last executing test programs:

3m8.518087876s ago: executing program 3 (id=14):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
r2 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r2, 0x2)
r3 = open(&(0x7f0000000300)='.\x00', 0x102000, 0x0)
flock(r3, 0x1)
r4 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r4, 0x2)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d6, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

3m5.740939141s ago: executing program 3 (id=17):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x2, &(0x7f0000000000))
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xc)
unshare(0x22020600)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000580), 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x4000054)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x20040800}, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f00000000c0)={&(0x7f0000000080)})

3m4.398288641s ago: executing program 3 (id=18):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty=0xe0000001}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000000000)=0x800, 0x4)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x6, 0x8012, r3, 0x0)
syz_clone(0x40100000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f000000a100)=@vmx={0x0, 0x0, 0x2080})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

3m0.350959802s ago: executing program 0 (id=24):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0xe0, @dev={0xfe, 0x80, '\x00', 0x30}, 0xf}, 0x1c)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000040))

2m58.124528265s ago: executing program 0 (id=26):
r0 = socket(0x28, 0x801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$getsig(0x4202, r1, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
clock_adjtime(0x0, &(0x7f0000000000))
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/12], 0x48)
r4 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x4008000, &(0x7f0000000280)={0xa, 0x4e22, 0x4, @local, 0x7fffffff}, 0x1c)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
epoll_create(0x632)
umount2(&(0x7f0000000440)='./file0\x00', 0xb)
sendto$inet6(r4, 0x0, 0x0, 0x4008091, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r6, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000880)={0x28, 0x0, 0x0, @local, 0x11}, 0x10)

2m57.808727544s ago: executing program 3 (id=27):
socket(0x41503864490ca358, 0x6, 0xffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f00000009c0), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

2m56.498538522s ago: executing program 0 (id=28):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0)
r0 = open(&(0x7f0000000040)='./file2\x00', 0x1, 0x104)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x4004804)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x40081271, 0x3)

2m56.165126152s ago: executing program 3 (id=29):
close(0xffffffffffffffff)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_xen(0x0, 0x0, 0x0, 0x1006cd, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r3, 0x5)
syz_emit_ethernet(0x3b6, 0x0, 0x0)
fallocate(r3, 0x60, 0x1, 0x9)
r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r4, 0x2)
r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$cgroup_subtree(r5, 0x0, 0x7)
dup3(r4, r3, 0x0)

2m55.038313959s ago: executing program 3 (id=33):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, &(0x7f0000000200)='./file1\x00', 0x8, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000372000/0x2000)=nil, 0x2000)
mlock2(&(0x7f000020c000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2m54.702155539s ago: executing program 32 (id=33):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, &(0x7f0000000200)='./file1\x00', 0x8, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000372000/0x2000)=nil, 0x2000)
mlock2(&(0x7f000020c000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2m52.897538306s ago: executing program 0 (id=37):
socket(0x41503864490ca358, 0x6, 0xffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f00000009c0), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

2m51.173745999s ago: executing program 0 (id=39):
syz_mount_image$msdos(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f00000005c0), 0x1, 0x52e, &(0x7f0000000600)="$eJzs2j+LE0EcBuAxd+YOG1OLxYKN1XFaWbpIDg4XhMgWWrlwsdkVYbfZpLpvI/jZ7NJcF7nskrv4rzFx1DwPhHnJm8Bvmt0p5t3DD+XFx+b9sy+fwvHzJAxCCIOrEEar1LnTr4NVHobbLgMA8K+ZTIo09gzsVl2nxfUZ7ui7Jv8cZSAAAAAAAAAAAAB+m/v/ALB/3P///9V1Wgz789sm9/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAeK6Wy/vLX3xizwcAbJ/3PwDsn9dv3r5Ms2w8SZLjEBaXbd7m3dr1Z+fZ+DRZGd38a9G2+cG6f9L1yWZ/N9zr+6c/7Ifh8aOuv+5evMq+6Y/Cxe63DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANxykqyNbr5dtG1+0PUnP+u7dHaejU/7H2z2h+HB4R/bBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAFzWxeFlU1rQVBENYh9pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIpZnNy6KqpnUTexIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4G/RzOZlUVXTeoch9h4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L6vAQAA//+aYmE9")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000008900)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setrlimit(0x4, &(0x7f00000000c0)={0x0, 0x4})
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setownex(r3, 0xf, &(0x7f0000000180)={0x2, r1})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x6, 0xfff3}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x238, 0x160, 0x0, 0x148, 0x0, 0x148, 0x1f0, 0x240, 0x240, 0x1f0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x88, 0x1}, 0x0, 0xa8, 0x110, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x3, 0x76, 0xb75e, 0x5a3e, 0x4, 0x20}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
r8 = socket(0x1e, 0x1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000d40)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x84008600}, 0xc, &(0x7f0000000d00)={&(0x7f0000000300)={0x24, 0x1, 0x1, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1402}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4054}, 0x2005c)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc8, &(0x7f0000000b40)=""/200, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
mount(&(0x7f0000000040), &(0x7f0000000040)='.\x00', &(0x7f0000000000)='binder\x00', 0x208000, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0xf)
llistxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000d80)=""/78, 0x4e)

2m50.65418987s ago: executing program 0 (id=42):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m50.047295906s ago: executing program 33 (id=42):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m55.184806973s ago: executing program 4 (id=138):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r0, 0x5)
fallocate(r0, 0x60, 0x1, 0x9)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r1, 0x2)
dup3(r1, r0, 0x0)

1m54.971420505s ago: executing program 4 (id=139):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0)
r0 = open(&(0x7f0000000040)='./file2\x00', 0x1, 0x104)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x4004804)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x40081271, 0x3)

1m51.159373272s ago: executing program 4 (id=147):
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000003f01f00660000007f00000001000000", @ANYRES32, @ANYRES32], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0x22, 0x2, 0x21)
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})

1m50.85968959s ago: executing program 4 (id=150):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), 0x0, 0x0, 0x2200892, 0x0)
read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
clock_getres(0x8, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1m49.594264736s ago: executing program 4 (id=155):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0xf1}, {0xffff, 0xffff}, {0x2, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_QUANTUM={0x8, 0x3, 0xf}, @TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x11}, @TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x6}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x4000010)

1m48.917422856s ago: executing program 4 (id=156):
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRES32], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f000001b0c0)=ANY=[@ANYBLOB="0200000004000000090004000900000000000000395df0da22b98513d7b61790f4227bc64f8042a0e2a3a70a364792370485662e68079373be776bcac5515786be8b9321d43344aaf8d9692e41ae7a5e0b298182c23571", @ANYRES32, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001dc0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00')
read$FUSE(r4, &(0x7f0000019080)={0x2020}, 0x2020)
pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000240)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f00030001332564aaee7b1d58b9a64411f6bbf44d", 0x39}], 0x1)

1m33.521843092s ago: executing program 34 (id=156):
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRES32], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f000001b0c0)=ANY=[@ANYBLOB="0200000004000000090004000900000000000000395df0da22b98513d7b61790f4227bc64f8042a0e2a3a70a364792370485662e68079373be776bcac5515786be8b9321d43344aaf8d9692e41ae7a5e0b298182c23571", @ANYRES32, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001dc0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00')
read$FUSE(r4, &(0x7f0000019080)={0x2020}, 0x2020)
pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000240)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f00030001332564aaee7b1d58b9a64411f6bbf44d", 0x39}], 0x1)

17.3063358s ago: executing program 5 (id=364):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0a000000e3e20000420000003e00000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/17], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000340), &(0x7f00000000c0)=@tcp6=r0, 0x2}, 0x20)

16.925099603s ago: executing program 5 (id=366):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x1, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xd9, 0x40, 0x41, 0xfb, 0x61, 0xc, 0x0, 0xfb, 0x3e, 0x1, 0x2}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x8, 0x7e2c, 0x20, 0x3, 0x2, 0x8, 0x100, 0x8000000000000, 0x80000004000081, 0x0, 0x8, 0x0, 0x6, 0xfffffffffffffffc, 0x8000], 0x3000, 0x3e5254})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

16.702352026s ago: executing program 1 (id=367):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@grpquota}, {@quota}, {@quota}, {@stripe={'stripe', 0x3d, 0x3}}, {@jqfmt_vfsold}]}, 0xff, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)

16.388416565s ago: executing program 5 (id=369):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000380)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x280008a, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030322c726f6469722c73686f72866e616d653d6d697865642c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=0,shortname=mixed,uni_xlate=0,shortname=winnt,\x00'], 0x96, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO")
r2 = socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x70bd29, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
io_setup(0x281, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000a00))
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES32=r1], 0x20)

14.159920938s ago: executing program 6 (id=371):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$tcp_congestion(r5, &(0x7f0000000040)='lp\x00', 0x3)
socket$nl_xfrm(0x10, 0x3, 0x6)

13.962299689s ago: executing program 1 (id=373):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)

12.866137844s ago: executing program 2 (id=374):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3b9600000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="4d00330040000000ffffffffffff080211000001"], 0x6c}}, 0x14)

12.830396837s ago: executing program 5 (id=375):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="280000000306030000000000000000000000000605000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)

10.778454649s ago: executing program 1 (id=376):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x202200, 0x0)
close(r1)
socket$kcm(0x10, 0x100000000002, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})

10.747828s ago: executing program 6 (id=377):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20008840, &(0x7f0000000280)={0xa, 0x4e20, 0x8000, @remote, 0x2}, 0x1c)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r0, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r0, &(0x7f0000000100)='L', &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000a00), &(0x7f0000000000), 0x2}, 0x20)

10.632001578s ago: executing program 5 (id=378):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_sco(r0, &(0x7f0000000340), 0x8)
pipe2(&(0x7f00000000c0), 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ba20702500000000002003007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

10.58893392s ago: executing program 2 (id=379):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

