last executing test programs: 15m47.975869485s ago: executing program 1 (id=170): ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xe7, 0x2, 0xff, 0x0, 0x4, 0x4, 0x7b, 0x209}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x5ffffffffff, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0x1, 0x202}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570002, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x1009f83, 0x7, 0xe, 0x2e, 0x1, 0x3, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xc, 0x6, 0x46, 0xf8, 0x4f, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15m47.108307138s ago: executing program 1 (id=174): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x6a542, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000000f2f648626471bd0c00df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 15m46.33330776s ago: executing program 1 (id=176): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_wait(r4, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002) 15m41.411959076s ago: executing program 1 (id=186): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x200000000000006f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000140)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@dioread_nolock}, {@bsdgroups}]}, 0x6, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)={'#! ', './file1'}, 0xb) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b) mmap(&(0x7f0000940000/0x2000)=nil, 0x2000, 0x1000000, 0x30, r0, 0x6b5b5000) write$cgroup_subtree(r1, &(0x7f0000000300)=ANY=[], 0x9) 15m39.270745469s ago: executing program 1 (id=192): syz_open_dev$sndctrl(&(0x7f0000000040), 0xfa2, 0x109000) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r1, &(0x7f00000002c0)=ANY=[], 0x200002e6) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 15m37.902229621s ago: executing program 1 (id=199): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), 0x0}, 0x20) 15m35.610423896s ago: executing program 32 (id=199): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), 0x0}, 0x20) 15m30.892566159s ago: executing program 0 (id=216): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x17, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000003"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0x0, 0x2, 0x2, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 15m30.372314067s ago: executing program 0 (id=219): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000640), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) fallocate(r0, 0x0, 0x0, 0x1001f0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3c1uG0UcAPD/bj6bliaVOPBxiQCJSIikSVugEkhEXDjQEz1wJIrdEtVpUGIkWkV8CMQNJBAPAAfgETjCgXeAM3CAShHKgZSb0dq7jhvbaZPadZX8ftLIMztrz6zHs15PZicBHFvTEfFqRAxFxNmImMy3p3mIjxoh229ne3P5v+3N5SRqtTf/SSLJtxWvleSPJ/MXmEkj0k+TeLJDuRs3bl5bqlTK63l6rrr67tzGjZvPr6wuXS1fLV9feOHc+QsXXrq48GLPjnVrNfn8me/f+PPLz0pf/fr3T1NZfU/lea3H0SvTMd18T/a62OvCBmy8JZ4MD7AiAADsK82v/Yfr1/+TMRS7F2+T8cUvA60cAAAA0BO1WvEIAAAAHF2J3/4AAABwxBXzAHa2N5eLMMDpCDxgW4sRMdVo/9t5aOQMN+/pHYkYGe9T+dMR8fr4pYUsRJ/uwwYAAAA4zn5ebCz81z7+l8ZjLfudiIiJYm2/Hprek24f/0lv9bhIWmwtRrwcEbfbxv/SYpepoTz1SH2ocCS5slIpn42I0xExEyNjWXp+nzI+eOraD93yWsf/vvnjrfms/Oxxd4/01vDYnc8pLVWX7ueY2bX1ccQTw53aP2mO/7auk3kYb6/svNItL2v/rL2L0N7+9FPt24hnO/b/3ZVLk/3XZ52rnw/m8rPCWHsZv5/67pNu5bf2/yxk5Rd/C6D/sv4/sX/719fJba7Xu3HwMn7899Jv3fLu3v6dz/+jyeV6BUfzbe8vVavr8xGjSWPLHdt9mpqK96N4v7L2n3m68/d/cf2X5N/9p1vWhz6I1z48c7lbnv4/WFn7lw7U/w8eeWfi8Zlu5d9b/z9fr0zxIq7/7u5eG2jQ9QQAAAAAAACgN9L63L4knW3G03R2tjHP99GYSCtrG9Xnrqy9d73UmAM4FSNpMf9zsmU+6HzjNvJmemFP+lxEnImIrydP1NOzy2uV0qAPHgAAAI6Jk11+/2f+OszNHgAAAMDDaWrQFQAAAAD6zu9/AAAAONLuZ13/Snm9+BdBh3y6iMjhIkP5B+9hqc/RiwzwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/B8AAP//91C79Q==") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) unlink(0x0) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") 15m28.492689526s ago: executing program 0 (id=226): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) epoll_create1(0x0) epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000400)="e8", &(0x7f0000000480)=@tcp6=r0, 0x1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 15m26.517766966s ago: executing program 0 (id=232): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x200000000000006f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000140)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@dioread_nolock}, {@bsdgroups}]}, 0x6, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000001c0)={'#! ', './file1'}, 0xb) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b) mmap(&(0x7f0000940000/0x2000)=nil, 0x2000, 0x1000000, 0x30, r0, 0x6b5b5000) write$cgroup_subtree(r1, &(0x7f0000000300)=ANY=[], 0x9) 15m23.72015143s ago: executing program 0 (id=240): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}, 0x1, 0x0, 0x0, 0x8010}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r5, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 15m18.139111476s ago: executing program 0 (id=248): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5414, &(0x7f0000000000)) syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r3, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001) sendmsg$inet6(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000200)="a12889ac2d0333ad5033ab971c32492a24558e0100000000000000153125fb2ac3360c24e852701507c18b9a27a6a451c0985dacc712d2ac8375dcbe6ed7e76d451f25c226a014366b637fc23553a7adee9c869e02df9ccc256a59e47e350577d14af2f5e0185c41c4fd2cddf8702bed1e5a6d753c94823b288a", 