1022.398125][    T9] usb 10-1: Using ep0 maxpacket: 16
[ 1022.409164][    T9] usb 10-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[ 1022.419027][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1022.427130][    T9] usb 10-1: Product: syz
[ 1022.432065][    T9] usb 10-1: Manufacturer: syz
[ 1022.436779][    T9] usb 10-1: SerialNumber: syz
[ 1022.763176][ T2137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1022.822045][ T2137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1023.249517][    T9] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[ 1024.223395][    T9] snd-usb-audio 10-1:222.0: probe with driver snd-usb-audio failed with error -71
[ 1024.241434][    T9] usb 10-1: USB disconnect, device number 2
[ 1024.300372][T14850] loop2: detected capacity change from 0 to 512
[ 1024.520258][ T7576] udevd[7576]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1024.569845][T14852] netlink: 96 bytes leftover after parsing attributes in process `syz.8.2459'.
[ 1024.643886][T14850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1024.744547][T14850] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1024.806090][T14850] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.2457: corrupted inode contents
[ 1024.879792][T14863] 9pnet_fd: Insufficient options for proto=fd
[ 1024.896495][T14850] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.2457: mark_inode_dirty error
[ 1024.936550][T14850] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.2457: corrupted inode contents
[ 1024.961067][T14850] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.2457: mark_inode_dirty error
[ 1025.022020][T14632] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1025.040453][    T9] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[ 1025.182358][T14632] veth0_vlan: entered promiscuous mode
[ 1025.200829][T14360] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1025.207748][T14632] veth1_vlan: entered promiscuous mode
[ 1025.230363][T14868] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2462'.
[ 1025.251615][    T9] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1025.275009][    T9] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1025.351551][    T9] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1025.364191][T14632] veth0_macvtap: entered promiscuous mode
[ 1025.389061][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1025.397207][    T9] usb 10-1: Product: syz
[ 1025.438702][T14632] veth1_macvtap: entered promiscuous mode
[ 1025.462199][    T9] usb 10-1: Manufacturer: syz
[ 1025.507637][    T9] usb 10-1: SerialNumber: syz
[ 1025.599487][T14632] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1026.673005][T14632] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1026.697141][    T9] usb 10-1: 0:2 : does not exist
[ 1026.756554][    T9] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1026.904410][    T9] usb 10-1: USB disconnect, device number 3
[ 1027.109936][ T3483] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.169555][ T3483] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.213053][ T7576] udevd[7576]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1027.218561][ T3483] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.273727][ T3483] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.513202][T14894] pim6reg: entered allmulticast mode
[ 1027.548159][T14564] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[ 1027.669572][T14895] pim6reg: left allmulticast mode
[ 1028.458771][T14564] usb 9-1: Using ep0 maxpacket: 16
[ 1028.508159][T14564] usb 9-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[ 1028.558126][T14564] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1028.685636][T14901] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2470'.
[ 1028.813969][T14564] usb 9-1: Product: syz
[ 1028.821541][T14564] usb 9-1: Manufacturer: syz
[ 1028.828345][ T2137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1028.828368][ T2137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1028.892667][T14564] usb 9-1: SerialNumber: syz
[ 1028.998963][ T3483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1029.026165][ T3483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1030.408555][T14564] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 1030.696164][T14564] snd-usb-audio 9-1:222.0: probe with driver snd-usb-audio failed with error -71
[ 1030.723800][T14564] usb 9-1: USB disconnect, device number 16
[ 1030.836889][ T7576] udevd[7576]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1031.190100][T14944] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.503223][T14945] warn_alloc: 2 callbacks suppressed
[ 1031.503242][T14945] syz.1.2479: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1031.576923][T14945] CPU: 1 UID: 0 PID: 14945 Comm: syz.1.2479 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[ 1031.576954][T14945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1031.576965][T14945] Call Trace:
[ 1031.576972][T14945]  <TASK>
[ 1031.576981][T14945]  dump_stack_lvl+0x189/0x250
[ 1031.577021][T14945]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1031.577050][T14945]  ? __pfx__printk+0x10/0x10
[ 1031.577072][T14945]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1031.577104][T14945]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1031.577135][T14945]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1031.577168][T14945]  warn_alloc+0x214/0x310
[ 1031.577189][T14945]  ? stack_depot_save_flags+0x40/0x900
[ 1031.577214][T14945]  ? __pfx_warn_alloc+0x10/0x10
[ 1031.577237][T14945]  ? kasan_save_track+0x4f/0x80
[ 1031.577263][T14945]  ? xskq_create+0x56/0x170
[ 1031.577279][T14945]  ? xsk_init_queue+0xb0/0x110
[ 1031.577304][T14945]  ? xsk_setsockopt+0x43f/0x710
[ 1031.577329][T14945]  ? do_sock_setsockopt+0x257/0x3e0
[ 1031.577354][T14945]  ? __x64_sys_setsockopt+0x18b/0x220
[ 1031.577379][T14945]  ? do_syscall_64+0xfa/0x3b0
[ 1031.577396][T14945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.577438][T14945]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1031.577494][T14945]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1031.577515][T14945]  ? xskq_create+0x56/0x170
[ 1031.577535][T14945]  ? __kasan_kmalloc+0x93/0xb0
[ 1031.577566][T14945]  vmalloc_user_noprof+0xad/0xf0
[ 1031.577585][T14945]  ? xskq_create+0xbf/0x170
[ 1031.577605][T14945]  xskq_create+0xbf/0x170
[ 1031.577627][T14945]  xsk_init_queue+0xb0/0x110
[ 1031.577659][T14945]  xsk_setsockopt+0x43f/0x710
[ 1031.577694][T14945]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1031.577720][T14945]  ? __lock_acquire+0xab9/0xd20