10.518225815s ago: executing program 6 (id=380):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x1, 0x0, 0x5, 0x178, r0})
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="68000000100039042cbd7400eaffffff000003e4", @ANYRES32=r4, @ANYBLOB="83000400000000004800128008000100736974003c0002800500090029000000060010000b00000008000c000000008006000d000900000006000f000300000008000300e000000106000e0000000000"], 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x9, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r5, &(0x7f0000000100)={&(0x7f0000000000)={0xa, 0x1, 0x80000, @local, 0xc}, 0xfffffffffffffed5, 0x0, 0x0, &(0x7f0000000180)}, 0x40048d0)
syz_mount_image$ext4(&(0x7f00000005c0)='ext2\x00', &(0x7f0000000600)='./bus\x00', 0x2118400, &(0x7f0000000100)={[{@data_writeback}], [{@permit_directio}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}, 0x1, 0x5c0, &(0x7f0000000640)="$eJzs3V2IXGcdB+D/zOym+diaD1u1NTaroTYQurPZbEIiXljiR61JrShehEJYstPdkNmdNbuB7lSwxRtREMEbEYSKvbAiGshNpdT2osUbBaV+UNEYUEGEopWCCOrIOx/baXPSDe7uHLrneeDMvuc9s/u+s8Nvzjlz3nNOAIU1mh5KESMRcTkidnZmX/+E0c6P5uFLs2kqRav16b+V2s+bPnxptvfU3u/tSA9DEVsjYs+JUuwfvrbdxeXm+al6vXahO19dmluoLi437z43NzVTm6nNHzk2eXzi6OSxyfV7reM/237rn++8/+oTz//z39/6zdEfpP6OdJf1v471Mhqj3f/JcOzuqx8qRdy33o3lpNJ5q+POvrrSUI4d4oa1Wnu+n96/t0fE/nb+d0YlOm/eS08/+I+d8at78+4jsHFaPdmLX2kBm1a5vQ1cKo9FRKdcLo+Ndbbhb4nt5XpjcengQ42L89OdbeVdMVx+6Fy9Nt7dV9gVw6U0f6hdfm1+4g3zhyPa28Bfqmxrz4+dbdSnB/1hB7SNRFy5/LmzW3a8If9/qXTyD2xeKf+/fOGpZ1P51UrevQEGKeX/e6/OfSLkHwpH/qG45B+KS/6huOQfikv+objkH4pL/qG45B+KS/6huHr5f+DUqXjg1KlWs3v++3xj5tz52YXjE+NjcxfPjp1tXFgYm2k0Ztpn7Myt/nfrjcbCoYm4+HB1qba4VF1cbp6Za1ycXzrTPq//TC3jUgBADk5f3Xrf7n3PvVSKiEc/sK09JVu6y2UVNrdWqxR5n4MM5MOuPxSXS7VBcdnHB0qrLN96vQX19e8LMBjlvDsA5Oau2xz/g6Ly/T8Ul+//obhs4wO+/4fi8f0/FNfIde7/dXPfvbvGI+JtEfHTyvBNvXt9AW8pr9vVH4m4cuU7n62u3IdbQUFBYaWQ3wcVMBivhT7vngB5mT58abY3DarNZ2YG1RKQ5eV7OoOAUu6b3amzZGjl2MDwBo0T2n1HevzR7x8/MFtJU3Q/hzagKSDDo49FxLuy1v+l9rGBXd3n7ek8LW6JiFsj4h0R8c41tv2NT0WMxgu1/jr5h8G50fzfFhFpdX17RLw7IvZGxHvW2PYvLqf8/3pbf538QzF8/vm8ewDk5eNP5d0DIC+njTGAwvruI3n3AMjL0z/MuwdAXr76Yt49gGJ77p6IGM86/lduH+/vGe5eF/Cm7rUAtkXE9ojY0T2H8ObuOYI7+44ZrubMJyNG444f99c5/geD0xv/17xm/F95ZfxfJSL2raGNZz448pWs+qm9Kf9PPNIb/5em1H5vLCCwsV5+LOL2zPyXVsb8liLlNOK9/2cbo1+4+mRW/Yv3p787/HP5h3y0vh3x/sjOf08qVZfmFqqLy8272/fxnqnNHzk2eXzi6OSxyWr7EiHV3oVCMpz8+ysHs+p/N5Hy/80j8g/5SOv/7dfJf//2//vW0MaJr3/5dFb9yB9T/vc+++b5L/91S+kz7fnefQkenlpaunAoYkvp5LX1E2voKGxyvYz0MpTyf2B/9v7/nu7vpPX/iYj4cNpeiIj/RMR/I+IjEfHRiPhYRNz7Jm1+7a6Zq1n1f3gy5f/x89b/kI+U/+lV1v/p57/W0MbBAz/5Ylb9h/al/I/99k8nHxxKk/wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArL/F5eb5qXq9dmEDC52WWpW8XysAAAAAAABsdv8LAAD//0aSNKQ=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x30c904d, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x30024, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})

10.393309732s ago: executing program 1 (id=381):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x8000000, 0xffff1000, 0x1, 0x1, 0x999})

5.258420997s ago: executing program 5 (id=382):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe2(&(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r4=>0xffffffffffffffff})
setsockopt$sock_int(r4, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r3, 0x0, r4, 0x0, 0xd9d7, 0x8)

5.034237461s ago: executing program 1 (id=383):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x800)
accept$unix(r5, 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
close_range(r0, 0xffffffffffffffff, 0x0)

5.033989861s ago: executing program 2 (id=384):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)

4.898817699s ago: executing program 6 (id=385):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$tcp_congestion(r5, &(0x7f0000000040)='lp\x00', 0x3)
socket$nl_xfrm(0x10, 0x3, 0x6)

2.799783154s ago: executing program 2 (id=386):
close(0xffffffffffffffff)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_xen(0x0, 0x0, 0x0, 0x1006cd, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r3, 0x5)
fallocate(r3, 0x60, 0x1, 0x9)
r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r4, 0x2)
r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$cgroup_subtree(r5, 0x0, 0x7)
dup3(r4, r3, 0x0)
syz_io_uring_setup(0x47a7, &(0x7f00000002c0)={0x0, 0x10006f55, 0x80, 0x80002, 0x400200}, &(0x7f0000001000), &(0x7f0000000080))

2.793737424s ago: executing program 1 (id=387):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="280000000306030000000000000000000000000605000100070000000900020073797a30"], 0x28}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)

1.544443729s ago: executing program 2 (id=388):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000640)=ANY=[@ANYBLOB="1201000000000040341d0a0000000000000109022400010000000009040000010300000009210000000122030009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="00000001"], 0x0}, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000080)={0x14, 0x0, 0x0}, &(0x7f00000003c0)={0x34, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xc0, 0xa1, 0x4, 0x9}, 0x0, &(0x7f0000000380)={0xc0, 0xa2, 0x2f, "574d1ef3213202363bbb64faddb6839d0601a479e4b1489567d4f3d3a32c6f45c1ded7dd2a5576d4593c55801cad55"}})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.342254421s ago: executing program 6 (id=389):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x26, 0x0, 0x2, 0x5}]})

765.283105ms ago: executing program 2 (id=390):
syz_mount_image$msdos(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f00000005c0), 0x1, 0x52e, &(0x7f0000000600)="$eJzs2j+LE0EcBuAxd+YOG1OLxYKN1XFaWbpIDg4XhMgWWrlwsdkVYbfZpLpvI/jZ7NJcF7nskrv4rzFx1DwPhHnJm8Bvmt0p5t3DD+XFx+b9sy+fwvHzJAxCCIOrEEar1LnTr4NVHobbLgMA8K+ZTIo09gzsVl2nxfUZ7ui7Jv8cZSAAAAAAAAAAAAB+m/v/ALB/3P///9V1Wgz789sm9/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAeK6Wy/vLX3xizwcAbJ/3PwDsn9dv3r5Ms2w8SZLjEBaXbd7m3dr1Z+fZ+DRZGd38a9G2+cG6f9L1yWZ/N9zr+6c/7Ifh8aOuv+5evMq+6Y/Cxe63DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANxykqyNbr5dtG1+0PUnP+u7dHaejU/7H2z2h+HB4R/bBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAFzWxeFlU1rQVBENYh9pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIpZnNy6KqpnUTexIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4G/RzOZlUVXTeoch9h4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L6vAQAA//+aYmE9")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000008900)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setownex(r2, 0xf, &(0x7f0000000180)={0x2, r0})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x288, 0x160, 0x0, 0x148, 0x0, 0x148, 0x1f0, 0x240, 0x240, 0x1f0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x88, 0x1}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x3, 0x76, 0xb75e, 0x5a3e, 0x4, 0x20}}, @common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0xffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)
r5 = socket(0x1e, 0x1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000d40)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x84008600}, 0xc, &(0x7f0000000d00)={&(0x7f0000000300)={0x24, 0x1, 0x1, 0x5, 0x0, 0x0, {0x7, 0x0, 0x4}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1402}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4054}, 0x2005c)
shutdown(r5, 0x2)