0x7a}, {&(0x7f0000000280)="03a0f754dbae8f37f02ee53643de3992553aa66f3979a0f64641f2d6b563073b8b886705b369a4a648a152a1545858631dad337ac64f735e7e174affaa0141b664002ef4ee10d31d2afff2ef42c2a56bc78e10c0b7a90c95cfbdc7a5503c088e05e7aaa3ef4fc2cff74c02aab34e0bab69dce1a44d83d3b83ea98b24ed085a83e613edce4f7b5ad926596bf46cd7ac93aa5eb09330b112bd426dbc6d60fa7906b23fd0b853af6c55427d35ccdd78dd6be011094cd400a0ce55b575a9681128908e4b8e9bbab0bc734255b2419b88c1542a171e62f3fcc9c961f31d16c8997ff0d7d5886276f24ed1f5878b1ada5df013be0e0fab4b486e5e581c5fc94a6665c4285b43806f65c6966c03cb29475dcc2db19dc383535863574b95e97abafd86eb66610bb2d9274d26ee4e93372ed6c10569db971b6685fcb528f63aa387529f8c1adc0aaba2273221fd192aaa849af8472770741583a2ab2ee36e2b4aa087a44ba7e8f147a4f2e47d6f1aaf2e51b405fb758ecc5c61274cde85a37076fe3dbb249e64f1d12d1a1e63313797d4e3ee73d288c72e0d24a8c6e4c57e9c506dd977700b6af3cb7cd3fbc5d395e0e86b40afbf94819f5c3a53cf0295f362df477ea166170d153cf924334c6671e7bfd38d66b788e47742f8e3750a89747aad6b5ebece7812698e77fbbd54638845deaf26454702aa810bd752b1bda8dcf5d139001f17b3d2457b0eca0ba3b100ca4e65d00467a3c42768ebc94945cb727b9d733952ad450ddf878180355bc7768307d52773c27fe89d333ce41532287ad8cc113927ebab0dd66b992145091828fca693ac39732ff3ea43f22cd78cc8d90f1faf63cafbe81fc44fc312da9b5cc8a46e29d919f9854e582bc045e92bbf62f0659159f09084dd9480c605cd947fd845c5cf57a0d9d1d2deb721a0789c7b7c3641d625a4d8d3b7bb1d1ef8c5f0e4b86edf1313453ffe1c2bab758868cb829a3a302574ceb5a63f258eacfc23c74f979d162e52290b43f8b263c0cddc71f5f296d4c82e104cca75b3c7be53bc9c63f468e68418f2692c29a69a408ab8ffc220f5a6d9282df887d263d4bb44a8f43adea9d249176b0028bd1e197baf99605927a9325f8d6193b33160e219a73c8c9a7eb31725358d7dc46370d3834a4a964fe58d4ca055174b97074a13268bb50abab494b329014ce5f9bbb821b4077f9d2677f1470df97062ce73745aa8b9c244909303577c7c907c99aba217a7276a253145435e6cafc47f5b910031530d6cd77a52991e3b525f596c1bf8fa05c2baf68bba7ccd176fe4bab5dc7d81df53c176b6a526bbdccf6dcc4847cc3ec0c926a95f0f020e66b75eec28f063d09d5905d8e532c98ce52a704343739c87b6f8daa86abf0e9c54e976c86f34cadf7ddf300ea88dc779c23b009913f982d8708438811a0045d6c0fb88fed320f4226e3c4f8c94a30860e688e7c27a272f9d288b463ee79dbdf050eb7d820e3dfa183eaefb00d240e67dc0c544e9772b7459c58eb1c600142b1f75e40306902ef2e8ce419fae1e94c43c72e69d19f519132166d7485ee7af85ceb4491800b73e36c7ecbfab309ef0c5571712611326f6dc5f23f2fe8eb70b317690cf29d68a79332398dc82319cb54d1986e0724468f8c43d1569409451521fab58623d0a674286911b4bccd31e87610f7a51e213aea02070adb6df8a4fc6c4d61ea7ca55eb0c9790519a658372047d2be880b1e43b801b24158684c53ad6975ae6d5bbf421d8f3628d838d5a81b085ddf3f4c3489a4eeceb80f67bab8adfce9d9e6714d450ce16a1d036751c3a88df58e9053b871afecb69aad607d226cfd42ed5b43d8e01a0b5dc9a4b5295d685b4eb427af7c17bc0a0bae51b1ff1f26815afabd0110f5e2bf232ad812a15bb69fbaf37684d302f37c93372874161ce133a9d65a0de24ec58eecf650ecc823c9082cfe51f4a41bdd658b17685200458472324e578a5144587d8f506607e980c6a2256ac1e4cee3afa4cb76ee373d1172901ed6f9d2b094cb20bebc8cb73fa48e60649aca44837c61f643b999ae9f24a10ce6e08ebb4b18622fbc9296ffb6f1d521d4052af2364018e243eb7bbc097c9b662eadbad000c753cb26e32815eff17d3f5d2ad452e280f1ad2f92447791814fd7e9c4dd7af792518cfcb3e426c3250b19aab6c0c335c1b1c0dd76bf6dfd42c3c97461047f263777dce69c3b0aeed04f05bb95945f881019e276bd475f4bd55e42108d5b94366f545a01e99162ac87eb9e2d8eaac6a2408e10363b7e5034515003fbbabc06621502459376fc113d604d77420254d62594b1bf5165bac4db320fa81d2ba63a2587eb8ee97607186f2443fc4e4ea2a611d3fbae09d84b8277fac378a983bb024dd1c2ce21af80d919166db6674d30cb7202360d471c310295baacdb5ba92c5a50076fce650fa44cb87e31068e6806afedaa763811fbb27feb27b4ec9ae0f7c85addd34b2bd1b3aed5c4c16cfe9ca4df168053a79c8d77216b051377f4d35eb50966a96acee45f01b98a0750df8ee30eb5e1a45887c821eccbbf81487b95237611f69b3ad5e71d17a51d8aa687fc6c12b2ee493a2e4f04875e8c39b4a428e143a1959f500b4ef62cf766edac215fd9801ddb5e130211415c1b5a74c57813ffe80baf31e82d3992c023dcef55929c0e64880201c8e040d76933aa5d8064ad563dc64f901f78f62ad412338d4e5c44db1241e191f73d3b27f62795b5aee70b4fb39c04832ed8e1fafcde2e9a7e7c20089e05414e55f55a13a6e60a5a078cc14b230a379112f3a808f9366ec2c9c9bdadd0663d6cfae5cd61b4824cf07354e5f267e44627f5888803abf0a1d9ea576cc5c6abfa829ec20a08f0c04864d033e87f5573e1b102542944b6c5e9658802bf27e2216b5cfd245892ee365a96fe416e3a2e17280150eb2ec7d8eea0e1555da68759b63ae8ef2641a316843073b94432cc6cea16a9702d4664e478dbcb86ef887bd3c4a342cef24fc697be473ec770fedac1126f584ac6f648047126642f7c48d735b9cd700f5edca79012e7a663b6971b34ac0feef8552b5bc64982a01925f8fcde5de02206dcc05566b97085adcbb7d90181a63ba3d0ce9dc48e0323e32d91c1f1f42a14c95a47323f4e3e22863928267ab31796e1dcf17b51073381ac19e1a770b7cbf6f278be6ce42b3606dff57fe7d36851bc4660ecd5c0e8d6393eb1f78c143beff431ddc40a7ba6c42a737e126f13986ec8b43e42d312172e0edc2d74a3e167a9eef82e852bda7172c4b1313f1977e99139c1fcc8954b6c67612566580e27d88d50235cad9ea300a39d8c46456ee237898604b0d9f088db559d7255f911e2fd3dbe35fda467cfe99c43b06a3e3d753a7e1e01a341517021c5a81e56640d80b2b6c7e012e8e303c4027edfb4afcef93c54f855f67bf45cbdad9e3e5012a9ce12e53a0d3759a2aa5273375432074cae73ed302d45c2ed4ccd972cb6fd9537f6ecefb94db5122ab91ef2d8abf72d89cda136123202fd17661c3d83b522479cbe7cb4e08722b45abefb54c3e649602f6dc047db6ff8a3928f17b8746314c09239b4fa48e98198e30d569e75203a01ab2818cf0ecd13c8b0e89a3142969376b06464d6c4ce0e51f9c92c61358b9d6897be2908cce2a0377e6249343c9e6edf0f8fa5468c1f9f6e8d27985cdac60b58bff27e0082d8ab50599f44da8df4e90c1c0aecba28481ec9dab0d14025d15ac54e95c4ae40125f426b3db95f14467f82106ee0977b325a363f87dac8b3e97c809214a8b417b30edac1d1b4b567cc864c09852415341ea7a992788d3156d2712c8f83e4bc556753ac4e2b762e0a16dcadeb1141b6ac227d0c6aab840c6e9db5d8665a66352a8043fd16abdf831254f4de63338b2145711eba8d2a5db2913a5c3d7c38be5bad35a27e7a94319b7de9ef464e7d4de24eb8204e0a4c0fad56401afdd213dff09e19b82f5d61008a81a2b1fbf3af5", 0xb0f}], 0x2}, 0x20000044) 15m16.776631457s ago: executing program 33 (id=248): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5414, &(0x7f0000000000)) syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r3, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001) sendmsg$inet6(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000200)="a12889ac2d0333ad5033ab971c32492a24558e0100000000000000153125fb2ac3360c24e852701507c18b9a27a6a451c0985dacc712d2ac8375dcbe6ed7e76d451f25c226a014366b637fc23553a7adee9c869e02df9ccc256a59e47e350577d14af2f5e0185c41c4fd2cddf8702bed1e5a6d753c94823b288a", 