[ 1031.577746][T14945]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1031.577781][T14945]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1031.577804][T14945]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1031.577832][T14945]  do_sock_setsockopt+0x257/0x3e0
[ 1031.577863][T14945]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1031.577894][T14945]  ? __fget_files+0x2a/0x420
[ 1031.577924][T14945]  __x64_sys_setsockopt+0x18b/0x220
[ 1031.577958][T14945]  do_syscall_64+0xfa/0x3b0
[ 1031.577977][T14945]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1031.577993][T14945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.578011][T14945]  ? clear_bhb_loop+0x60/0xb0
[ 1031.578033][T14945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1031.578050][T14945] RIP: 0033:0x7ff7a898e929
[ 1031.578068][T14945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1031.578083][T14945] RSP: 002b:00007ff7a9769038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1031.578107][T14945] RAX: ffffffffffffffda RBX: 00007ff7a8bb6160 RCX: 00007ff7a898e929
[ 1031.578121][T14945] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[ 1031.578133][T14945] RBP: 00007ff7a8a10b39 R08: 0000000000000052 R09: 0000000000000000
[ 1031.578145][T14945] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1031.578157][T14945] R13: 0000000000000000 R14: 00007ff7a8bb6160 R15: 00007ffccc92e568
[ 1031.578191][T14945]  </TASK>
[ 1031.886847][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1032.063866][T14945] Mem-Info:
[ 1032.070438][T14944] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1032.107524][T14972] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[ 1032.107524][T14972]    program syz.8.2491 not setting count and/or reply_len properly
[ 1032.189349][T14945] active_anon:15349 inactive_anon:0 isolated_anon:0
[ 1032.189349][T14945]  active_file:11419 inactive_file:40245 isolated_file:0
[ 1032.189349][T14945]  unevictable:768 dirty:258 writeback:0
[ 1032.189349][T14945]  slab_reclaimable:11677 slab_unreclaimable:107507
[ 1032.189349][T14945]  mapped:36108 shmem:7727 pagetables:1686
[ 1032.189349][T14945]  sec_pagetables:0 bounce:0
[ 1032.189349][T14945]  kernel_misc_reclaimable:0
[ 1032.189349][T14945]  free:1299972 free_pcp:11133 free_cma:0
[ 1032.453535][T14945] Node 0 active_anon:72812kB inactive_anon:0kB active_file:45676kB inactive_file:160780kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:153400kB dirty:1032kB writeback:0kB shmem:40888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13584kB pagetables:6660kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1033.096896][T14945] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1033.359228][T14945] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1033.388129][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1033.544962][T14945] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1033.569124][T14945] Node 0 DMA32 free:1288496kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:51092kB inactive_anon:0kB active_file:45676kB inactive_file:159192kB unevictable:1536kB writepending:1040kB present:3129332kB managed:2558572kB mlocked:0kB bounce:0kB free_pcp:45464kB local_pcp:11384kB free_cma:0kB
[ 1033.625873][T14945] lowmem_reserve[]: 0 0 1 1 1
[ 1033.651873][T14945] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1033.715496][T14945] lowmem_reserve[]: 0 0 0 0 0
[ 1033.732737][T14945] Node 1 Normal free:3887424kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18792kB local_pcp:8296kB free_cma:0kB
[ 1033.773736][T14945] lowmem_reserve[]: 0 0 0 0 0
[ 1033.778715][T14945] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1033.798897][T14945] Node 0 DMA32: 2102*4kB (UME) 903*8kB (UME) 461*16kB (UME) 703*32kB (UE) 208*64kB (UME) 72*128kB (UM) 52*256kB (UM) 12*512kB (UME) 4*1024kB (M) 7*2048kB (UM) 289*4096kB (UM) = 1289664kB
[ 1033.844004][T14945] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1033.886028][T14945] Node 1 Normal: 160*4kB (UE) 38*8kB (UME) 33*16kB (UME) 66*32kB (UME) 31*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3887424kB
[ 1033.972880][T14945] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1034.009678][T14945] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1034.029600][T14945] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1034.071265][T14945] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1034.099107][T14945] 55944 total pagecache pages
[ 1034.103867][T14945] 0 pages in swap cache
[ 1034.142924][T14945] Free swap  = 124996kB
[ 1034.147155][T14945] Total swap = 124996kB
[ 1034.174044][T14945] 2097051 pages RAM
[ 1034.177916][T14945] 0 pages HighMem/MovableOnly
[ 1034.213066][T14945] 425366 pages reserved
[ 1034.217282][T14945] 0 pages cma reserved
[ 1034.251122][T14997] loop2: detected capacity change from 0 to 8192
[ 1034.335348][T14944] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1034.632710][T14944] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1035.009584][   T30] audit: type=1326 audit(1750517718.567:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15011 comm="syz.1.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1035.146192][   T30] audit: type=1326 audit(1750517718.567:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15011 comm="syz.1.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1035.203365][   T61] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.251206][   T61] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.289450][   T30] audit: type=1326 audit(1750517718.597:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15011 comm="syz.1.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1035.417124][   T30] audit: type=1326 audit(1750517718.597:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15011 comm="syz.1.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1035.428230][ T2137] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.496446][ T2137] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.536907][   T30] audit: type=1326 audit(1750517718.597:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15011 comm="syz.1.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1035.596298][T15027] 
@ÿ: renamed from bond_slave_0 (while UP)
[ 1035.625091][   T30] audit: type=1326 audit(1750517718.597:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15011 comm="syz.1.2500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1036.988667][T15046] netlink: 264 bytes leftover after parsing attributes in process `syz.8.2511'.