0s ago: executing program 6 (id=391):
r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000940)=ANY=[], 0x361, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0)
truncate(0x0, 0x7f)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b000000000000000000000000000400000000", @ANYRES32=0x0, @ANYBLOB="fec0"], 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)={0x2c, 0x10, 0x1, 0x70bd2b, 0x25dfdbf8, "", [@nested={0x4, 0x4f}, @typed={0x8, 0x33, 0x0, 0x0, @fd=r1}, @nested={0xc, 0x125, 0x0, 0x1, [@nested={0x8, 0x2e, 0x0, 0x1, [@typed={0x4, 0x92, 0x0, 0x0, @binary}]}]}, @generic="ae"]}, 0x2c}], 0x1, 0x0, 0x0, 0x8000}, 0x8880)
lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.177' (ED25519) to the list of known hosts.
syzkaller login: [   82.610403][ T5754] cgroup: Unknown subsys name 'net'
[   82.744948][ T5754] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.511607][ T5754] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.244224][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.260385][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.272449][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.283973][ T5768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.291925][ T5768] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.319190][ T5775] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.327383][ T5775] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.336336][ T5775] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.346625][ T5775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   86.355978][ T5775] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.367026][ T5775] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.377272][ T5771] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.385000][ T5771] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.385393][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.396689][ T5771] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.411828][ T5771] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.420277][ T5771] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   86.431980][ T5771] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.459215][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.471938][ T5771] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.482524][ T5771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.491580][ T5771] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.503998][ T5771] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   86.512038][ T5771] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.978076][ T5770] chnl_net:caif_netlink_parms(): no params data found
[   87.113468][ T5769] chnl_net:caif_netlink_parms(): no params data found
[   87.138953][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.168248][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.175937][ T5770] bridge_slave_0: entered allmulticast mode
[   87.183882][ T5770] bridge_slave_0: entered promiscuous mode
[   87.194707][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.202160][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.209760][ T5770] bridge_slave_1: entered allmulticast mode
[   87.217325][ T5770] bridge_slave_1: entered promiscuous mode
[   87.231163][ T5765] chnl_net:caif_netlink_parms(): no params data found
[   87.325223][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.383565][ T5777] chnl_net:caif_netlink_parms(): no params data found
[   87.399582][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.528691][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.536011][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.543808][ T5769] bridge_slave_0: entered allmulticast mode
[   87.551643][ T5769] bridge_slave_0: entered promiscuous mode
[   87.563687][ T5770] team0: Port device team_slave_0 added
[   87.608845][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.616330][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.623800][ T5769] bridge_slave_1: entered allmulticast mode
[   87.632154][ T5769] bridge_slave_1: entered promiscuous mode
[   87.641300][ T5770] team0: Port device team_slave_1 added
[   87.660698][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.668151][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.675651][ T5765] bridge_slave_0: entered allmulticast mode
[   87.685195][ T5765] bridge_slave_0: entered promiscuous mode
[   87.748992][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.759763][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.769963][ T5765] bridge_slave_1: entered allmulticast mode
[   87.780565][ T5765] bridge_slave_1: entered promiscuous mode
[   87.815022][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.823305][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.850389][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.864609][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.871997][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.899071][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.949457][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.961994][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.995910][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.022744][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.030476][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.038062][ T5777] bridge_slave_0: entered allmulticast mode
[   88.045528][ T5777] bridge_slave_0: entered promiscuous mode
[   88.055692][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.096855][ T5769] team0: Port device team_slave_0 added
[   88.125332][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.132780][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.141490][ T5777] bridge_slave_1: entered allmulticast mode
[   88.149059][ T5777] bridge_slave_1: entered promiscuous mode
[   88.184530][ T5765] team0: Port device team_slave_0 added
[   88.192884][ T5769] team0: Port device team_slave_1 added
[   88.215798][ T5770] hsr_slave_0: entered promiscuous mode
[   88.225244][ T5770] hsr_slave_1: entered promiscuous mode
[   88.248117][ T5765] team0: Port device team_slave_1 added
[   88.265103][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.272880][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.300057][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.315083][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.329799][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.350922][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.358346][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.384744][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.470261][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.477545][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.504457][ T5773] Bluetooth: hci2: command tx timeout
[   88.504986][ T5773] Bluetooth: hci0: command tx timeout
[   88.510111][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.511000][ T5771] Bluetooth: hci1: command tx timeout
[   88.517070][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.540486][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.566730][ T5773] Bluetooth: hci3: command tx timeout
[   88.572769][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.602146][ T5777] team0: Port device team_slave_0 added
[   88.641262][ T5777] team0: Port device team_slave_1 added
[   88.653366][ T5769] hsr_slave_0: entered promiscuous mode
[   88.662261][ T5769] hsr_slave_1: entered promiscuous mode
[   88.669762][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.677875][ T5769] Cannot create hsr debugfs directory
[   88.751400][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.758811][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.785507][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.821812][ T5765] hsr_slave_0: entered promiscuous mode
[   88.829567][ T5765] hsr_slave_1: entered promiscuous mode
[   88.837842][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.845565][ T5765] Cannot create hsr debugfs directory
[   88.862795][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.870063][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.896390][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.052201][ T5777] hsr_slave_0: entered promiscuous mode
[   89.060426][ T5777] hsr_slave_1: entered promiscuous mode
[   89.067861][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.075678][ T5777] Cannot create hsr debugfs directory
[   89.224346][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   89.274300][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   89.311505][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.325175][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   89.508879][ T5769] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.520567][ T5769] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.552128][ T5769] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.574440][ T5769] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.640761][ T5765] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.669841][ T5765] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.680883][ T5765] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.695072][ T5765] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.814170][ T5777] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   89.825960][ T5777] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   89.849356][ T5777] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   89.868807][ T5777] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   89.933830][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.985948][ T5770] 8021q: adding VLAN 0 to HW filter on device team0
[   90.016757][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.024278][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.038473][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.045862][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.078094][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.155767][ T5769] 8021q: adding VLAN 0 to HW filter on device team0
[   90.208940][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.216211][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.243555][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.268019][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.275273][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.341828][ T5765] 8021q: adding VLAN 0 to HW filter on device team0
[   90.372927][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.388783][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.396395][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.442428][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.449744][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.509892][ T5777] 8021q: adding VLAN 0 to HW filter on device team0
[   90.563705][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.571140][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.583458][ T5773] Bluetooth: hci1: command tx timeout
[   90.583480][ T5771] Bluetooth: hci2: command tx timeout
[   90.583517][ T5771] Bluetooth: hci0: command tx timeout
[   90.647409][ T5771] Bluetooth: hci3: command tx timeout
[   90.674077][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.681365][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.745678][ T5765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.890140][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.010459][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.151682][ T5770] veth0_vlan: entered promiscuous mode
[   91.214838][ T5770] veth1_vlan: entered promiscuous mode
[   91.244691][ T5769] veth0_vlan: entered promiscuous mode
[   91.312243][ T5769] veth1_vlan: entered promiscuous mode
[   91.331422][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.368986][ T5770] veth0_macvtap: entered promiscuous mode
[   91.420429][ T5770] veth1_macvtap: entered promiscuous mode
[   91.444481][ T5769] veth0_macvtap: entered promiscuous mode
[   91.467261][ T5769] veth1_macvtap: entered promiscuous mode
[   91.478058][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.515497][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.549637][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.571512][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.583447][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.595275][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.619040][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.630002][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.643152][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.658949][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.668394][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.677397][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.688029][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.724460][ T5765] veth0_vlan: entered promiscuous mode
[   91.748291][ T5769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.759246][ T5769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.769679][ T5769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.778738][ T5769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.818969][ T5777] veth0_vlan: entered promiscuous mode