0x7a}, {&(0x7f0000000280)="03a0f754dbae8f37f02ee53643de3992553aa66f3979a0f64641f2d6b563073b8b886705b369a4a648a152a1545858631dad337ac64f735e7e174affaa0141b664002ef4ee10d31d2afff2ef42c2a56bc78e10c0b7a90c95cfbdc7a5503c088e05e7aaa3ef4fc2cff74c02aab34e0bab69dce1a44d83d3b83ea98b24ed085a83e613edce4f7b5ad926596bf46cd7ac93aa5eb09330b112bd426dbc6d60fa7906b23fd0b853af6c55427d35ccdd78dd6be011094cd400a0ce55b575a9681128908e4b8e9bbab0bc734255b2419b88c1542a171e62f3fcc9c961f31d16c8997ff0d7d5886276f24ed1f5878b1ada5df013be0e0fab4b486e5e581c5fc94a6665c4285b43806f65c6966c03cb29475dcc2db19dc383535863574b95e97abafd86eb66610bb2d9274d26ee4e93372ed6c10569db971b6685fcb528f63aa387529f8c1adc0aaba2273221fd192aaa849af8472770741583a2ab2ee36e2b4aa087a44ba7e8f147a4f2e47d6f1aaf2e51b405fb758ecc5c61274cde85a37076fe3dbb249e64f1d12d1a1e63313797d4e3ee73d288c72e0d24a8c6e4c57e9c506dd977700b6af3cb7cd3fbc5d395e0e86b40afbf94819f5c3a53cf0295f362df477ea166170d153cf924334c6671e7bfd38d66b788e47742f8e3750a89747aad6b5ebece7812698e77fbbd54638845deaf26454702aa810bd752b1bda8dcf5d139001f17b3d2457b0eca0ba3b100ca4e65d00467a3c42768ebc94945cb727b9d733952ad450ddf878180355bc7768307d52773c27fe89d333ce41532287ad8cc113927ebab0dd66b992145091828fca693ac39732ff3ea43f22cd78cc8d90f1faf63cafbe81fc44fc312da9b5cc8a46e29d919f9854e582bc045e92bbf62f0659159f09084dd9480c605cd947fd845c5cf57a0d9d1d2deb721a0789c7b7c3641d625a4d8d3b7bb1d1ef8c5f0e4b86edf1313453ffe1c2bab758868cb829a3a302574ceb5a63f258eacfc23c74f979d162e52290b43f8b263c0cddc71f5f296d4c82e104cca75b3c7be53bc9c63f468e68418f2692c29a69a408ab8ffc220f5a6d9282df887d263d4bb44a8f43adea9d249176b0028bd1e197baf99605927a9325f8d6193b33160e219a73c8c9a7eb31725358d7dc46370d3834a4a964fe58d4ca055174b97074a13268bb50abab494b329014ce5f9bbb821b4077f9d2677f1470df97062ce73745aa8b9c244909303577c7c907c99aba217a7276a253145435e6cafc47f5b910031530d6cd77a52991e3b525f596c1bf8fa05c2baf68bba7ccd176fe4bab5dc7d81df53c176b6a526bbdccf6dcc4847cc3ec0c926a95f0f020e66b75eec28f063d09d5905d8e532c98ce52a704343739c87b6f8daa86abf0e9c54e976c86f34cadf7ddf300ea88dc779c23b009913f982d8708438811a0045d6c0fb88fed320f4226e3c4f8c94a30860e688e7c27a272f9d288b463ee79dbdf050eb7d820e3dfa183eaefb00d240e67dc0c544e9772b7459c58eb1c600142b1f75e40306902ef2e8ce419fae1e94c43c72e69d19f519132166d7485ee7af85ceb4491800b73e36c7ecbfab309ef0c5571712611326f6dc5f23f2fe8eb70b317690cf29d68a79332398dc82319cb54d1986e0724468f8c43d1569409451521fab58623d0a674286911b4bccd31e87610f7a51e213aea02070adb6df8a4fc6c4d61ea7ca55eb0c9790519a658372047d2be880b1e43b801b24158684c53ad6975ae6d5bbf421d8f3628d838d5a81b085ddf3f4c3489a4eeceb80f67bab8adfce9d9e6714d450ce16a1d036751c3a88df58e9053b871afecb69aad607d226cfd42ed5b43d8e01a0b5dc9a4b5295d685b4eb427af7c17bc0a0bae51b1ff1f26815afabd0110f5e2bf232ad812a15bb69fbaf37684d302f37c93372874161ce133a9d65a0de24ec58eecf650ecc823c9082cfe51f4a41bdd658b17685200458472324e578a5144587d8f506607e980c6a2256ac1e4cee3afa4cb76ee373d1172901ed6f9d2b094cb20bebc8cb73fa48e60649aca44837c61f643b999ae9f24a10ce6e08ebb4b18622fbc9296ffb6f1d521d4052af2364018e243eb7bbc097c9b662eadbad000c753cb26e32815eff17d3f5d2ad452e280f1ad2f92447791814fd7e9c4dd7af792518cfcb3e426c3250b19aab6c0c335c1b1c0dd76bf6dfd42c3c97461047f263777dce69c3b0aeed04f05bb95945f881019e276bd475f4bd55e42108d5b94366f545a01e99162ac87eb9e2d8eaac6a2408e10363b7e5034515003fbbabc06621502459376fc113d604d77420254d62594b1bf5165bac4db320fa81d2ba63a2587eb8ee97607186f2443fc4e4ea2a611d3fbae09d84b8277fac378a983bb024dd1c2ce21af80d919166db6674d30cb7202360d471c310295baacdb5ba92c5a50076fce650fa44cb87e31068e6806afedaa763811fbb27feb27b4ec9ae0f7c85addd34b2bd1b3aed5c4c16cfe9ca4df168053a79c8d77216b051377f4d35eb50966a96acee45f01b98a0750df8ee30eb5e1a45887c821eccbbf81487b95237611f69b3ad5e71d17a51d8aa687fc6c12b2ee493a2e4f04875e8c39b4a428e143a1959f500b4ef62cf766edac215fd9801ddb5e130211415c1b5a74c57813ffe80baf31e82d3992c023dcef55929c0e64880201c8e040d76933aa5d8064ad563dc64f901f78f62ad412338d4e5c44db1241e191f73d3b27f62795b5aee70b4fb39c04832ed8e1fafcde2e9a7e7c20089e05414e55f55a13a6e60a5a078cc14b230a379112f3a808f9366ec2c9c9bdadd0663d6cfae5cd61b4824cf07354e5f267e44627f5888803abf0a1d9ea576cc5c6abfa829ec20a08f0c04864d033e87f5573e1b102542944b6c5e9658802bf27e2216b5cfd245892ee365a96fe416e3a2e17280150eb2ec7d8eea0e1555da68759b63ae8ef2641a316843073b94432cc6cea16a9702d4664e478dbcb86ef887bd3c4a342cef24fc697be473ec770fedac1126f584ac6f648047126642f7c48d735b9cd700f5edca79012e7a663b6971b34ac0feef8552b5bc64982a01925f8fcde5de02206dcc05566b97085adcbb7d90181a63ba3d0ce9dc48e0323e32d91c1f1f42a14c95a47323f4e3e22863928267ab31796e1dcf17b51073381ac19e1a770b7cbf6f278be6ce42b3606dff57fe7d36851bc4660ecd5c0e8d6393eb1f78c143beff431ddc40a7ba6c42a737e126f13986ec8b43e42d312172e0edc2d74a3e167a9eef82e852bda7172c4b1313f1977e99139c1fcc8954b6c67612566580e27d88d50235cad9ea300a39d8c46456ee237898604b0d9f088db559d7255f911e2fd3dbe35fda467cfe99c43b06a3e3d753a7e1e01a341517021c5a81e56640d80b2b6c7e012e8e303c4027edfb4afcef93c54f855f67bf45cbdad9e3e5012a9ce12e53a0d3759a2aa5273375432074cae73ed302d45c2ed4ccd972cb6fd9537f6ecefb94db5122ab91ef2d8abf72d89cda136123202fd17661c3d83b522479cbe7cb4e08722b45abefb54c3e649602f6dc047db6ff8a3928f17b8746314c09239b4fa48e98198e30d569e75203a01ab2818cf0ecd13c8b0e89a3142969376b06464d6c4ce0e51f9c92c61358b9d6897be2908cce2a0377e6249343c9e6edf0f8fa5468c1f9f6e8d27985cdac60b58bff27e0082d8ab50599f44da8df4e90c1c0aecba28481ec9dab0d14025d15ac54e95c4ae40125f426b3db95f14467f82106ee0977b325a363f87dac8b3e97c809214a8b417b30edac1d1b4b567cc864c09852415341ea7a992788d3156d2712c8f83e4bc556753ac4e2b762e0a16dcadeb1141b6ac227d0c6aab840c6e9db5d8665a66352a8043fd16abdf831254f4de63338b2145711eba8d2a5db2913a5c3d7c38be5bad35a27e7a94319b7de9ef464e7d4de24eb8204e0a4c0fad56401afdd213dff09e19b82f5d61008a81a2b1fbf3af5", 0xb0f}], 0x2}, 0x20000044) 14m57.631382593s ago: executing program 5 (id=282): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r3, 0x0, 0x0) 14m57.245106119s ago: executing program 5 (id=285): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000100)=0x5) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udplite\x00') mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0) 14m47.47447385s ago: executing program 5 (id=295): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x15, 0x10, 0x8}, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r3}, 0x10) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) close(r5) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r1}, &(0x7f0000000900), &(0x7f0000000940)=r0}, 0x20) 14m47.278363113s ago: executing program 5 (id=298): sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, 0x0, 0x80) syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f00000000c0)='rw\x00', &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x4, &(0x7f0000000f40)=0xff, 0x4) openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)={0x8400, 0xc}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000480), 0xca, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000004c0)={'\x00', 0x5, 0x83ba, 0x81, 0x464, 0x8}) 14m45.487313851s ago: executing program 5 (id=302): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) landlock_restrict_self(0xffffffffffffffff, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x40810) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]}) 14m44.26646458s ago: executing program 5 (id=307): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r1, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty}, {0x0, 0x17c1, 0x9c, 0x0, @wg=@initiation={0x1, 0x3, "0b86c107cddd39d10e870794ae120f860174b07efe05336d54f519ebba5a2b26", "5e5992c2209db5127a4a84d3d6e03d081a4118a2bbd22f0ca038289c45b30eca6703476382c29175c40096a9c60c3cce", "6a9f3a451dd7eb4523e02c2a4a00f81073727f3ac9f91e284b975a32", {"8f865412904b133eebafc6eb170fb006", "0800040000ffe10000000000003dda9c"}}}}}}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00') preadv(r2, &(0x7f0000000440)=[{&(0x7f0000000100)=""/230, 0xe6}], 0x1, 0x5f0e, 0x0) 14m29.123806384s ago: executing program 34 (id=307): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r1, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty}, {0x0, 0x17c1, 0x9c, 0x0, @wg=@initiation={0x1, 0x3, "0b86c107cddd39d10e870794ae120f860174b07efe05336d54f519ebba5a2b26", "5e5992c2209db5127a4a84d3d6e03d081a4118a2bbd22f0ca038289c45b30eca6703476382c29175c40096a9c60c3cce", "6a9f3a451dd7eb4523e02c2a4a00f81073727f3ac9f91e284b975a32", {"8f865412904b133eebafc6eb170fb006", "0800040000ffe10000000000003dda9c"}}}}}}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00') preadv(r2, &(0x7f0000000440)=[{&(0x7f0000000100)=""/230, 0xe6}], 0x1, 0x5f0e, 0x0) 8m41.327611252s ago: executing program 7 (id=1344): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m40.83071027s ago: executing program 7 (id=1349): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x74bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xc, 0xc}, {0x74a, 0xfff1}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) 8m40.450593635s ago: executing program 7 (id=1352): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff7}, [@printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x10}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b000000b9000000010001000900000001"], 0x48) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8b, 0x5, 0x9, 0x1, 0x1}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000002c0)={r1, &(0x7f00000002c0), &(0x7f0000000380)=""/107}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000040), &(0x7f0000000440)=""/183}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000340)={r0, &(0x7f0000000040)}, 0x20) 8m40.254812449s ago: executing program 7 (id=1355): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @dev={0xac, 0x14, 0x14, 0x1d}}, {0x0, 0x17c1, 0x8}}}}}, 0x0) close(r1) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x36) 8m39.594552448s ago: executing program 7 (id=1358): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=") mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="38010000fe000089f7909ff976363c551929b2bfb95c0c3fb62a65ed2610e6f9223c83beaa8ce65797507482", @ANYRESHEX=0x0], 0x138) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 8m39.235245604s ago: executing program 7 (id=1364): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000200)='./file0\x00', 0x200081, 0x4c) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1300, 0x1d) 8m23.99289203s ago: executing program 35 (id=1364): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000200)='./file0\x00', 0x200081, 0x4c) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1300, 0x1d) 5m43.750500758s ago: executing program 6 (id=1835): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ppoll(&(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x205, 0x8401) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2) syz_io_uring_setup(0x1e21, 0x0, &(0x7f0000002000), &(0x7f0000000180)) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close_range(0xffffffffffffffff, r0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000280)={0xf0f022}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x2, @win={{0x2, 0xc, 0x40, 0xe0fd}, 0x9, 0x1, 0x0, 0xc, 0x0, 0x6}}) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x54, r5, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x54}}, 0x4000004) sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r5], 0x34}}, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x308, 0x0, 0xb, 0xd0e0011, 0x120, 0xc6, 0x270, 0x1d8, 0x190, 0x270, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'nr0\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x120, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@connlimit={{0x40}, {[0x0, 0x0, 0xffffffff]}}]}, @unspec=@CT0={0x48}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'virt_wifi0\x00'}, 0x0, 0xe8, 0x150, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x1, 0x8, [0x4e22, 0x4e23, 0x4e23, 0x4e23, 0x4e23, 0x4e22, 0x4e24, 0x4e22, 0x4e23, 0x4e22, 0x4e24, 0x4e23, 0x4e23, 0x4e23, 0x4e22], [0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1]}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x20000, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x368) 5m40.012082285s