[ 1037.011015][T15049] loop2: detected capacity change from 0 to 512
[ 1037.020586][T15046] netlink: 56 bytes leftover after parsing attributes in process `syz.8.2511'.
[ 1037.060789][T15049] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1037.067519][T15049] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1037.194511][T15049] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[ 1037.194556][T15049] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[ 1037.260910][T15049] EXT4-fs (loop2): 1 truncate cleaned up
[ 1037.327395][T15049] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1037.524444][T14404] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1037.703519][T15072] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[ 1037.718226][T14404] usb 2-1: Using ep0 maxpacket: 16
[ 1037.750588][T14404] usb 2-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[ 1037.777382][T14404] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1037.858397][T14404] usb 2-1: Product: syz
[ 1037.862617][T14404] usb 2-1: Manufacturer: syz
[ 1037.876917][T14404] usb 2-1: SerialNumber: syz
[ 1038.240693][T14360] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1038.345442][T15083] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2518'.
[ 1038.356661][T15083] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2518'.
[ 1038.740228][T14404] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1039.632424][T14404] snd-usb-audio 2-1:222.0: probe with driver snd-usb-audio failed with error -71
[ 1039.772235][T14404] usb 2-1: USB disconnect, device number 19
[ 1039.773160][T15092] loop0: detected capacity change from 0 to 512
[ 1039.831744][ T7576] udevd[7576]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1039.849339][T15092] EXT4-fs: Ignoring removed nobh option
[ 1039.938753][T15092] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[ 1039.950798][T15092] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #13: comm syz.0.2521: attempt to clear invalid blocks 2 len 1
[ 1040.014392][T15092] EXT4-fs (loop0): Remounting filesystem read-only
[ 1040.029368][T15092] EXT4-fs (loop0): 1 truncate cleaned up
[ 1040.037179][T15092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1040.405142][T14632] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1040.810051][ T2137] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1040.956309][T15117] macvlan1: entered promiscuous mode
[ 1040.974747][T15122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2528'.
[ 1041.025446][T15117] ipvlan0: entered promiscuous mode
[ 1041.066575][T15122] openvswitch: netlink: Flow key attr not present in new flow.