[   91.872952][ T5765] veth1_vlan: entered promiscuous mode
[   91.919729][ T5777] veth1_vlan: entered promiscuous mode
[   91.938426][ T3476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.947342][ T3476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.031481][ T3476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.039986][ T5765] veth0_macvtap: entered promiscuous mode
[   92.052569][ T3476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.065595][ T5777] veth0_macvtap: entered promiscuous mode
[   92.085523][ T5765] veth1_macvtap: entered promiscuous mode
[   92.148962][ T5777] veth1_macvtap: entered promiscuous mode
[   92.165754][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.175376][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.203594][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.215200][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.225809][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.236654][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.248541][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.258503][  T786] cfg80211: failed to load regulatory.db
[   92.280057][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.296004][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.317357][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.331564][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.342388][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.353477][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.363754][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.374597][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.389188][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.407887][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.421401][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.434797][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.446293][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.461828][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.488842][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.509280][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.519887][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.532345][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.543222][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.553990][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.571489][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.595113][ T5777] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.605241][ T5777] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.614426][ T5777] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.624066][ T5777] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.635908][ T5765] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.647685][ T5771] Bluetooth: hci1: command tx timeout
[   92.647698][ T5773] Bluetooth: hci2: command tx timeout
[   92.658805][ T5773] Bluetooth: hci0: command tx timeout
[   92.660855][ T5765] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.674805][ T5765] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.684632][ T5765] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.727847][ T5771] Bluetooth: hci3: command tx timeout
[   92.892614][ T5857] syz.2.3[5857]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   92.915268][ T5857] loop2: detected capacity change from 0 to 256
[   92.925028][ T5857] =======================================================
[   92.925028][ T5857] WARNING: The mand mount option has been deprecated and
[   92.925028][ T5857]          and is ignored by this kernel. Remove the mand
[   92.925028][ T5857]          option from the mount to silence this warning.
[   92.925028][ T5857] =======================================================
[   92.981996][ T5859] loop0: detected capacity change from 0 to 128
[   93.002495][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.031698][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.117227][ T5859] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   93.136315][ T5859] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.193587][ T5859] fscrypt (loop0, inode 12): Direct key flag not allowed with different contents and filenames modes
[   93.217357][ T5857] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[   93.301629][ T5769] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   93.315754][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.369488][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.387973][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.426795][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.617653][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.442105][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.657974][ T5864] loop0: detected capacity change from 0 to 1024
[   94.753897][ T5771] Bluetooth: hci1: command tx timeout
[   94.759691][ T5773] Bluetooth: hci0: command tx timeout
[   94.765396][   T51] Bluetooth: hci2: command tx timeout
[   94.809659][ T5771] Bluetooth: hci3: command tx timeout
[   94.839363][ T5779] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   95.286045][    C0] sched: RT throttling activated
[   97.931194][ T5872] loop0: detected capacity change from 0 to 4096
[   98.272574][ T5878] loop1: detected capacity change from 0 to 1024
[   98.284125][ T5881] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   98.319610][ T5872] EXT4-fs (loop0): Test dummy encryption mode enabled
[   98.338801][ T5872] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   98.347203][ T5872] System zones: 0-5
[   98.358115][ T5878] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   98.372301][ T5872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.427661][ T5889] loop3: detected capacity change from 0 to 512
[   98.440343][ T5889] EXT4-fs (loop3): Test dummy encryption mode enabled
[   98.448363][ T5889] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   98.452281][ T5878] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   98.463480][ T5889] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   98.519597][ T5889] EXT4-fs error (device loop3): ext4_orphan_get:1424: comm syz.3.4: bad orphan inode 131083
[   98.559643][   T28] audit: type=1800 audit(1769464157.916:2): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.7" name="file1" dev="loop1" ino=15 res=0 errno=0
[   98.854577][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.874486][ T5889] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.137914][ T5892] Driver unsupported XDP return value 0 on prog  (id 3) dev N/A, expect packet loss!
[   99.215061][ T5892] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.7: bg 0: block 112: padding at end of block bitmap is not set
[   99.299551][ T5892] EXT4-fs (loop1): Remounting filesystem read-only
[   99.765023][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.165162][ T5902] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  100.335195][ T5901] kernel profiling enabled (shift: 17)
[  100.697468][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  100.789230][ T5907] loop3: detected capacity change from 0 to 128
[  100.897640][ T5907] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  100.920137][ T5907] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  101.027524][ T5910] tipc: Failed to remove unknown binding: 66,1,1/0:985128560/985128562
[  102.038137][ T5916] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)"
[  102.066996][ T5921] overlayfs: missing 'lowerdir'
[  102.459779][ T5777] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  102.481469][ T5910] netlink: 64 bytes leftover after parsing attributes in process `syz.0.12'.
[  102.977297][ T5912] loop1: detected capacity change from 0 to 40427
[  103.043112][ T5912] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  103.088749][ T5912] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  103.163458][ T5912] F2FS-fs (loop1): invalid crc value
[  103.218020][ T5912] F2FS-fs (loop1): Found nat_bits in checkpoint
[  103.459053][ T5912] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  103.495777][ T5912] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  104.123828][   T11] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  104.197456][   T11] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  105.821313][ T5942] Zero length message leads to an empty skb
[  105.836369][ T5942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17'.
[  105.858970][ T5942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17'.
[  107.900246][ T5954] loop0: detected capacity change from 0 to 512
[  108.141266][ T5954] EXT4-fs (loop0): 1 truncate cleaned up
[  108.150199][ T5954] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.166342][ T5954] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.414798][ T5961] loop1: detected capacity change from 0 to 512
[  109.367097][ T1120] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  109.426257][ T1120] EXT4-fs error (device loop0): ext4_release_dquot:6985: comm kworker/u4:6: Failed to release dquot type 1
[  109.563637][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.024063][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  111.032821][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  111.126549][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  111.135072][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  111.143961][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  111.153132][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  111.228354][    T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!!
[  111.229379][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  111.330817][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  111.331621][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  115.774387][ T5995] overlayfs: failed to clone upperpath
[  116.000407][ T3476] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.138720][  T967] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  116.290880][ T3476] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.025756][ T3476] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.040154][  T967] usb 2-1: Using ep0 maxpacket: 32
[  117.050683][  T967] usb 2-1: config 0 interface 0 altsetting 12 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.061734][  T967] usb 2-1: config 0 interface 0 has no altsetting 0
[  117.069420][  T967] usb 2-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  117.191589][ T3476] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.197245][  T967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.243446][  T967] usb 2-1: config 0 descriptor??
[  117.719846][  T967] kye 0003:0458:501B.0001: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  117.934814][ T6011] No such timeout policy "syz1"
[  118.717984][  T967] kye 0003:0458:501B.0001: hidraw0: USB HID v0.03 Device [HID 0458:501b] on usb-dummy_hcd.1-1/input0
[  118.743781][  T967] kye 0003:0458:501B.0001: tablet-enabling feature report not found
[  118.753415][  T967] kye 0003:0458:501B.0001: tablet enabling failed
[  118.771266][ T5773] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  118.778658][  T967] usb 2-1: USB disconnect, device number 2
[  118.795919][ T5773] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  118.807112][ T5773] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  118.820536][ T5773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  118.830673][ T5773] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  118.844652][ T5773] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  119.883999][ T6016] fido_id[6016]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  120.965052][ T5771] Bluetooth: hci3: command tx timeout
[  120.996609][ T6012] chnl_net:caif_netlink_parms(): no params data found
[  121.587241][ T6057] loop1: detected capacity change from 0 to 16
[  121.667976][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  121.851246][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  121.871512][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  121.915688][ T5773] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  121.945789][ T5773] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  121.966316][ T5773] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  122.033458][ T6057] erofs: (device loop1): mounted with root inode @ nid 36.
[  122.651806][ T6012] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.666157][   T28] audit: type=1326 audit(1769466760.024:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  122.696781][   T28] audit: type=1326 audit(1769466760.024:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  122.705419][ T6012] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.774899][ T6012] bridge_slave_0: entered allmulticast mode
[  122.782406][ T6012] bridge_slave_0: entered promiscuous mode
[  122.808621][ T6057] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  122.811848][   T28] audit: type=1326 audit(1769466760.024:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  122.872141][   T28] audit: type=1326 audit(1769466760.024:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f910b19ac22 code=0x7ffc0000