ago: executing program 6 (id=1842): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x4e23, 0x5, @private1, 0xfffffff7}}, 0x0, 0x0, 0x47, 0x0, "0d295315229e1f6134c51e52892103cd799e6174223e0b635963eaa2b867aa90675c68b42d32cf764039bda051758c0a876440c5a989a92faa28fced3e7d1ce8297e79f7cb4237f84e85a5672dc2c0f9"}, 0xd8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040084) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x7) ioctl$TCFLSH(r5, 0x8925, 0xffffffffffff7ffe) close(r2) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r6, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0) ioctl$TCXONC(r7, 0x540a, 0x0) sendfile(r7, r8, 0x0, 0x20000023896) ioctl$TIOCSERGETLSR(r7, 0x5459, &(0x7f0000000000)) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, 0x0, 0x0) 5m37.470785535s ago: executing program 6 (id=1845): open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0xd2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000480)=@framed, &(0x7f00000003c0)='GPL\x00', 0x80, 0xfffffe3d, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) setuid(0xee00) 5m35.654236203s ago: executing program 6 (id=1846): mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, &(0x7f0000000100)={0x0, @bt={0x9, 0x81, 0x1, 0x1, 0x7, 0xffff, 0x18, 0x1ff, 0x5, 0x1, 0x800, 0x8, 0xffffffff, 0x3, 0xb, 0x30, {0x2, 0x47ee}, 0x3, 0x5a}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') read$eventfd(r4, &(0x7f0000000080), 0x8) 5m34.400904822s ago: executing program 6 (id=1850): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r1, 0x0) connect$inet(r0, &(0x7f0000000240)={0x2, 0x4e22, @private=0xa010102}, 0x10) 5m33.046805793s ago: executing program 6 (id=1851): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x10000, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$instantiate(0xc, 0x0, &(0x7f0000000200)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '', 0x20, 0x7}, 0x2a, r3) syz_io_uring_setup(0x499f, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r4, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@rand_addr=0x64010100, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, 0x48, 0x0, 0x3, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x6, 0x0, 0x400000000000000}, {0x0, 0x4, 0x400, 0xa78a}, 0xfffffffe, 0x6e6bb8, 0x1}, {{@in=@broadcast, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x3, 0x1, 0x7}}, 0xe4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) 5m17.794158694s ago: executing program 36 (id=1851): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x10000, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$instantiate(0xc, 0x0, &(0x7f0000000200)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '', 0x20, 0x7}, 0x2a, r3) syz_io_uring_setup(0x499f, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r4, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@rand_addr=0x64010100, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, 0x48, 0x0, 0x3, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x6, 0x0, 0x400000000000000}, {0x0, 0x4, 0x400, 0xa78a}, 0xfffffffe, 0x6e6bb8, 0x1}, {{@in=@broadcast, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x3, 0x1, 0x7}}, 0xe4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) 1m54.033838777s ago: executing program 8 (id=2289): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000c80)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffc]}}) r4 = dup(0xffffffffffffffff) write$UHID_INPUT(r4, 0x0, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) r5 = socket(0x2, 0x3, 0xff) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0xe, 0x0, &(0x7f00000002c0)) 1m50.858383427s ago: executing program 8 (id=2297): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(0xffffffffffffffff) syz_open_dev$hiddev(0x0, 0x0, 0x0) r4 = socket(0x2, 0x3, 0xff) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0xe, 0x0, &(0x7f00000002c0)) 1m47.48888102s ago: executing program 8 (id=2303): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = accept(r0, &(0x7f0000000080)=@rc={0x1f, @fixed}, &(0x7f0000000000)=0x53) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f00000002c0)=0x2) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x110, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) r2 = creat(&(0x7f0000000380)='./file0\x00', 0xecf86c37d53049e1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX=r1, @ANYRES32], 0x2a, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x8, &(0x7f0000000dc0)=ANY=[@ANYBLOB="7a0af8ff7525787cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c80000040000000000b1a297cfddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1ae9f2cfe401dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4800afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48bb004823ebcd8c65743f31f84b263ab9b3426692f01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6ad4c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dc938db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c9800000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x2800000002000000, 0xe, 0x0, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", 0x0, 0x0, 0x4000000}, 0x50) write$binfmt_elf32(r2, 0x0, 0x58) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r5 = userfaultfd(0x80001) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x1415, 0x101, 0x1, 0x25dfdbfc}, 0x10}}, 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, 0x0) syz_clone3(0x0, 0x0) 1m44.705147154s ago: executing program 8 (id=2305): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 1m43.694611911s ago: executing program 8 (id=2309): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x52, 0x1, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000003180), &(0x7f00000031c0)=0xc) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) getegid() r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 1m35.52088607s ago: executing program 8 (id=2321): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x0) 1m19.565786292s ago: executing program 37 (id=2321): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) unlinkat(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x0) 54.270395152s ago: executing program 4 (id=2388): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000b80), 0x2, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x100000000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x9, 0xfffffffd, 0x1, 0x81, 0xfffffdff, 0x7ff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x2, 0x0, @empty}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000140)={'filter\x00', 0x7, 0x4, 0x3c8, 0x110, 0x1f8, 0x110, 0x2e0, 0x1f8, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="58607b1c69cb", @mac=@link_local, @loopback}}}, {{@arp={@remote, @empty, 0x0, 0x0, 0x0, 0x0, {@mac=@random="492f869a9354"}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6gre0\x00', 'veth1_virt_wifi\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) syz_open_dev$vim2m(0x0, 0xb, 0x2) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x0, 0x2b8, 0xb0000010, 0x268, 0x5c8f0200, 0x360, 0x3a8, 0x3a8, 0x360, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x228, 0x268, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0x20000f1, 0x0, 0x0, 0x0, 0xffffff80, 0x1, 0x7fffffff}}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x9, 0x8, "3382c5031d9efbc97e4a438857c13553fc74d2fcfd215c16a492e68df2e4"}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_mount_image$exfat(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x1000000, &(0x7f0000000840)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303030303030372c666d61736b3d30303030303030303030303030303030303030303030322c696f636861727365743d69736f383835392d31332c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646d61736b3d30303030303030303030303030303337313630373234312c696f636861727365743d63703933322c6572726f72733d72656d6f756e742d726f2c666d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703836362c00ce0a5a71797b7256e90d2c78b433e66c4b4bc11d1f2c4d0cc1067826fa1a2c7e4d91d9b0179d604e463f435112f83befe3fe654c7636195294441b3602771ab07c8432acef3d5d173bdcde62c060457d460e95674bf5088b838b15ca8513626878d244b25d4f64d3c7eeeeeb484c2ffa3f8b4ad3ae9cb028b2b4d6e1aa1ec5406b99aa5b65ee0d12a169116f65688cbd61df820a0edfc5c40da44e70327aafebaa4a7c8bb964a37c5d89a99fb4fd0b149070fb825786654ff7ddcf75358ded9cd800000000a0c3328e6a138baad4bd205d6fb08d", @ANYRES16, @ANYBLOB="ebe050f9a6e26556b98b3a694ca1d9f8df1d1907a2607c94fad06b78ed9f520e602e86e81adc6386a9cd7f05df985b7d7649fbe21aac9ea3cd407d5b9c5b0b7ff5572dc06f5dc6fa7d1206852880bc490a27a1ec2e3d77acc8c7454c8cfc31b1cddd5727a3a7bb058f019d781f3174f03a4f699b28b8ee3491fe8da4a5d8b2431b5b560ae1638b532ebadbb95c3d0ecece79ca4492a146892118cd97d3a346c6e0eccede0661be772eb19221fdc8f58e6d741bd5212bb2a9b57a1666e4bb084eecf00117c99520a8", @ANYRESHEX, @ANYRESHEX], 0x1, 0x1517, &(0x7f00000046c0)="$eJzs3AnYjVXXOPC19t43D4mTZMpee92cZNgkSYaEDEmSJEmmhCRJkpBMmZKQhMxJ5pBMIZnneU6SV5IkISHJ/l+q7/W9X19fXd/b/+99/8/6XdfNXs991jrrPut5zrnPfT3n+brdwEp1KpevxczwT8Ff/usKACkA0AcAMgFABADFMhfLfGl/Oo1d/7k7EX+tB6dc6Q7ElSTzT91k/qmbzD91k/mnbjL/1E3mn7rJ/FM3mb8QqdmWqTmukS31bn/++r/7n3fL9f9/Q/L6//+tP/WTJvNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2RW79qwB4F/g+vef2P7+WP16iftK9/M7W/S/yrty33lCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIVKTc+EyAwD/sb7SfQkhhBBCCCGEEOKvE9Je6Q6EEEIIIYQQQgjxfx8CGA0GIkgDaSEF0kF6uAoywNWQETJBAq6BzHAtZIHrICtkg+yQA3KGTJALLBA4YIghN+SBJNwAeeFGyAf5oQAUBA+FoDDcBEXgZigKt0AxmLUA4DYoASWhFJSG26EM3AFloRyUhzuhAlSESlAZ7oIqcDdUhXugGtwL1eE+qAH3Q014AGrBg1AbHoI68DDUhUegHtSHBtAQGv2v8l+ATvAidIYu0BW6QXd4CXpAT+gFvaEPvAx94RXoB69CfxgAA+E1GASvw2B4A4bAUBgGb8JwGAEjYRSMhjEwFt6CcfA2jId3YAJMhEkwGabAVJgG78J0mAEz4T2YBe/DbJgDc2EezIcPYAEshEXwISyGj2AJLIVlsBxWwEpYBathDZ6AdbAeNsBG2ASbYQtshW2wHXbATtgFu8vtgY9hL3wC++BT2A+f/TYf1v4P+WfhH/PbIyCgQoUGDabBNJiCKZge02MGzIAZMSMmMIGZMTNmwSyYFbNidsyOOTEn5sJcSEjIyJgbc2MSk5gX82I+zIcFsAB69FgYC2MRvBmLYlEshsWwOBbHElgSS2JpLI1lsAyWxbJY/rY5AFgBK2ElvAvvwruxKlbFalgNq2N1rIE1sCbWxFpYC2tjbayDdbAu1sV6WA8bYANshI2wMTbGJtgEm2EzbI7NsQW2wJbYElthK2yNrbENtsG22BbbYTtsjx2wA76AL+CL+CJ2wQqqG3bH7tgDe2Av7I298WXsi6/gK/gq9scBOBBfw9fwdRyMZ3AIDsVhOAzLqBE4EkchqzE4FsfiOByH43E8TsCJOBEn4xScitNwGk7HGTgD38NZ+D6+j3NwDs7D+TgfF+BCXISLcDGexSW4FJfhclyBK3EFrsY1uBrX4XpchxtxI27GzbgVt+J23I47cSfuxt34MX6Mn+An2B/34348gAfwIB7EQ3gID+NhPIJHtl4FgMfwGB7H43gCT+IpPImn8TSewbN4Ds/heTyPF/C5nF/W3p1/bX9QlxhlVBqVRqWoFJVepVcZVAaVUWVUCZVQmVVmlUVlUVlVVpVdZVc5VU6VS+VSpEixilVulVslVVLlVXlVPpVPFVAFlFdeFVaFVRFVRBVVRVUxdasqrm5TJVRJ1dSXVqVVGdXMl1XlVHlVXlVQFVUlVVlVVlVUFVVVVVXVVDVVXVVXNdT9qqbqhr3wQXVpMnXUAKyrBmI9VV81UA3V6/ioaqwGYxPVVDVTj6uhOARbqMa+pXpKtVIjsbV6Ro3CZ1VbNQbbqedVe9VBdVQvqE6qie+suqgJ2E11V5Oxh+qpeqneajpWVJcmVkm9qvqrAWqgek3Nw9fVYPWGGqKGqmHqTTVcjVAj1Sg1Wo1RY9Vbapx6W41X76gJaqKapCarKWqqmqbeVdPVDDVTvadmqffVbDVHzVXz1Hz1gVqgFqpF6kO1WH2klqilaplarlaolWqVWq3WqLVqnVqvNqiNapParLaorWqb2q52qJ1ql9qt9qiP1V71idqnPlX71WfqgPqbOqg+V4fUF+qw+lIdUV+po+prdUx9o46rLuqEOqlOqe/UafW9OqPOqnPqB3Ve/aguqJ/URRUUaNRKa210pNPotDpFp9Pp9VU6g75aZ9SZdEJfozPra3UWfZ3OqrPp7DqHzqmv17m01aSdZh3r3DqPTuobdF59o86n8+sCuqD2upAurG/SRfTNuqi+RRfTt+ri+jZdQpfUpXRpfbsuo+/QZXU5XV7fqSvoirqSrqzv0lX03bqqvkdX0/fq6vo+XUPfr2vqB3Qt/aCurR/SdfTDuq5+RNfT9XUD3VA30o/qxvox3UQ31c3047q5fkK30E/qlvop3Uo/rVvrZ3Qb/axuq5/T7fTzur3uoDvqn/RFHXRn3UV31d2i7vol3UP31L10b91Hv6z76ld0P/2q7q8H6IH6NT1Iv64H6zf0ED1UD9Nv6uF6hB6pR+nReoweq9/S4/Tberx+R0/QE/UkPVlP0VN1r18rzfwT+W//N/n9fr73zXqL3qq36e16h96pd+ndeo/eo/fqvXqf3qf36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6mj+vj+oQ+qX/Q3+nT+nt9Rp/VZ/UP+rw+ry/8+hiAQaOMNsZEJo1Ja1JMOpPeXGUymKtNRpPJJMw1JrO51mQx15msJpvJbnKYnOZ6k8tYQ8YZNrHJbfKYpLnB5DU3mnwmvylgChpvCpnC5qZ/Ov93+ls+6ZeTl9AFwDQ2jU0T08Q0M81Mc9PctDAtTEvT0rQyrUxr09q0MW1MW9PWtDPtTHvT3nQ0HU0n08l0RjBdTVfT3bxkepieppfpbfqYl01f09f0M/1Mf9PfDDQDzSAzyAw2g80QM8QYABhuhpuRZqQZbUabsWasGWfGmfFmvJlgJphJZpKZYqaYaWaamW6mm5lmppllZpnZZraZa+aa+Wa+WWAWmEVmkVlsFpslZqlZapab5WalWWlWm9VmrVlr1pv1ZqPZaJaYLWaL2Wa2mR1mh9lldpk9Zo/Za/aafWaf2W/2mwPmgDloDppD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