[ 1041.095710][T15117] ipvlan0: left promiscuous mode
[ 1041.167986][T15117] macvlan1: left promiscuous mode
[ 1041.422488][T15136] loop9: detected capacity change from 0 to 512
[ 1041.463365][T15136] EXT4-fs: Ignoring removed nobh option
[ 1041.472061][T15122] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1041.548479][T15139] loop0: detected capacity change from 0 to 512
[ 1041.615784][T15139] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.2533: casefold flag without casefold feature
[ 1041.649331][T15139] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.2533: couldn't read orphan inode 15 (err -117)
[ 1041.809085][T15136] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #3: comm syz.9.2532: corrupted inode contents
[ 1041.824728][T15139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1041.904532][T15136] EXT4-fs error (device loop9): ext4_dirty_inode:6459: inode #3: comm syz.9.2532: mark_inode_dirty error
[ 1042.111906][T15136] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #3: comm syz.9.2532: corrupted inode contents
[ 1042.308192][T15136] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #3: comm syz.9.2532: mark_inode_dirty error
[ 1042.402727][T15136] Quota error (device loop9): write_blk: dquota write failed
[ 1042.428331][T15136] Quota error (device loop9): qtree_write_dquot: Error -117 occurred while creating quota
[ 1042.492932][T15136] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.2532: Failed to acquire dquot type 0
[ 1042.529269][T15136] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #16: comm syz.9.2532: corrupted inode contents
[ 1042.564735][T15136] EXT4-fs error (device loop9): ext4_dirty_inode:6459: inode #16: comm syz.9.2532: mark_inode_dirty error
[ 1042.599743][T14632] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1042.616404][T15136] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #16: comm syz.9.2532: corrupted inode contents
[ 1042.634487][T15136] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #16: comm syz.9.2532: mark_inode_dirty error
[ 1042.665519][T15136] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #16: comm syz.9.2532: corrupted inode contents
[ 1042.685937][T15136] EXT4-fs error (device loop9) in ext4_orphan_del:305: Corrupt filesystem
[ 1042.695314][T15136] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #16: comm syz.9.2532: corrupted inode contents
[ 1042.714151][T15136] EXT4-fs error (device loop9): ext4_truncate:4597: inode #16: comm syz.9.2532: mark_inode_dirty error
[ 1042.799840][T15136] EXT4-fs error (device loop9) in ext4_process_orphan:347: Corrupt filesystem
[ 1042.884622][T15136] EXT4-fs (loop9): 1 truncate cleaned up
[ 1042.953019][T14404] usb 9-1: new full-speed USB device number 17 using dummy_hcd
[ 1043.158372][T14404] usb 9-1: device descriptor read/64, error -71
[ 1043.730801][T14404] usb 9-1: new full-speed USB device number 18 using dummy_hcd
[ 1043.841880][T15136] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1043.859339][T15176] warn_alloc: 1 callbacks suppressed
[ 1043.859358][T15176] syz.0.2538: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1043.881598][T15176] CPU: 1 UID: 0 PID: 15176 Comm: syz.0.2538 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[ 1043.881634][T15176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1043.881646][T15176] Call Trace:
[ 1043.881654][T15176]  <TASK>
[ 1043.881663][T15176]  dump_stack_lvl+0x189/0x250
[ 1043.881701][T15176]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1043.881730][T15176]  ? __pfx__printk+0x10/0x10
[ 1043.881752][T15176]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1043.881785][T15176]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1043.881818][T15176]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1043.881852][T15176]  warn_alloc+0x214/0x310
[ 1043.881873][T15176]  ? stack_depot_save_flags+0x40/0x900
[ 1043.881898][T15176]  ? __pfx_warn_alloc+0x10/0x10
[ 1043.881921][T15176]  ? kasan_save_track+0x4f/0x80
[ 1043.881947][T15176]  ? xskq_create+0x56/0x170
[ 1043.881964][T15176]  ? xsk_init_queue+0xb0/0x110
[ 1043.881989][T15176]  ? xsk_setsockopt+0x43f/0x710
[ 1043.882014][T15176]  ? do_sock_setsockopt+0x257/0x3e0
[ 1043.882037][T15176]  ? __x64_sys_setsockopt+0x18b/0x220
[ 1043.882061][T15176]  ? do_syscall_64+0xfa/0x3b0
[ 1043.882078][T15176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1043.882107][T15176]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1043.882163][T15176]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1043.882183][T15176]  ? xskq_create+0x56/0x170
[ 1043.882204][T15176]  ? __kasan_kmalloc+0x93/0xb0
[ 1043.882235][T15176]  vmalloc_user_noprof+0xad/0xf0
[ 1043.882254][T15176]  ? xskq_create+0xbf/0x170
[ 1043.882272][T15176]  xskq_create+0xbf/0x170
[ 1043.882293][T15176]  xsk_init_queue+0xb0/0x110
[ 1043.882323][T15176]  xsk_setsockopt+0x43f/0x710
[ 1043.882354][T15176]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1043.882378][T15176]  ? __lock_acquire+0xab9/0xd20
[ 1043.882407][T15176]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1043.882439][T15176]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1043.882461][T15176]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1043.882489][T15176]  do_sock_setsockopt+0x257/0x3e0
[ 1043.882519][T15176]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1043.882551][T15176]  ? __fget_files+0x2a/0x420
[ 1043.882581][T15176]  __x64_sys_setsockopt+0x18b/0x220
[ 1043.882621][T15176]  do_syscall_64+0xfa/0x3b0