[  122.905840][ T6057] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36
[  122.914889][   T28] audit: type=1326 audit(1769466760.054:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  122.953518][ T6057] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  122.993393][ T3476] hsr_slave_0: left promiscuous mode
[  123.001959][   T28] audit: type=1326 audit(1769466760.104:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f910b19ace7 code=0x7ffc0000
[  123.025507][ T3476] hsr_slave_1: left promiscuous mode
[  123.032348][ T6057] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36
[  123.049603][ T3476] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.057470][ T5773] Bluetooth: hci3: command tx timeout
[  123.064859][   T28] audit: type=1326 audit(1769466760.104:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  123.085408][ T3476] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.110633][ T3476] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.111895][   T28] audit: type=1326 audit(1769466760.104:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f910b19ab4b code=0x7ffc0000
[  123.140579][   T28] audit: type=1326 audit(1769466760.104:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f910b19ab4b code=0x7ffc0000
[  123.173998][   T28] audit: type=1326 audit(1769466760.104:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.1.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  123.175199][ T3476] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.210960][ T6075] erofs: (device loop1): z_erofs_readahead: readahead error at folio 87 @ nid 36
[  123.232635][ T3476] bridge_slave_1: left allmulticast mode
[  123.238896][ T3476] bridge_slave_1: left promiscuous mode
[  123.246971][ T6075] erofs: (device loop1): z_erofs_readahead: readahead error at folio 86 @ nid 36
[  123.266691][ T3476] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.275161][ T6075] syz.1.48: attempt to access beyond end of device
[  123.275161][ T6075] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16
[  123.312412][ T3476] bridge_slave_0: left allmulticast mode
[  123.318416][ T3476] bridge_slave_0: left promiscuous mode
[  123.333784][ T6075] syz.1.48: attempt to access beyond end of device
[  123.333784][ T6075] loop1: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[  123.336929][ T3476] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.377452][ T6075] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -24 in[52, 4044] out[3749]
[  123.431454][ T3476] veth1_macvtap: left promiscuous mode
[  123.437871][ T3476] veth0_macvtap: left promiscuous mode
[  123.443641][ T3476] veth1_vlan: left promiscuous mode
[  123.475161][ T3476] veth0_vlan: left promiscuous mode
[  124.085714][ T5773] Bluetooth: hci1: command tx timeout
[  124.351811][ T3476] team0 (unregistering): Port device team_slave_1 removed
[  124.402626][ T3476] team0 (unregistering): Port device team_slave_0 removed
[  124.457067][ T3476] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  124.509442][ T3476] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.056856][ T3476] bond0 (unregistering): Released all slaves
[  125.134403][ T5773] Bluetooth: hci3: command tx timeout
[  125.173297][ T6012] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.184087][ T6012] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.201087][ T6012] bridge_slave_1: entered allmulticast mode
[  125.209551][ T6012] bridge_slave_1: entered promiscuous mode
[  125.227380][ T6057] netlink: 27 bytes leftover after parsing attributes in process `syz.1.48'.
[  125.399937][ T6012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.505914][ T6012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.539094][ T6093] loop1: detected capacity change from 0 to 512
[  125.577802][ T6093] ext4: Unknown parameter 'subj_type'
[  125.765063][ T6012] team0: Port device team_slave_0 added
[  125.817217][ T6012] team0: Port device team_slave_1 added
[  125.852141][ T6012] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.859262][ T6012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.897107][ T6012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.052757][ T6099] overlayfs: missing 'workdir'
[  126.216123][ T5773] Bluetooth: hci1: command tx timeout
[  126.491375][ T6012] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.554810][ T6012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.702405][ T6012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.958325][ T6012] hsr_slave_0: entered promiscuous mode
[  126.990350][ T6012] hsr_slave_1: entered promiscuous mode
[  127.011428][ T6012] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.029071][ T6012] Cannot create hsr debugfs directory
[  127.204823][ T5773] Bluetooth: hci3: command tx timeout
[  127.257097][ T6120] 9p: Unknown uid 00000000004294967295
[  127.473731][ T3476] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.548400][ T6062] chnl_net:caif_netlink_parms(): no params data found
[  127.707976][ T3476] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.248638][ T5773] Bluetooth: hci1: command tx timeout
[  128.639515][ T3476] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.910374][ T3476] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.227322][ T6062] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.264129][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.294784][ T6062] bridge_slave_0: entered allmulticast mode
[  129.325437][ T6062] bridge_slave_0: entered promiscuous mode
[  129.355967][ T6062] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.389636][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.430282][ T6062] bridge_slave_1: entered allmulticast mode
[  129.460577][ T6062] bridge_slave_1: entered promiscuous mode
[  129.716332][ T6012] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  129.789285][ T6062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.856640][ T6062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.946298][ T6012] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  129.962037][ T6012] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  130.082629][ T6012] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  130.119259][ T6062] team0: Port device team_slave_0 added
[  130.163224][ T6062] team0: Port device team_slave_1 added
[  130.295535][ T6062] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.302852][ T6062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.338523][ T6062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.407857][ T5773] Bluetooth: hci1: command tx timeout
[  130.421142][ T6062] batman_adv: batadv0: Adding interface: batadv_slave_1
[  130.428516][ T6062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.456037][ T6062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.551693][ T6062] hsr_slave_0: entered promiscuous mode
[  130.560192][ T6062] hsr_slave_1: entered promiscuous mode
[  130.571196][ T6062] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  130.582486][ T6062] Cannot create hsr debugfs directory
[  130.890209][ T6160] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  131.580452][ T6168] x_tables: ip6_tables: mh match: only valid for protocol 135
[  132.907121][ T6062] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  133.207761][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  133.215745][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  134.497574][ T6180] netlink: 'syz.2.64': attribute type 7 has an invalid length.
[  134.505897][ T6180] netlink: 'syz.2.64': attribute type 8 has an invalid length.
[  134.528064][ T6062] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  134.589305][ T6184] loop1: detected capacity change from 0 to 1024
[  134.600492][ T6184] EXT4-fs: Ignoring removed bh option
[  134.714679][ T6184] EXT4-fs: Ignoring removed nobh option
[  134.734534][ T6184] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  134.823013][ T6012] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.869440][ T6184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  134.910248][ T6062] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  134.959409][ T6062] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  135.329181][ T6012] 8021q: adding VLAN 0 to HW filter on device team0
[  135.468840][ T3476] hsr_slave_0: left promiscuous mode
[  135.510771][ T3476] hsr_slave_1: left promiscuous mode
[  135.543731][ T3476] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.574804][ T3476] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.583781][ T3476] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.591405][ T3476] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.600283][ T3476] bridge_slave_1: left allmulticast mode
[  135.723346][ T3476] bridge_slave_1: left promiscuous mode
[  135.742235][ T3476] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.781578][ T3476] bridge_slave_0: left allmulticast mode
[  135.787648][ T3476] bridge_slave_0: left promiscuous mode
[  135.794001][ T3476] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.827867][ T3476] veth1_macvtap: left promiscuous mode
[  135.833798][ T3476] veth0_macvtap: left promiscuous mode
[  135.839524][ T3476] veth1_vlan: left promiscuous mode
[  135.860717][ T3476] veth0_vlan: left promiscuous mode
[  136.392603][ T6184] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  136.439042][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.099308][ T3476] team0 (unregistering): Port device team_slave_1 removed
[  137.214376][ T3476] team0 (unregistering): Port device team_slave_0 removed
[  137.336291][ T3476] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.440487][ T3476] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  138.329029][ T3476] bond0 (unregistering): Released all slaves
[  138.551546][ T1034] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.559468][ T1034] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.632685][ T1034] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.640049][ T1034] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.276368][ T6062] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.369247][ T6062] 8021q: adding VLAN 0 to HW filter on device team0
[  139.502073][ T1034] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.509566][ T1034] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.559462][ T1034] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.567030][ T1034] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.943245][ T6012] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.337424][ T6062] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.002033][ T6012] veth0_vlan: entered promiscuous mode
[  141.042017][ T6012] veth1_vlan: entered promiscuous mode
[  141.160982][ T6012] veth0_macvtap: entered promiscuous mode
[  141.194386][ T6012] veth1_macvtap: entered promiscuous mode
[  141.247649][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.259063][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.271199][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.282193][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.318817][ T6012] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.389823][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.414357][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.435130][ T6012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.462326][ T6012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.485585][ T6012] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.515081][ T6012] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.534425][ T6012] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.562118][ T6012] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.607924][ T6012] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.720327][ T6062] veth0_vlan: entered promiscuous mode
[  141.766124][ T6062] veth1_vlan: entered promiscuous mode
[  141.926713][ T6062] veth0_macvtap: entered promiscuous mode
[  141.939403][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.961784][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.980031][ T6062] veth1_macvtap: entered promiscuous mode
[  142.043681][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.056297][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.068325][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.081538][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.099470][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.111711][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.132075][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.167061][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.189280][ T6062] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.212997][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.224478][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.234746][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.245990][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.257546][ T6062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.268620][ T6062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.314811][ T6062] batman_adv: batadv0: Interface activated: batadv_slave_1