5ZU6Z0+a0OWPOmHPmnDlvzpsL5oK5aC5eOu2LVKQiE5koTZQmSolSovRR+ihDlCHKGGWMElEiyhxljrJE10VZo2xR9ihHlDO6PsoV2YgiF3EUR7mjPFEyuiHKG90Y5YvyRwWigpGPCkWFo5uiItHNUdHolqhYdGtUPLotKhGVjEpFpaPbozLRHVHZqFxUProzqhBVjCpFlaO7oirR3VHV6J6oWnRvVD26L6oR3R/VjB6IakUPRrWjh6I60cNR3eiRqF5UP2oQNYwa/aX1QziT7THf2XaxaaGb7W5fsj1sT9vL9rZ97Mu2r33F9rOv2v52gB1oX7OD7Ot2sH3DDrFD7TD7ph1uR9iRdpQdbcfYsfYtO86+bcfbd+wEO9FOspPtFDvVTrPv2ul2hp1p37Oz7Pt2tp1j59p5dr79wC6wC+0i+6FdbD+yS+xSu8wutyvsSrvKrrZr7Fq7zq63G+xGu8lutlvsVrvNbrc77E67y+62e+zHdq/9xO6zn9r99jN7wKb8en7/hT1sv7RH7Ff2qP3aHrPf2OP2W3vCnrSn7Hf2tP3enrFn7Tn7gz1vf7QX7E/2og2XTu4vvbyTIUNpKA2lUAqlp/SUgTJQRspICUpQZspMWSgLZaWslJ2yU07KSbkoF13CxJSbclOSkpSX8lI+ykcFqAB58lSYClMRKkJFqSgVo2JUnIpTCSpBpagU3U630x10B5WjcnQn3UkVqSJVpspUhapQVapK1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB41oAbUiBpRY2pMTagJNaNm1JyaUwtqQS2pJbWiVtSaWlMbakNtqS21o3bUntpTR+pInagTdabO1JW6UnfqTj2oB/WiXtSH+lBf6kv9qB/1p/40kAbSIBpEg2kwDaGhNIzepOE0gkbSKBpNY2gsjaVxNI7G03iaQBNoEk2iKTSFptE0mk7TaSbNpFk0i2bTbJpLc2k+zacFtIAW0SJaTItpCS2hZbSMVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI120A7aRbtoD+2hvbSX9tE+2k/76QAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+giBUpx6Vx6d5XL4K52GV0m91/j7C6Hy+mud7mcdVldtn+IyTmXz+V3BVxB510hV9jd9Ju4hCvpSrnS7nZXxt3hyv4mrrJmxy+/iO7udZXdXa6Ku9tVdfe4au5eV93d52q4h11N94ir5eq72q6hq+MednXdI66eq+8auIauuXvCtXBPupbuKdfKPf2beIFb6Na4tW6dW+/2uk/cOfeDO+q+dufdj66z6+L6uJddX/eK6+dedf3dgN/Ew9ybbrgb4Ua6UW60G/ObeJKb7Ka4qW6ae9dNdzN+E893H7hZbpGb7ea4uW7ez/Glnha5D91i95Fb4pa6ZW65W+FWulVu9d97Xe42uk1us9vjPnbb3Ha3w+10u9zun+NLx7HPfer2u8/cEfeVO+g+d4fcMXfYfflzfOn4jrlv3HH3rTvhTrpT7jt32n3vzrizPx//pWP/zv3kLrrggJEVazYccRpOyymcjtPzVZyBr+aMnIkTfA1n5ms5C1/HWTkbZ+ccnJOv51xsmdgxc8y5OQ8n+QbOyzdyPs7PBbggey7EhfkmLsI3c1G+hYvxrVycb+MSXJJLcWm+ncvwHVyWy3F5vpMrcEWuxJX5Lq7Cd3NVvoer8b1cne/jGnw/1+QHuBY/yLX5Ia7DD3NdfoTrcX1uwA25ET/KjfkxbsJNuRk/zs35CW7BT3JLfopb8dPcmp/hNvwst+XnuB0/z+25A3fkF7gTv8iduQt35W7cHYF7cE/uxb25D7/MffkV7sevcn8ewAP5NR7Er/NgfoOH8FAexm/ycB7BI3kUj+YxPJbf4nH8No/nd3gCT+RJPJmn8FSexu/ydJ7BM/k9nsXv82yew3N5Hs/nD3gBL+RF/CEv5o94CS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VtvJ2Rd/KuS0/z/DHv5U94H3/K+/kzPsB/44P8OR/iL/gwf8lH+Cs+yl/zMf6Gj/O3fIJP8in+jk/z93yGz/I5/oHP8498gX/iixwYYoxVrGMTR3GaOG2cEqeL08dXxRniq+OMcaY4EV8TZ46vjbPE18VZ42xx9jhHnDO+Ps4V25hiF3Mcx7njPHEyviHOG98Y54vzxwXigrGPC8WF45viIvHNcdH4lrhYfGtcPL4tLhGXjB++t3R8e1wmviMuG5eLy8d3xhXiinGluHJ8V1wlvjuuGt8TV4vvjYvG98U14vvjmvEDca34wbh2/FBcJ344rhs/EteL68cN4oZxo/jRuHH8WNwkbho3ix+Pm8dPxC3iJ+OW8VNxq/jpP9zfNe4Wd49fil+KQ7hHz03OS85PfpBckFyYXJT8MLk4+VFySXJpcllyeXJFcmVyVXJ1ck1ybXJdcn1yQ3JjclNyczKEymnBo1dee+Mjn8an9Sk+nU/vr/IZ/NU+o8/kE/4an9lf67P463xWn81n9zl8Tn+9z+WtJ+88+9jn9nl80t/g8/obfT6f3xfwBb33hXxh39A38o18Y/+Yb+Kb+gge94/7J/wT/kn/pH/Kt/JP+9b+Gd/GP+vb+uf8c/5539538B39C76Tf9F39l18V9/Vd/fdfQ/fw/fyvXwf38f39X19P9/P9/f9/UA/0A/yg/xgP9gP8UP8MD/MD/fD/Ug/0o/2o/1YP9aP8+P8eD/eT/AT/CQ/yU/xU/w0P81P99P9TD/Tz8o3y8/2s/1cP9fP9/P9Ar/AL/KL/GK/2C/xS/wyv8yv8Cv8Kr/Kr/Fr/Dq/zm/wG/wmv8lv8Vv8Nr/N7/A7/C6/y+/xe/xev9fv8/v8fr/fH/AHzgV/0B/yX/jD/kt/xH/lj/qv/TH/jT/uv/Un/El/yn/nT/vv/Rl/1p/zP/jz/kd/wf/kL/rgxybeSoxLvJ0Yn3gnMSExMTEpMTkxJTE1MS3xbmJ6YkZiZuK9xKzE+4nZiTmJuYl5ifmJDxILEgsTixIfJhYnPkosSSxNLEssT6xIrEyEcP22OOQOeUIy3BDyhhtDvpA/FAgFgw+FQuFwUygSbg5Fwy2hWLg1FA+3hRKhZCgVHgn1Qv3QIDQMjcKjoXF4LDQJTUOz8HhoHp4ILcKToWV4KrQKT4fW4ZnQJjwb2obnQrvwfGgfOoSO4YXQKbwYOgcduoZuoXt4KfQIPUOv0Dv0CS+HvuGV0C+8GvqHAWFgeC0MCq+HweGNMCQMDcPCm2F4GBFGhlFhdBgTxoa3wrjwdhgf3gkTwsQwKUwOU8LUMC28G6aHGWFmeC/MCu+H2WFOmBvmhfnhg7AgLAyLwodhcfgoLAlLw7KwPEDKyrAqrA5rwtqwLqwPG8LGsClsDlvC1rAtbA87ws6wK+wOe8LHYW/4JOwLn4b94bNwIPwtHAyfh0Phi3A4fBmOhK/C0fB1OBa+CcfDt+FEOBlOhe/C6fB9OBPOhnPhh3A+/BguhJ/CRfnMmhBCCCHEn6L/YH+3f4jU3/9Vv36lOwBcvT3H4f9ac0PWX9Y9Vc7mCQB4qku7B/9jq1Cha9euv952iYYozxwASFzOTwOX46XQDJ6AltAUivy3/fVUHc7zH9RP3gqQ/j/lpMDl+HL9m3+n/ohZf1h/DkC+PJdz0sHl+HL9or+pHf1cP1vjP6if7vOxAE3+U14GuBxfrl8YHoOnoeU/3FIIIYQQQgghhPhFT1WqzR+9v730/jynuZyTFn6JzZ94fw6/fMJACCGEEEIIIYQQV9CzHTo++WjLlk3b/M6i3O/vkkVqWaT512jj334B8C/Rxp9bXOlnJiGEEEIIIcRf7fJJ/5XuRAghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESL3+X/w5sSt9jEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSV9n8CAAD//yldK4M=") mount$nfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2000, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f00000000c0)={0x0, 0x0}, 0x10) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) 53.289946758s ago: executing program 4 (id=2391): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = msgget$private(0x0, 0xfffffffffffffffd) msgrcv(r4, 0x0, 0x0, 0x1, 0x3000) msgrcv(r4, 0x0, 0x0, 0x1, 0x0) msgsnd(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="01000000000000"], 0x8, 0x0) msgrcv(r4, &(0x7f0000000000)={0x0, ""/104}, 0x70, 0x0, 0x1000) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$setregs(0x2, r5, 0x0, 0x0) 46.039947422s ago: executing program 4 (id=2398): socket$key(0xf, 0x3, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420750f52e274daad4b4ae7bf4356377f00000000000000303030"], 0x2a, 0x0) add_key$user(&(0x7f0000000300), &(0x7f00000002c0), 0x0, 0x0, 0xfffffffffffffffd) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10) 43.507170142s ago: executing program 4 (id=2402): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') read$eventfd(r5, &(0x7f0000000080), 0x8) 41.061142511s ago: executing program 4 (id=2405): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 39.969947248s ago: executing program 4 (id=2408): socket$key(0xf, 0x3, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420750f52e274daad4b4ae7bf4356377f00000000000000303030"], 0x2a, 0x0) add_key$user(&(0x7f0000000300), &(0x7f00000002c0), 0x0, 0x0, 0xfffffffffffffffd) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10) 24.498641233s ago: executing program 38 (id=2408): socket$key(0xf, 0x3, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420750f52e274daad4b4ae7bf4356377f00000000000000303030"], 0x2a, 0x0) add_key$user(&(0x7f0000000300), &(0x7f00000002c0), 0x0, 0x0, 0xfffffffffffffffd) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10) 