[ 1043.882640][T15176]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1043.882658][T15176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1043.882676][T15176]  ? clear_bhb_loop+0x60/0xb0
[ 1043.882701][T15176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1043.882719][T15176] RIP: 0033:0x7f03c178e929
[ 1043.882738][T15176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1043.882754][T15176] RSP: 002b:00007f03c2653038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1043.882775][T15176] RAX: ffffffffffffffda RBX: 00007f03c19b6080 RCX: 00007f03c178e929
[ 1043.882789][T15176] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[ 1043.882801][T15176] RBP: 00007f03c1810b39 R08: 0000000000000052 R09: 0000000000000000
[ 1043.882813][T15176] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1043.882824][T15176] R13: 0000000000000000 R14: 00007f03c19b6080 R15: 00007ffca1442918
[ 1043.882858][T15176]  </TASK>
[ 1043.882865][T15176] Mem-Info:
[ 1043.973134][T15136] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1044.223678][T15176] active_anon:11937 inactive_anon:0 isolated_anon:0
[ 1044.223678][T15176]  active_file:11419 inactive_file:40269 isolated_file:0
[ 1044.223678][T15176]  unevictable:768 dirty:115 writeback:0
[ 1044.223678][T15176]  slab_reclaimable:11675 slab_unreclaimable:107518
[ 1044.223678][T15176]  mapped:33043 shmem:4327 pagetables:1740
[ 1044.223678][T15176]  sec_pagetables:0 bounce:0
[ 1044.223678][T15176]  kernel_misc_reclaimable:0
[ 1044.223678][T15176]  free:1302514 free_pcp:11659 free_cma:0
[ 1044.269180][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1044.275488][T15176] Node 0 active_anon:47748kB inactive_anon:0kB active_file:45676kB inactive_file:160876kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132172kB dirty:460kB writeback:0kB shmem:15772kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13528kB pagetables:6836kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1044.308999][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1044.318162][T15176] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1044.349705][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1044.355892][T15176] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1044.385982][T15176] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1044.393348][T15176] Node 0 DMA32 free:1307272kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48300kB inactive_anon:0kB active_file:45676kB inactive_file:159288kB unevictable:1536kB writepending:460kB present:3129332kB managed:2558572kB mlocked:0kB bounce:0kB free_pcp:27676kB local_pcp:6328kB free_cma:0kB
[ 1044.425617][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1044.431717][T15176] lowmem_reserve[]: 0 0 1 1 1
[ 1044.436459][T15176] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1588kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1044.465380][T15176] lowmem_reserve[]: 0 0 0 0 0
[ 1044.470141][T15176] Node 1 Normal free:3887424kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18792kB local_pcp:10496kB free_cma:0kB
[ 1044.503235][T15176] lowmem_reserve[]: 0 0 0 0 0
[ 1044.507966][T15176] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1044.521059][T15176] Node 0 DMA32: 3036*4kB (UME) 1059*8kB (UM) 564*16kB (UM) 914*32kB (UME) 267*64kB (UME) 75*128kB (UM) 52*256kB (UM) 12*512kB (UME) 4*1024kB (M) 7*2048kB (UM) 289*4096kB (UM) = 1307208kB
[ 1044.539894][T15176] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1044.551411][T15176] Node 1 Normal: 160*4kB (UE) 38*8kB (UME) 33*16kB (UME) 66*32kB (UME) 31*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3887424kB
[ 1044.569439][T15176] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1044.579102][T15176] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1044.588412][T15176] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1044.598908][T15176] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1044.608956][T15176] 56144 total pagecache pages
[ 1044.613632][T15176] 0 pages in swap cache
[ 1044.617781][T15176] Free swap  = 124996kB
[ 1044.621999][T15176] Total swap = 124996kB
[ 1044.626153][T15176] 2097051 pages RAM
[ 1044.629993][T15176] 0 pages HighMem/MovableOnly
[ 1044.634687][T15176] 425366 pages reserved
[ 1044.638867][T15176] 0 pages cma reserved
[ 1044.643196][T14404] usb 9-1: device descriptor read/64, error -71
[ 1044.734788][T14348] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1044.759651][T15185] loop1: detected capacity change from 0 to 128
[ 1044.862203][T14404] usb usb9-port1: attempt power cycle
[ 1044.932801][T15178] loop2: detected capacity change from 0 to 8192
[ 1045.098742][ T5899] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1045.229439][T14404] usb 9-1: new full-speed USB device number 19 using dummy_hcd
[ 1045.274880][ T5899] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1045.289111][T14404] usb 9-1: device descriptor read/8, error -71
[ 1045.321081][ T5899] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1045.346774][ T5899] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1045.358451][T15195] loop0: detected capacity change from 0 to 512
[ 1045.375023][ T5899] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[ 1045.419735][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1045.451732][T15195] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 1045.464256][T15198] loop9: detected capacity change from 0 to 512
[ 1045.479409][ T5899] usb 2-1: config 0 descriptor??