[  142.357181][ T6062] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.392288][ T6062] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.401079][ T6062] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.416106][ T6062] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.664089][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.688904][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.872351][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.933771][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.154032][ T5806] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  148.446174][ T5806] usb 5-1: Using ep0 maxpacket: 32
[  148.521321][  T786] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  149.026030][ T5806] usb 5-1: config 0 interface 0 altsetting 12 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.041987][ T5806] usb 5-1: config 0 interface 0 has no altsetting 0
[  149.048806][ T5806] usb 5-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  149.070806][ T5806] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.096403][ T5806] usb 5-1: config 0 descriptor??
[  149.150604][ T6342] loop5: detected capacity change from 0 to 512
[  149.248724][  T786] usb 2-1: Using ep0 maxpacket: 16
[  149.270169][  T786] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  149.300942][  T786] usb 2-1: config 1 has no interface number 0
[  149.307243][  T786] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  149.352360][  T786] usb 2-1: config 1 interface 105 has no altsetting 0
[  149.367476][  T786] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  149.397554][  T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.438736][  T786] usb 2-1: Product: syz
[  149.451153][  T786] usb 2-1: Manufacturer: syz
[  149.455872][  T786] usb 2-1: SerialNumber: syz
[  149.521477][ T6339] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  149.567486][ T5806] kye 0003:0458:501B.0002: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  149.864669][  T786] aqc111: probe of 2-1:1.105 failed with error -22
[  149.874913][ T5806] kye 0003:0458:501B.0002: hidraw0: USB HID v0.03 Device [HID 0458:501b] on usb-dummy_hcd.4-1/input0
[  149.889011][ T5806] kye 0003:0458:501B.0002: tablet-enabling feature report not found
[  149.897167][ T5806] kye 0003:0458:501B.0002: tablet enabling failed
[  149.942925][ T5806] usb 5-1: USB disconnect, device number 2
[  150.121425][ T5870] usb 2-1: USB disconnect, device number 3
[  150.200338][ T6356] fido_id[6356]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  150.959448][ T6368] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  154.922596][ T6402] loop1: detected capacity change from 0 to 512
[  155.494142][ T6403] loop5: detected capacity change from 0 to 2048
[  156.166194][ T6408] No such timeout policy "syz1"
[  159.897839][ T5870] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  160.190121][ T5870] usb 6-1: device descriptor read/all, error -71
[  160.549060][  T967] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  160.591128][ T6438] No such timeout policy "syz1"
[  160.771784][  T967] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  160.819515][  T967] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[  160.881704][  T967] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  160.898316][  T967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  160.908085][  T967] usb 5-1: SerialNumber: syz
[  161.865896][  T786] usb 5-1: USB disconnect, device number 3
[  162.295090][ T6456] netlink: 4 bytes leftover after parsing attributes in process `syz.1.102'.
[  164.484478][ T6481] loop5: detected capacity change from 0 to 1024
[  164.496494][ T6482] No such timeout policy "syz1"
[  164.508930][ T6481] EXT4-fs: Ignoring removed orlov option
[  164.598549][ T6481] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.093735][ T6481] EXT4-fs error (device loop5): __ext4_new_inode:1284: comm syz.5.116: failed to insert inode 15: doubly allocated?
[  165.547897][ T6481] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2852: Unable to expand inode 13. Delete some EAs or run e2fsck.
[  166.329673][ T6062] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.368953][ T6527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.119'.
[  169.064749][ T6536] tipc: Failed to remove unknown binding: 66,1,1/0:1596543029/1596543031
[  171.404324][ T6558] loop1: detected capacity change from 0 to 256
[  173.382171][ T6576] loop5: detected capacity change from 0 to 2048
[  173.754813][ T6590] netlink: 12 bytes leftover after parsing attributes in process `syz.2.133'.
[  173.847381][ T6591] No such timeout policy "syz1"
[  175.757470][   T23] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  175.989597][   T23] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.016357][   T23] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  176.039214][   T23] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  176.066555][   T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  176.075077][   T23] usb 6-1: SerialNumber: syz
[  176.598284][   T23] usb 6-1: 0:2 : does not exist
[  176.654288][   T23] usb 6-1: USB disconnect, device number 4
[  177.429288][ T5893] udevd[5893]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  178.316052][ T5806] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  178.791249][ T5806] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  179.003197][ T5806] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  179.390955][ T5806] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  179.423767][ T5806] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.447238][ T5806] usb 6-1: Product: syz
[  179.457207][ T5806] usb 6-1: Manufacturer: syz
[  179.473695][ T5806] usb 6-1: SerialNumber: syz
[  179.733106][ T6655] netlink: 'syz.1.145': attribute type 3 has an invalid length.
[  179.789746][ T5806] usb 6-1: 0:2 : does not exist
[  179.840355][ T5806] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  179.933975][ T5806] usb 6-1: USB disconnect, device number 5
[  179.984413][ T6663] warning: `syz.4.147' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  180.001805][ T6662] delete_channel: no stack
[  180.034950][ T5893] udevd[5893]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  183.304262][ T6702] loop4: detected capacity change from 0 to 512
[  183.465969][ T6707] x_tables: ip6_tables: mh match: only valid for protocol 135
[  183.655968][ T6702] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.156: bg 0: block 393: padding at end of block bitmap is not set
[  183.761814][ T6702] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6653: Corrupt filesystem
[  183.846249][ T6702] EXT4-fs (loop4): 2 truncates cleaned up
[  183.902094][ T6702] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.470059][ T6722] loop5: detected capacity change from 0 to 2048
[  185.227204][ T6731] No such timeout policy "syz1"
[  186.144058][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'.
[  186.157455][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'.
[  187.575043][ T6750] x_tables: ip6_tables: mh match: only valid for protocol 135
[  189.014481][ T6770] No such timeout policy "syz1"
[  189.415812][ T6772] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.177'.
[  189.874733][ T6785] x_tables: ip6_tables: mh match: only valid for protocol 135
[  190.059356][ T6790] netlink: 20 bytes leftover after parsing attributes in process `syz.1.184'.
[  191.005207][ T6798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.185'.
[  191.067197][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.185'.
[  192.399638][ T6818] No such timeout policy "syz1"
[  193.117445][ T6830] netlink: 20 bytes leftover after parsing attributes in process `syz.1.193'.
[  193.634096][ T6836] x_tables: ip6_tables: mh match: only valid for protocol 135
[  194.669351][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  194.678227][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  196.387695][ T6859] loop1: detected capacity change from 0 to 2048
[  196.946770][ T6874] No such timeout policy "syz1"
[  197.752937][ T6881] overlayfs: failed to resolve './bus': -2
[  200.254413][ T6900] x_tables: ip6_tables: mh match: only valid for protocol 135
[  201.603727][ T6701] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.876637][ T5771] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  201.889615][ T5771] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  201.898569][ T5771] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  201.908118][ T5771] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  201.929271][ T5771] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  201.936939][ T5771] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  202.237612][ T6926] overlayfs: failed to resolve './bus': -2
[  203.363082][ T6940] netlink: 4356 bytes leftover after parsing attributes in process `syz.5.219'.
[  204.184320][ T5773] Bluetooth: hci4: command tx timeout
[  204.584320][ T6953] option changes via remount are deprecated (pid=6951 comm=syz.5.222)
[  204.926561][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.221'.
[  204.941487][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.221'.
[  205.477138][ T6961] x_tables: ip6_tables: mh match: only valid for protocol 135
[  205.620194][ T6916] chnl_net:caif_netlink_parms(): no params data found
[  205.708074][ T6964] netlink: 16 bytes leftover after parsing attributes in process `syz.5.223'.
[  206.007349][   T48] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.107966][ T6977] overlayfs: failed to resolve './bus': -2
[  206.242953][ T5773] Bluetooth: hci4: command tx timeout
[  206.955550][   T48] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.633293][   T48] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.200473][ T6916] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.207854][ T6916] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.215241][ T6916] bridge_slave_0: entered allmulticast mode
[  208.225306][ T6916] bridge_slave_0: entered promiscuous mode
[  208.235121][ T6916] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.271616][ T6916] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.278939][ T6916] bridge_slave_1: entered allmulticast mode
[  208.310855][ T5773] Bluetooth: hci4: command tx timeout
[  208.320828][  T786] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  208.322275][ T6916] bridge_slave_1: entered promiscuous mode
[  208.453245][   T48] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.520847][  T786] usb 6-1: Using ep0 maxpacket: 32
[  208.552719][  T786] usb 6-1: config 0 interface 0 altsetting 12 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.583933][  T786] usb 6-1: config 0 interface 0 has no altsetting 0
[  208.604652][  T786] usb 6-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  208.614096][ T6916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.640898][  T786] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.654469][ T6916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.687155][  T786] usb 6-1: config 0 descriptor??
[  208.812102][ T6999] netlink: 'syz.2.233': attribute type 10 has an invalid length.
[  208.849435][ T6916] team0: Port device team_slave_0 added
[  208.879062][ T6916] team0: Port device team_slave_1 added
[  209.134508][  T786] kye 0003:0458:501B.0003: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  209.180763][ T6916] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.187797][ T6916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.212801][  T786] kye 0003:0458:501B.0003: hidraw0: USB HID v0.03 Device [HID 0458:501b] on usb-dummy_hcd.5-1/input0
[  209.262145][  T786] kye 0003:0458:501B.0003: tablet-enabling feature report not found
[  209.270323][  T786] kye 0003:0458:501B.0003: tablet enabling failed
[  209.330576][ T6916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.357479][  T786] usb 6-1: USB disconnect, device number 6
[  209.458136][ T6916] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.494804][ T6916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.582430][ T7012] overlayfs: failed to resolve './bus': -2
[  209.637139][ T7006] fido_id[7006]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  210.021821][ T6916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.391192][ T5771] Bluetooth: hci4: command tx timeout
[  210.610409][ T7016] syz.2.236 uses obsolete (PF_INET,SOCK_PACKET)
[  212.073875][ T5771] Bluetooth: hci2: command 0x0406 tx timeout
[  212.074316][ T5081] Bluetooth: hci0: command 0x0406 tx timeout
[  212.610572][ T6916] hsr_slave_0: entered promiscuous mode
[  212.660416][ T6916] hsr_slave_1: entered promiscuous mode
[  212.676368][ T6916] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.974522][ T6916] Cannot create hsr debugfs directory
[  213.585869][ T7051] overlayfs: failed to resolve './bus': -2
[  215.342747][ T6916] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  215.391845][ T6916] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  215.416726][ T7081] loop5: detected capacity change from 0 to 2048
[  215.766438][ T6916] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  215.915491][ T7093] No such timeout policy "syz1"
[  216.110947][ T1141] Bluetooth: hci3: Frame reassembly failed (-84)
[  216.637774][ T6916] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  216.735616][   T48] hsr_slave_0: left promiscuous mode
[  216.752012][   T48] hsr_slave_1: left promiscuous mode
[  216.762920][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.773907][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.992714][ T7102] overlayfs: failed to resolve './bus': -2
[  218.005321][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  218.013458][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.022564][   T48] bridge_slave_1: left allmulticast mode
[  218.028542][   T48] bridge_slave_1: left promiscuous mode
[  218.035123][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.069950][   T48] bridge_slave_0: left allmulticast mode
[  218.081323][   T48] bridge_slave_0: left promiscuous mode
[  218.089311][   T51] Bluetooth: hci3: command 0x1003 tx timeout
[  218.096990][ T5773] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  218.185066][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.704249][   T48] veth1_macvtap: left promiscuous mode
[  218.720046][   T48] veth0_macvtap: left promiscuous mode
[  218.742329][   T48] veth1_vlan: left promiscuous mode
[  218.751007][   T48] veth0_vlan: left promiscuous mode
[  221.502610][ T7124] x_tables: ip6_tables: mh match: only valid for protocol 135
[  222.435954][   T48] team0 (unregistering): Port device team_slave_1 removed
[  222.527709][   T48] team0 (unregistering): Port device team_slave_0 removed
[  222.616946][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  222.685269][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  223.542795][   T48] bond0 (unregistering): Released all slaves
[  223.912812][ T7134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.259'.
[  223.947674][ T7134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.259'.
[  224.053407][ T7135] netlink: 60 bytes leftover after parsing attributes in process `syz.2.259'.
[  224.104427][ T7134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.259'.
[  224.192676][ T7142] overlayfs: failed to resolve './bus': -2
[  225.024612][ T6916] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.126436][ T6916] 8021q: adding VLAN 0 to HW filter on device team0
[  225.255412][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.262689][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.278587][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.285834][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.427876][ T5855] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  225.627884][ T5855] usb 2-1: Using ep0 maxpacket: 32
[  225.640776][ T5855] usb 2-1: config 0 interface 0 altsetting 12 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.665916][ T5855] usb 2-1: config 0 interface 0 has no altsetting 0
[  225.676732][ T5855] usb 2-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  225.757823][ T5855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.788854][ T5855] usb 2-1: config 0 descriptor??
[  226.287283][ T7175] x_tables: ip6_tables: mh match: only valid for protocol 135
[  227.200880][ T6916] 8021q: adding VLAN 0 to HW filter on device batadv0
[  227.650913][ T5855] kye 0003:0458:501B.0004: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  227.667513][ T5855] kye 0003:0458:501B.0004: hidraw0: USB HID v0.03 Device [HID 0458:501b] on usb-dummy_hcd.1-1/input0
[  227.678554][ T5855] kye 0003:0458:501B.0004: tablet-enabling feature report not found
[  228.280878][ T7194] overlayfs: failed to resolve './bus': -2
[  228.338368][ T5855] kye 0003:0458:501B.0004: tablet enabling failed
[  228.680178][ T5855] usb 2-1: USB disconnect, device number 4
[  230.420922][ T7199] fido_id[7199]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  230.523244][ T7216] loop5: detected capacity change from 0 to 1024
[  230.613246][ T7216] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  231.095299][ T6916] veth0_vlan: entered promiscuous mode
[  231.214552][ T6916] veth1_vlan: entered promiscuous mode
[  231.417883][ T6916] veth0_macvtap: entered promiscuous mode
[  231.431469][ T6916] veth1_macvtap: entered promiscuous mode
[  231.633170][ T6916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.644035][ T6916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.655426][ T6916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.667291][ T6916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.681190][ T6916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.692599][ T6916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.704941][ T6916] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.735841][ T6916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.758820][ T6916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.791773][ T6916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.833273][ T6916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.874536][ T6916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.889261][ T7248] overlayfs: failed to resolve './bus': -2
[  231.926831][ T6916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.939871][ T6916] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.759214][ T6916] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.817930][ T6916] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.848653][ T6916] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.898275][ T6916] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.891104][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.926107][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.988174][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.013349][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.200493][ T7287] overlayfs: failed to resolve './bus': -2
[  237.170884][ T7296] loop5: detected capacity change from 0 to 2048
[  237.315980][ T7296]  loop5: p3 < > p4 < >
[  237.320690][ T7296] loop5: partition table partially beyond EOD, truncated
[  237.329710][ T7296] loop5: p3 start 4284289 is beyond EOD, truncated
[  237.411382][ T7296] kvm: emulating exchange as write
[  237.789474][ T7326] loop1: detected capacity change from 0 to 256
[  237.834839][ T7326] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  237.881746][ T7326] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x43f9f21b, utbl_chksum : 0xe619d30d)
[  238.032050][ T7331] netlink: 4 bytes leftover after parsing attributes in process `syz.5.299'.
[  238.115376][ T7334] netlink: 4 bytes leftover after parsing attributes in process `syz.5.299'.
[  238.365246][ T7340] overlayfs: failed to resolve './bus': -2
[  239.193692][ T7346] loop6: detected capacity change from 0 to 8
[  240.665824][ T7346] SQUASHFS error: Failed to read block 0x4de: -5
[  240.674342][ T7346] SQUASHFS error: Failed to read block 0x4de: -5
[  240.815879][   T28] kauditd_printk_skb: 16 callbacks suppressed
[  240.815895][   T28] audit: type=1800 audit(1769474612.188:29): pid=7346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.301" name="file1" dev="loop6" ino=5 res=0 errno=0
[  243.643346][ T7375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'.
[  244.143976][ T7386] overlayfs: failed to resolve './bus': -2
[  244.305214][  T786] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  244.596709][  T786] usb 2-1: Using ep0 maxpacket: 16
[  244.681117][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.947755][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  244.994467][  T786] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  245.064201][  T786] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  245.074923][  T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.086809][  T786] usb 2-1: config 0 descriptor??
[  245.320458][ T7394] loop5: detected capacity change from 0 to 256
[  245.341824][ T7394] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  245.427375][ T7394] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010364, chksum : 0x43f9f21b, utbl_chksum : 0xe619d30d)
[  245.517022][ T7381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  245.564714][ T7381] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.596449][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x2
[  245.604132][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.625910][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.633246][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.645928][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.653312][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.667074][ T7400] loop6: detected capacity change from 0 to 2048
[  245.673017][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.692087][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.703273][  T786] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  245.783636][  T786] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0005/input/input5
[  246.102112][  T786] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  246.121377][  T786] usb 2-1: USB disconnect, device number 5
[  247.018898][ T7412] fido_id[7412]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  247.203806][ T7420] loop1: detected capacity change from 0 to 512
[  247.346093][ T7420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.399432][ T7420] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.651052][ T7432] overlayfs: failed to resolve './bus': -2
[  249.161026][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  249.767281][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.694156][ T7482] overlayfs: failed to resolve './bus': -2
[  254.897012][ T7491] loop5: detected capacity change from 0 to 2048
[  254.989558][ T7496] loop6: detected capacity change from 0 to 256
[  255.225357][ T7496] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  255.752156][ T7496] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010364, chksum : 0x43f9f21b, utbl_chksum : 0xe619d30d)
[  257.200323][ T7511] No such timeout policy "syz1"
[  257.218436][ T7507] ptrace attach of ""[7510] was attempted by "./syz-executor exec"[7507]
[  257.525152][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  257.531633][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  257.587226][   T28] audit: type=1326 audit(1769474628.971:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  257.721755][   T28] audit: type=1326 audit(1769474629.001:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  257.834015][   T28] audit: type=1326 audit(1769474629.001:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  257.944918][   T28] audit: type=1326 audit(1769474629.001:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  258.098680][   T28] audit: type=1326 audit(1769474629.031:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f910b19c747 code=0x7ffc0000
[  258.198647][   T28] audit: type=1326 audit(1769474629.031:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  258.205521][ T7523] overlayfs: failed to resolve './bus': -2
[  259.066149][   T28] audit: type=1326 audit(1769474629.031:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  259.260655][   T28] audit: type=1326 audit(1769474629.031:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  259.371406][   T28] audit: type=1326 audit(1769474629.031:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f910b15b78e code=0x7ffc0000
[  259.394361][   T28] audit: type=1326 audit(1769474629.041:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7505 comm="syz.1.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910b19aeb9 code=0x7ffc0000
[  259.821038][ T7535] loop6: detected capacity change from 0 to 512
[  262.569616][ T5893] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  263.577895][ T7544] loop5: detected capacity change from 0 to 2048
[  263.695439][ T7548] loop1: detected capacity change from 0 to 256
[  263.767209][ T7551] loop6: detected capacity change from 0 to 256
[  263.791282][ T7548] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  263.838870][ T7551] exfat: Deprecated parameter 'namecase'
[  263.884836][ T7551] exfat: Deprecated parameter 'utf8'
[  263.922343][ T7551] exfat: Unknown parameter 'iïcharset'
[  263.969612][ T7548] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x43f9f21b, utbl_chksum : 0xe619d30d)
[  264.006014][ T7554] No such timeout policy "syz1"
[  264.032566][ T5780] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  267.258898][ T7577] loop1: detected capacity change from 0 to 512
[  270.001043][ T5893] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  270.602126][ T7589] loop1: detected capacity change from 0 to 2048
[  270.602978][ T5893] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  273.522744][ T7615] loop6: detected capacity change from 0 to 128
[  273.591294][ T7615] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  273.661104][ T7589] No such timeout policy "syz1"