[ 1045.527518][T15195] EXT4-fs (loop0): 1 truncate cleaned up
[ 1045.550164][T15195] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1045.556988][T15198] EXT4-fs error (device loop9): ext4_orphan_get:1393: inode #15: comm syz.9.2548: casefold flag without casefold feature
[ 1045.585371][T14404] usb 9-1: new full-speed USB device number 20 using dummy_hcd
[ 1045.601257][T15198] EXT4-fs error (device loop9): ext4_orphan_get:1398: comm syz.9.2548: couldn't read orphan inode 15 (err -117)
[ 1045.715462][T15198] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1045.830712][T14632] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1045.883488][T14404] usb 9-1: device not accepting address 20, error -71
[ 1045.903493][ T5899] elecom 0003:056E:00FB.000D: unbalanced delimiter at end of report description
[ 1045.908466][T14404] usb usb9-port1: unable to enumerate USB device
[ 1045.944422][ T5899] elecom 0003:056E:00FB.000D: probe with driver elecom failed with error -22
[ 1046.093550][T15210] loop8: detected capacity change from 0 to 1024
[ 1046.106870][ T5899] usb 2-1: USB disconnect, device number 20
[ 1046.129746][T15210] EXT4-fs: Ignoring removed bh option
[ 1046.170186][T15210] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1046.192991][T14348] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1046.296727][T15210] EXT4-fs error (device loop8): ext4_quota_enable:7124: comm syz.8.2551: inode #2304: comm syz.8.2551: iget: illegal inode #
[ 1046.321078][   T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1046.425182][T15210] EXT4-fs (loop8): Remounting filesystem read-only
[ 1046.456651][T15210] EXT4-fs warning (device loop8): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[ 1046.510769][T15210] EXT4-fs (loop8): mount failed
[ 1046.536178][   T43] usb 1-1: Using ep0 maxpacket: 16
[ 1046.789692][   T43] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[ 1046.798662][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1046.838116][   T43] usb 1-1: config 0 has no interface number 0
[ 1047.157517][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1047.528121][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1047.598491][   T43] usb 1-1: Product: syz
[ 1047.615395][   T43] usb 1-1: Manufacturer: syz
[ 1047.671248][   T43] usb 1-1: SerialNumber: syz
[ 1047.929229][   T43] usb 1-1: config 0 descriptor??
[ 1047.941568][   T43] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[ 1047.948220][   T43] usb 1-1: No valid video chain found.
[ 1048.164197][T14404] usb 1-1: USB disconnect, device number 7
[ 1048.388490][   T61] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1048.633109][T15254] loop8: detected capacity change from 0 to 1024
[ 1048.654155][T15254] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1048.753061][T15254] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1048.791578][T15258] loop0: detected capacity change from 0 to 128
[ 1048.866318][T15261] loop1: detected capacity change from 0 to 1024
[ 1048.966420][T15254] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1049.022978][T15261] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1049.062272][T15254] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1049.231714][T15274] netlink: 'syz.2.2560': attribute type 27 has an invalid length.
[ 1049.647107][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1050.455605][T15300] loop0: detected capacity change from 0 to 1024
[ 1050.501571][T15301] loop2: detected capacity change from 0 to 1024
[ 1050.643620][T15300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1050.752598][T15301] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1050.860048][   T30] audit: type=1800 audit(1750517734.417:84): pid=15301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2577" name="file1" dev="loop2" ino=15 res=0 errno=0
[ 1050.965904][   T30] audit: type=1800 audit(1750517734.437:85): pid=15300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2578" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 1051.037866][   T30] audit: type=1804 audit(1750517734.517:86): pid=15317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2578" name="/newroot/18/file1/file1" dev="loop0" ino=15 res=1 errno=0
[ 1051.087145][T15323] netlink: 260 bytes leftover after parsing attributes in process `syz.8.2583'.
[ 1051.122851][T15323] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[ 1051.137119][   T30] audit: type=1800 audit(1750517734.517:87): pid=15317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2578" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 1051.417285][T14632] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1051.450560][T14360] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1052.368662][T14565] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1052.547320][T14565] usb 2-1: Using ep0 maxpacket: 32
[ 1052.619341][T14565] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[ 1052.666298][T14565] usb 2-1: config 0 has no interface number 0
[ 1052.688484][T14565] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1052.714352][T14565] usb 2-1: config 0 interface 85 has no altsetting 0
[ 1052.725042][T14565] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1052.736535][T14565] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1052.753323][T14565] usb 2-1: Product: syz
[ 1052.773172][T14565] usb 2-1: Manufacturer: syz
[ 1052.802572][T14565] usb 2-1: SerialNumber: syz
[ 1052.879713][T14565] usb 2-1: config 0 descriptor??
[ 1053.195101][T15370] loop9: detected capacity change from 0 to 512
[ 1053.246819][T15370] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[ 1053.321792][T15370] EXT4-fs (loop9): 1 truncate cleaned up
[ 1053.354496][T14565] appletouch 2-1:0.85: Failed to read mode from device.