[  273.706427][ T7615] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  274.534025][ T7635] loop1: detected capacity change from 0 to 512
[  274.591004][ T7635] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  274.707918][ T7635] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.950643][ T7647] loop6: detected capacity change from 0 to 512
[  275.169081][ T7635] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  275.429763][ T7644] loop5: detected capacity change from 0 to 256
[  275.437570][ T7644] FAT-fs (loop5): Unrecognized mount option "shor†name=mixed" or missing value
[  276.992670][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.073045][ T7695] loop6: detected capacity change from 0 to 512
[  285.822073][ T5893] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  288.138384][ T5773] Bluetooth: hci4: command tx timeout
[  291.480582][ T7740] loop6: detected capacity change from 0 to 1024
[  291.522378][ T7741] No such timeout policy "syz1"
[  291.607258][ T7740] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.850072][ T7740] ==================================================================
[  291.858243][ T7740] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90
[  291.866050][ T7740] Read of size 18446744073709551588 at addr ffff888026e25840 by task syz.6.391/7740
[  291.875463][ T7740] 
[  291.877849][ T7740] CPU: 1 PID: 7740 Comm: syz.6.391 Not tainted syzkaller #0
[  291.885174][ T7740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  291.895284][ T7740] Call Trace:
[  291.898611][ T7740]  <TASK>
[  291.901571][ T7740]  dump_stack_lvl+0x18c/0x250
[  291.906306][ T7740]  ? read_lock_is_recursive+0x20/0x20
[  291.911740][ T7740]  ? show_regs_print_info+0x20/0x20
[  291.916991][ T7740]  ? load_image+0x400/0x400
[  291.921544][ T7740]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  291.927048][ T7740]  ? __virt_addr_valid+0x18c/0x540
[  291.932214][ T7740]  ? __virt_addr_valid+0x469/0x540
[  291.937379][ T7740]  print_report+0xa8/0x210
[  291.941841][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  291.947352][ T7740]  kasan_report+0x117/0x150
[  291.951906][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  291.957510][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  291.963020][ T7740]  kasan_check_range+0x241/0x290
[  291.968000][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  291.973556][ T7740]  __asan_memmove+0x29/0x70
[  291.978115][ T7740]  ext4_xattr_set_entry+0x94b/0x1e90
[  291.983475][ T7740]  ext4_xattr_block_set+0xae8/0x32b0
[  291.988929][ T7740]  ? ext4_destroy_inode+0x200/0x200
[  291.994201][ T7740]  ? proc_nr_inodes+0x230/0x230
[  291.999101][ T7740]  ? do_raw_spin_unlock+0x121/0x230
[  292.004357][ T7740]  ? _raw_spin_unlock+0x28/0x40
[  292.009276][ T7740]  ? ext4_xattr_block_find+0x350/0x350
[  292.014797][ T7740]  ? ext4_xattr_ibody_set+0x50d/0x6a0
[  292.020231][ T7740]  ext4_xattr_set_handle+0xe2e/0x14c0
[  292.025672][ T7740]  ? ext4_xattr_inode_free_quota+0x1b0/0x1b0
[  292.031737][ T7740]  ? __ext4_journal_start_sb+0x259/0x560
[  292.037511][ T7740]  ext4_xattr_set+0x252/0x340
[  292.042243][ T7740]  ? ext4_xattr_set_credits+0x2f0/0x2f0
[  292.047839][ T7740]  ? evm_protected_xattr_common+0x170/0x190
[  292.053793][ T7740]  ? ext4_xattr_security_get+0x40/0x40
[  292.059342][ T7740]  __vfs_setxattr+0x431/0x470
[  292.064105][ T7740]  __vfs_setxattr_noperm+0x12d/0x5e0
[  292.069448][ T7740]  vfs_setxattr+0x16b/0x2f0
[  292.074010][ T7740]  ? xattr_permission+0x470/0x470
[  292.079091][ T7740]  ? __mnt_want_write+0x223/0x2a0
[  292.084170][ T7740]  ? path_setxattr+0x3a1/0x5d0
[  292.088989][ T7740]  path_setxattr+0x3f3/0x5d0
[  292.093633][ T7740]  ? simple_xattrs_free+0x150/0x150
[  292.098889][ T7740]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  292.104928][ T7740]  ? lock_chain_count+0x20/0x20
[  292.109829][ T7740]  __x64_sys_setxattr+0xbb/0xd0
[  292.114728][ T7740]  do_syscall_64+0x55/0xa0
[  292.119190][ T7740]  ? clear_bhb_loop+0x40/0x90
[  292.123906][ T7740]  ? clear_bhb_loop+0x40/0x90
[  292.128629][ T7740]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  292.134564][ T7740] RIP: 0033:0x7f904339aeb9
[  292.139032][ T7740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  292.158696][ T7740] RSP: 002b:00007f9044178028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  292.167154][ T7740] RAX: ffffffffffffffda RBX: 00007f9043615fa0 RCX: 00007f904339aeb9
[  292.175162][ T7740] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100
[  292.183172][ T7740] RBP: 00007f9043408c1f R08: 0000000000000000 R09: 0000000000000000
[  292.191188][ T7740] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000
[  292.199204][ T7740] R13: 00007f9043616038 R14: 00007f9043615fa0 R15: 00007ffc11f358c8
[  292.207232][ T7740]  </TASK>
[  292.210282][ T7740] 
[  292.212630][ T7740] Allocated by task 7740:
[  292.216983][ T7740]  kasan_set_track+0x4e/0x70
[  292.221621][ T7740]  __kasan_kmalloc+0x8f/0xa0
[  292.226244][ T7740]  __kmalloc_node_track_caller+0xb2/0x230
[  292.232012][ T7740]  kmemdup+0x2b/0x70
[  292.235955][ T7740]  ext4_xattr_block_set+0x9ea/0x32b0
[  292.241287][ T7740]  ext4_xattr_set_handle+0xe2e/0x14c0
[  292.246711][ T7740]  ext4_xattr_set+0x252/0x340
[  292.251866][ T7740]  __vfs_setxattr+0x431/0x470
[  292.256587][ T7740]  __vfs_setxattr_noperm+0x12d/0x5e0
[  292.261913][ T7740]  vfs_setxattr+0x16b/0x2f0
[  292.266453][ T7740]  path_setxattr+0x3f3/0x5d0
[  292.271100][ T7740]  __x64_sys_setxattr+0xbb/0xd0
[  292.276020][ T7740]  do_syscall_64+0x55/0xa0
[  292.280488][ T7740]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  292.286430][ T7740] 
[  292.288828][ T7740] The buggy address belongs to the object at ffff888026e25800
[  292.288828][ T7740]  which belongs to the cache kmalloc-1k of size 1024
[  292.302923][ T7740] The buggy address is located 64 bytes inside of
[  292.302923][ T7740]  1024-byte region [ffff888026e25800, ffff888026e25c00)
[  292.316248][ T7740] 
[  292.318605][ T7740] The buggy address belongs to the physical page:
[  292.325068][ T7740] page:ffffea00009b8800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26e20
[  292.335264][ T7740] head:ffffea00009b8800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  292.344276][ T7740] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  292.352753][ T7740] page_type: 0xffffffff()
[  292.357121][ T7740] raw: 00fff00000000840 ffff888017c41dc0 0000000000000000 0000000000000001
[  292.365739][ T7740] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  292.374359][ T7740] page dumped because: kasan: bad access detected
[  292.380821][ T7740] page_owner tracks the page as allocated
[  292.386567][ T7740] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 42, tgid 42 (kworker/u4:2), ts 263025071317, free_ts 262873556066
[  292.407107][ T7740]  post_alloc_hook+0x1c1/0x200
[  292.411931][ T7740]  get_page_from_freelist+0x1951/0x19e0
[  292.417512][ T7740]  __alloc_pages+0x1f0/0x460
[  292.422148][ T7740]  alloc_slab_page+0x5d/0x160
[  292.426856][ T7740]  new_slab+0x87/0x2d0
[  292.430965][ T7740]  ___slab_alloc+0xc5d/0x12f0
[  292.435698][ T7740]  __kmem_cache_alloc_node+0x19e/0x250
[  292.441223][ T7740]  __kmalloc+0xa4/0x230
[  292.445434][ T7740]  ieee802_11_parse_elems_full+0xb9/0x20c0
[  292.451341][ T7740]  ieee80211_inform_bss+0x127/0x1080
[  292.456688][ T7740]  rdev_inform_bss+0x106/0x410
[  292.461521][ T7740]  cfg80211_inform_bss_frame_data+0xb8b/0x13d0
[  292.467736][ T7740]  ieee80211_bss_info_update+0x759/0x9b0
[  292.473432][ T7740]  ieee80211_ibss_rx_queued_mgmt+0x18ae/0x2c80
[  292.479662][ T7740]  ieee80211_iface_work+0x717/0xc70
[  292.484946][ T7740]  cfg80211_wiphy_work+0x225/0x260
[  292.490122][ T7740] page last free stack trace:
[  292.494833][ T7740]  free_unref_page_prepare+0x7b2/0x8c0
[  292.500362][ T7740]  free_unref_page+0x32/0x2e0
[  292.505083][ T7740]  __unfreeze_partials+0x1cf/0x210
[  292.510285][ T7740]  put_cpu_partial+0x17c/0x250
[  292.515123][ T7740]  __slab_free+0x319/0x400
[  292.519576][ T7740]  qlist_free_all+0x75/0xd0
[  292.524168][ T7740]  kasan_quarantine_reduce+0x143/0x160
[  292.529675][ T7740]  __kasan_slab_alloc+0x22/0x80
[  292.534564][ T7740]  slab_post_alloc_hook+0x6e/0x4b0
[  292.539724][ T7740]  kmem_cache_alloc+0x11a/0x2d0
[  292.544667][ T7740]  ext4_init_io_end+0x29/0x120
[  292.549486][ T7740]  ext4_do_writepages+0xb18/0x3990
[  292.554774][ T7740]  ext4_writepages+0x1dd/0x350
[  292.559591][ T7740]  do_writepages+0x3b3/0x630
[  292.564227][ T7740]  __writeback_single_inode+0x153/0xec0
[  292.570020][ T7740]  writeback_sb_inodes+0x7cd/0xf50
[  292.575194][ T7740] 
[  292.577550][ T7740] Memory state around the buggy address:
[  292.583209][ T7740]  ffff888026e25700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  292.591302][ T7740]  ffff888026e25780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  292.599414][ T7740] >ffff888026e25800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  292.607515][ T7740]                                            ^
[  292.613698][ T7740]  ffff888026e25880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  292.621972][ T7740]  ffff888026e25900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  292.630071][ T7740] ==================================================================
[  292.956700][ T7740] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  292.963986][ T7740] CPU: 0 PID: 7740 Comm: syz.6.391 Not tainted syzkaller #0
[  292.971316][ T7740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  292.981413][ T7740] Call Trace:
[  292.985253][ T7740]  <TASK>
[  292.988227][ T7740]  dump_stack_lvl+0x18c/0x250
[  292.992962][ T7740]  ? show_regs_print_info+0x20/0x20
[  292.998226][ T7740]  ? load_image+0x400/0x400
[  293.002789][ T7740]  panic+0x2dc/0x730
[  293.006725][ T7740]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  293.012939][ T7740]  ? bpf_jit_dump+0xd0/0xd0
[  293.017496][ T7740]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[  293.023520][ T7740]  ? _raw_spin_unlock+0x40/0x40
[  293.028402][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  293.034335][ T7740]  check_panic_on_warn+0x84/0xa0
[  293.039319][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  293.044817][ T7740]  end_report+0x6f/0x130
[  293.049099][ T7740]  kasan_report+0x128/0x150
[  293.053641][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  293.059135][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  293.064627][ T7740]  kasan_check_range+0x241/0x290
[  293.069594][ T7740]  ? ext4_xattr_set_entry+0x94b/0x1e90
[  293.075088][ T7740]  __asan_memmove+0x29/0x70
[  293.079635][ T7740]  ext4_xattr_set_entry+0x94b/0x1e90
[  293.084967][ T7740]  ext4_xattr_block_set+0xae8/0x32b0
[  293.090291][ T7740]  ? ext4_destroy_inode+0x200/0x200
[  293.095524][ T7740]  ? proc_nr_inodes+0x230/0x230
[  293.100403][ T7740]  ? do_raw_spin_unlock+0x121/0x230
[  293.105631][ T7740]  ? _raw_spin_unlock+0x28/0x40
[  293.110519][ T7740]  ? ext4_xattr_block_find+0x350/0x350
[  293.116015][ T7740]  ? ext4_xattr_ibody_set+0x50d/0x6a0
[  293.121423][ T7740]  ext4_xattr_set_handle+0xe2e/0x14c0
[  293.126837][ T7740]  ? ext4_xattr_inode_free_quota+0x1b0/0x1b0
[  293.132855][ T7740]  ? __ext4_journal_start_sb+0x259/0x560
[  293.138526][ T7740]  ext4_xattr_set+0x252/0x340
[  293.143240][ T7740]  ? ext4_xattr_set_credits+0x2f0/0x2f0
[  293.148852][ T7740]  ? evm_protected_xattr_common+0x170/0x190
[  293.154797][ T7740]  ? ext4_xattr_security_get+0x40/0x40
[  293.160299][ T7740]  __vfs_setxattr+0x431/0x470
[  293.165019][ T7740]  __vfs_setxattr_noperm+0x12d/0x5e0
[  293.170347][ T7740]  vfs_setxattr+0x16b/0x2f0
[  293.174887][ T7740]  ? xattr_permission+0x470/0x470
[  293.179948][ T7740]  ? __mnt_want_write+0x223/0x2a0
[  293.185015][ T7740]  ? path_setxattr+0x3a1/0x5d0
[  293.189813][ T7740]  path_setxattr+0x3f3/0x5d0
[  293.194440][ T7740]  ? simple_xattrs_free+0x150/0x150
[  293.199677][ T7740]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  293.205685][ T7740]  ? lock_chain_count+0x20/0x20
[  293.210567][ T7740]  __x64_sys_setxattr+0xbb/0xd0
[  293.215486][ T7740]  do_syscall_64+0x55/0xa0
[  293.219945][ T7740]  ? clear_bhb_loop+0x40/0x90
[  293.224656][ T7740]  ? clear_bhb_loop+0x40/0x90
[  293.229360][ T7740]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  293.235288][ T7740] RIP: 0033:0x7f904339aeb9
[  293.239725][ T7740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  293.259627][ T7740] RSP: 002b:00007f9044178028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  293.268073][ T7740] RAX: ffffffffffffffda RBX: 00007f9043615fa0 RCX: 00007f904339aeb9
[  293.276078][ T7740] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100
[  293.284083][ T7740] RBP: 00007f9043408c1f R08: 0000000000000000 R09: 0000000000000000
[  293.292080][ T7740] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000
[  293.300079][ T7740] R13: 00007f9043616038 R14: 00007f9043615fa0 R15: 00007ffc11f358c8
[  293.308088][ T7740]  </TASK>
[  293.311704][ T7740] Kernel Offset: disabled
[  293.316036][ T7740] Rebooting in 86400 seconds..