[ 1053.359569][T15370] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1053.378763][T14565] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[ 1053.406607][T14565] usb 2-1: USB disconnect, device number 21
[ 1053.464648][T15370] EXT4-fs error (device loop9): ext4_find_dest_de:2052: inode #2: block 13: comm syz.9.2599: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[ 1053.931664][T14348] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1054.221284][T15383] loop0: detected capacity change from 0 to 512
[ 1054.708918][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.715345][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.111887][T15381] macvlan1: entered promiscuous mode
[ 1055.122382][T15383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1055.135033][T15383] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1055.461913][T15381] ipvlan0: entered promiscuous mode
[ 1055.506922][T15381] ipvlan0: left promiscuous mode
[ 1055.613606][   T30] audit: type=1326 audit(1750517739.167:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15387 comm="syz.1.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7a898e929 code=0x7ffc0000
[ 1055.637783][T15389] ------------[ cut here ]------------
[ 1055.643317][T15389] Please remove unsupported % in format string
[ 1055.650609][T15389] WARNING: lib/vsprintf.c:2776 at format_decode+0x965/0xe30, CPU#1: syz.1.2603/15389
[ 1055.660162][T15389] Modules linked in:
[ 1055.664339][T15389] CPU: 1 UID: 0 PID: 15389 Comm: syz.1.2603 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[ 1055.677622][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1055.687874][T15389] RIP: 0010:format_decode+0x965/0xe30
[ 1055.693351][T15389] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 b4 04 00 00 41 0f b6 34 24 48 c7 c7 60 d7 b9 8c e8 2c 79 1a f6 90 <0f> 0b 90 90 e9 6b fc ff ff e8 5d c9 56 f6 48 89 dd e9 55 fa ff ff
[ 1055.713035][T15389] RSP: 0018:ffffc900030f77b0 EFLAGS: 00010246
[ 1055.719173][T15389] RAX: dda664ad79d68c00 RBX: 0000000000000000 RCX: 0000000000080000
[ 1055.727170][T15389] RDX: ffffc90004ae2000 RSI: 000000000000304b RDI: 000000000000304c
[ 1055.735189][T15389] RBP: ffffc900030f79ac R08: 0000000000000003 R09: 0000000000000004
[ 1055.743216][T15389] R10: dffffc0000000000 R11: fffffbfff1bfaa2c R12: ffffc900030f79ac
[ 1055.751362][T15389] R13: ffffffff8cb9d260 R14: 0000000000000406 R15: 0000000000000400
[ 1055.759412][T15389] FS:  00007ff7a97ab6c0(0000) GS:ffff888125d26000(0000) knlGS:0000000000000000
[ 1055.768462][T15389] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1055.775075][T15389] CR2: 000000110c3957fc CR3: 000000003172e000 CR4: 00000000003526f0
[ 1055.783109][T15389] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1055.791166][T15389] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1055.799279][T15389] Call Trace:
[ 1055.802585][T15389]  <TASK>
[ 1055.805546][T15389]  bstr_printf+0xd0/0xb70
[ 1055.809963][T15389]  bpf_trace_printk+0x10e/0x190
[ 1055.814848][T15389]  ? ktime_get+0x3e/0x1f0
[ 1055.819236][T15389]  ? __pfx_bpf_trace_printk+0x10/0x10
[ 1055.824644][T15389]  ? __local_bh_disable_ip+0xf1/0x190
[ 1055.830090][T15389]  ? read_tsc+0x9/0x20
[ 1055.834185][T15389]  ? ktime_get+0x1cb/0x1f0
[ 1055.838654][T15389]  bpf_prog_12183cdb1cd51dab+0x37/0x3f
[ 1055.844133][T15389]  bpf_test_run+0x38e/0x830
[ 1055.848706][T15389]  ? bpf_test_run+0x205/0x830
[ 1055.853416][T15389]  ? __pfx_bpf_test_run+0x10/0x10
[ 1055.858530][T15389]  ? slab_build_skb+0x273/0x3e0
[ 1055.863421][T15389]  ? convert___skb_to_skb+0x3d/0x590
[ 1055.868764][T15389]  bpf_prog_test_run_skb+0xb30/0x1560
[ 1055.874196][T15389]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1055.880083][T15389]  bpf_prog_test_run+0x2c7/0x340
[ 1055.885072][T15389]  __sys_bpf+0x4a4/0x860
[ 1055.889375][T15389]  ? __pfx___sys_bpf+0x10/0x10
[ 1055.894202][T15389]  ? __secure_computing+0xe2/0x2a0
[ 1055.899378][T15389]  __x64_sys_bpf+0x7c/0x90
[ 1055.903823][T15389]  do_syscall_64+0xfa/0x3b0
[ 1055.908374][T15389]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1055.913590][T15389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1055.919804][T15389]  ? clear_bhb_loop+0x60/0xb0
[ 1055.924507][T15389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1055.930452][T15389] RIP: 0033:0x7ff7a898e929
[ 1055.934890][T15389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1055.954636][T15389] RSP: 002b:00007ff7a97ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1055.963113][T15389] RAX: ffffffffffffffda RBX: 00007ff7a8bb5fa0 RCX: 00007ff7a898e929
[ 1055.971200][T15389] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a
[ 1055.979260][T15389] RBP: 00007ff7a8a10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1055.987266][T15389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1055.995307][T15389] R13: 0000000000000000 R14: 00007ff7a8bb5fa0 R15: 00007ffccc92e568
[ 1056.003364][T15389]  </TASK>
[ 1056.006408][T15389] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1056.013711][T15389] CPU: 1 UID: 0 PID: 15389 Comm: syz.1.2603 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
[ 1056.025271][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1056.035439][T15389] Call Trace:
[ 1056.038741][T15389]  <TASK>
[ 1056.041689][T15389]  dump_stack_lvl+0x99/0x250
[ 1056.046314][T15389]  ? __asan_memcpy+0x40/0x70
[ 1056.050929][T15389]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1056.056154][T15389]  ? __pfx__printk+0x10/0x10
[ 1056.060784][T15389]  panic+0x2db/0x790
[ 1056.064730][T15389]  ? __pfx_panic+0x10/0x10
[ 1056.069204][T15389]  __warn+0x334/0x4c0
[ 1056.073237][T15389]  ? format_decode+0x965/0xe30
[ 1056.078031][T15389]  ? format_decode+0x965/0xe30
[ 1056.082823][T15389]  report_bug+0x2be/0x4f0
[ 1056.087182][T15389]  ? format_decode+0x965/0xe30
[ 1056.091971][T15389]  ? format_decode+0x965/0xe30
[ 1056.096750][T15389]  ? format_decode+0x967/0xe30
[ 1056.101518][T15389]  handle_bug+0x84/0x160
[ 1056.105855][T15389]  exc_invalid_op+0x1a/0x50
[ 1056.110390][T15389]  asm_exc_invalid_op+0x1a/0x20
[ 1056.115241][T15389] RIP: 0010:format_decode+0x965/0xe30
[ 1056.120615][T15389] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 b4 04 00 00 41 0f b6 34 24 48 c7 c7 60 d7 b9 8c e8 2c 79 1a f6 90 <0f> 0b 90 90 e9 6b fc ff ff e8 5d c9 56 f6 48 89 dd e9 55 fa ff ff
[ 1056.140226][T15389] RSP: 0018:ffffc900030f77b0 EFLAGS: 00010246
[ 1056.146297][T15389] RAX: dda664ad79d68c00 RBX: 0000000000000000 RCX: 0000000000080000
[ 1056.154269][T15389] RDX: ffffc90004ae2000 RSI: 000000000000304b RDI: 000000000000304c
[ 1056.162240][T15389] RBP: ffffc900030f79ac R08: 0000000000000003 R09: 0000000000000004
[ 1056.170224][T15389] R10: dffffc0000000000 R11: fffffbfff1bfaa2c R12: ffffc900030f79ac
[ 1056.178198][T15389] R13: ffffffff8cb9d260 R14: 0000000000000406 R15: 0000000000000400
[ 1056.186194][T15389]  bstr_printf+0xd0/0xb70
[ 1056.190564][T15389]  bpf_trace_printk+0x10e/0x190
[ 1056.195425][T15389]  ? ktime_get+0x3e/0x1f0
[ 1056.199754][T15389]  ? __pfx_bpf_trace_printk+0x10/0x10
[ 1056.205134][T15389]  ? __local_bh_disable_ip+0xf1/0x190
[ 1056.210521][T15389]  ? read_tsc+0x9/0x20
[ 1056.214590][T15389]  ? ktime_get+0x1cb/0x1f0
[ 1056.219011][T15389]  bpf_prog_12183cdb1cd51dab+0x37/0x3f
[ 1056.224473][T15389]  bpf_test_run+0x38e/0x830
[ 1056.228988][T15389]  ? bpf_test_run+0x205/0x830
[ 1056.233759][T15389]  ? __pfx_bpf_test_run+0x10/0x10
[ 1056.238808][T15389]  ? slab_build_skb+0x273/0x3e0
[ 1056.243663][T15389]  ? convert___skb_to_skb+0x3d/0x590
[ 1056.248950][T15389]  bpf_prog_test_run_skb+0xb30/0x1560
[ 1056.254337][T15389]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1056.260143][T15389]  bpf_prog_test_run+0x2c7/0x340
[ 1056.265086][T15389]  __sys_bpf+0x4a4/0x860
[ 1056.269336][T15389]  ? __pfx___sys_bpf+0x10/0x10
[ 1056.274123][T15389]  ? __secure_computing+0xe2/0x2a0
[ 1056.279250][T15389]  __x64_sys_bpf+0x7c/0x90
[ 1056.283671][T15389]  do_syscall_64+0xfa/0x3b0
[ 1056.288175][T15389]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1056.293373][T15389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1056.299526][T15389]  ? clear_bhb_loop+0x60/0xb0
[ 1056.304206][T15389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1056.310102][T15389] RIP: 0033:0x7ff7a898e929
[ 1056.314520][T15389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1056.334127][T15389] RSP: 002b:00007ff7a97ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1056.342545][T15389] RAX: ffffffffffffffda RBX: 00007ff7a8bb5fa0 RCX: 00007ff7a898e929
[ 1056.350517][T15389] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a
[ 1056.358491][T15389] RBP: 00007ff7a8a10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1056.366462][T15389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1056.374527][T15389] R13: 0000000000000000 R14: 00007ff7a8bb5fa0 R15: 00007ffccc92e568
[ 1056.382513][T15389]  </TASK>
[ 1056.385799][T15389] Kernel Offset: disabled
[ 1056.390117][T15389] Rebooting in 86400 seconds..