23.229070303s ago: executing program 9 (id=2429): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = accept(r0, &(0x7f0000000080)=@rc={0x1f, @fixed}, &(0x7f0000000000)=0x53) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f00000002c0)=0x2) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x110, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) r2 = creat(&(0x7f0000000380)='./file0\x00', 0xecf86c37d53049e1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX=r1, @ANYRES32], 0x2a, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x8, &(0x7f0000000dc0)=ANY=[@ANYBLOB="7a0af8ff7525787cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c80000040000000000b1a297cfddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1ae9f2cfe401dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4800afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48bb004823ebcd8c65743f31f84b263ab9b3426692f01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6ad4c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dc938db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c9800000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x2800000002000000, 0xe, 0x0, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", 0x0, 0x0, 0x4000000}, 0x50) write$binfmt_elf32(r2, 0x0, 0x58) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r5 = userfaultfd(0x80001) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x1415, 0x101, 0x1, 0x25dfdbfc}, 0x10}}, 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, 0x0) syz_clone3(0x0, 0x0) 20.582556565s ago: executing program 9 (id=2434): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa15, &(0x7f00000002c0)="$eJzs3c1vHOd9B/DvrEiJog1VtlVXFWxrJUM2bbMUSdUSBB9qiVxKdPlSkBRgoS0sw5IKQURd2C1gGz3IQNFTjBhBECDJJfAxJwPOIb4EuiXHnHIIkPg/CIxcohwCBju7lJbkvog0RSrK57MYzdvveduZnUe73J0n/CVbWVkppy2uX/rxTlaWh8/5ya8++/yT+vTxrezNnrxa/DQZSFJN+v5Univ9E5ML87M9MrqZXElyOymS7Etj3sH+NWtXUnw7j99bv53ihzncJtnAJhtHTyv8Vdvt8w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5KE5Ojo2NFZqbnLr1Z7awcArzL/tXsvixH/S6+7FVskRT1KQMDq0N9Hz50b/fT9X+O55nG2jONkb8H8tFjTx987am+ymr6LhXaEe9/+NHNt5eXr713b1N/28C+Zrvqy/t2rHr3b+/Wkl2ozU0vzk/PnrtQq04vzlfPnj49evLi1GJ1ajq1xcuLS7XZ6sRC7dzS/EJ1aOKl6tjZs6eqtZHL85fmLkyOzNRWN575h/HR0dPVN0b+pXZuYXF+7uQbI4sTF6dnZqbnLpQx9d31mDP1E/Gfp5eqS7Vzs9Xq9RvL1071qmQ9aKztnmJt0HivnMZHx8fHxsbHx06/evbVM6OjfRs2jK6TDRG7f9Kye36yrddu+IYqzf4/M5nOXC7lzVTbPiYymYXMZ7bD/qbV/v/EyVrXclv7/9Ve/vC93UdS9v/PNdae69T/d6hL78fKSiPnraZffbyfD/NRbubtLGc51/LeN85xw+OP25RP9Zu3duPjQmqZy3QWM5/pzOZcuaXa3FLN2ZzO6YzmrVzMVBZTzVSmM5NaFnM5i1lKrTyjJrKQWs5lKfNZSDVDmchLqWYsZ3M2p1JNLSO5nPlcylwuZDLnylyu50b5vJ/qUse7QWP3EzTeJWib+/+Vh/F/gjxo234Nh61aafb/ezsGrKwuDU3sWK0AAACA7fT3v8iBQ0/+/DdJf54tP5efmp6pje52tQAAAIBtVH5d75n6rL++9GwK7/8BAADgUVOUv7ErkgzmaGOp8UuoPfEhAAAAADwiyr//P1efDdaXjqa4eyeUK7tdNwAAAGB79L7Hfs+IYnj19r/Vq4351WZE8z6/g1PTM7WRifmZ18byQnmXgfKXBhty25MU/eXPD17OsUbUscHGfHBtjgP1qLGR18byco43GzL0fH32/FCbyPFG5IuNyBe7RJ6qRwLAo+54l/74fvv/lzPciBg+0rc3Sd+RNj3rqJ4VAB4WvcfY6RlR/OO99//9zWzX9P9P5vofGl8pGMk7eTfLuZrh8tcG5TcO1uT6b582PzO4+zWE0Qz3+DRgNfaXZyoZ7vF5wGDLQC/DPT4RaMTm35NTD/5AAMAOOt6hH95M/z/c8v4/G9//3x1a6JqfFALAQ+HuCPYPcGG32wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgO23rXf7H9hi8t82x/V7sMMQbFjY33wOtp7Pd5LsXJ2LbS6rsg35rCTZqeO1cws5mGz5WW17Gu9Nsvvt6rnQ13xJ3Hx7ebeuSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOykItnTbnsl2ZdkNMnJna/Vg3Nrtyuw8/6pdaW4kzv5IAd2rzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+m5v3/K2nMH2tsSl8lOZHkSpJ/3e06bqc7u12BbbJ/i+la7v9fP+ZZKdLXOOwp+icmF+Zn64e/HPuh8tVnn39Sn1qS77vfcsrAyrrBJZolrI/90eOrS0+UqQYnr71/87/f/a/q5PlUsjfnl6ZmJmcvLLx+L8nTxRdJNY1p1Wp9//fEzz5t0/Iv6i1tb325U+WTM7mx3L9rl7p7ud3cWL42Xi9pqfbm0v/8540PWnY9mWPJ80PJ0NqS/qM+dSjpWPq7lVZ8Xfx/cSDfy5Xy+NefjWKlqB+ivynbv//6jeVrI++8u3y1Q50O5miSq8lA9zp93LL7aHk9aas86yr99VJHy6D6P4d6tLGrlhzHOrThifKUGWy2YW/HNrSqdm5DqeV5r7Tb36jRqQ41eiovtDnSK/uSzjV6ofuRbq/4uvh1cTG/yv+1jP9RqR//E+n86lybRRnZcqZ0jKw0IsuWj7fueGt95O++f1+1bztMDZv1rTUv3krL9b95rLbperRSdL0etZS4udfFuhLXnRVdXhdlj3RoXYrm1adTmmY9DzWiOtTzb/NK0nek21VxQ2/9So8ryt30r7ffvdXX/w+Kofw+t4z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPyKZE+77ZXkRJKDq+vVZGUT2e7rtKMyWGy2itvq1t1/HgmVzSYo7uROPsiBB1MdAAAAAAAAAHba+cmvPvv8k/pU7G9uav59v5r0JTlYfHd/JhfmZ3tk1J9cSXK7vjzQZn+XP/fX0+Xxe+u362uHN9sSAOB+/TkAAP//mWBg/A==") setrlimit(0x8, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000fc0)={&(0x7f00000021c0)={0x20, r5, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x69}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x880}, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r6 = socket$packet(0x11, 0x3, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14) r7 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r7, 0x0, 0xc000091) setsockopt$inet_icmp_ICMP_FILTER(r7, 0x1, 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8042, 0x0) 15.79240541s ago: executing program 9 (id=2437): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r4 = msgget$private(0x0, 0xfffffffffffffffd) msgrcv(r4, 0x0, 0x0, 0x1, 0x3000) msgrcv(r4, 0x0, 0x0, 0x1, 0x0) msgsnd(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="01000000000000"], 0x8, 0x0) msgrcv(r4, &(0x7f0000000000)={0x0, ""/104}, 0x70, 0x0, 0x1000) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) 13.776045532s ago: executing program 9 (id=2441): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa15, &(0x7f00000002c0)="$eJzs3c1vHOd9B/DvrEiJog1VtlVXFWxrJUM2bbMUSdUSBB9qiVxKdPlSkBRgoS0sw5IKQURd2C1gGz3IQNFTjBhBECDJJfAxJwPOIb4EuiXHnHIIkPg/CIxcohwCBju7lJbkvog0RSrK57MYzdvveduZnUe73J0n/CVbWVkppy2uX/rxTlaWh8/5ya8++/yT+vTxrezNnrxa/DQZSFJN+v5Univ9E5ML87M9MrqZXElyOymS7Etj3sH+NWtXUnw7j99bv53ihzncJtnAJhtHTyv8Vdvt8w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5KE5Ojo2NFZqbnLr1Z7awcArzL/tXsvixH/S6+7FVskRT1KQMDq0N9Hz50b/fT9X+O55nG2jONkb8H8tFjTx987am+ymr6LhXaEe9/+NHNt5eXr713b1N/28C+Zrvqy/t2rHr3b+/Wkl2ozU0vzk/PnrtQq04vzlfPnj49evLi1GJ1ajq1xcuLS7XZ6sRC7dzS/EJ1aOKl6tjZs6eqtZHL85fmLkyOzNRWN575h/HR0dPVN0b+pXZuYXF+7uQbI4sTF6dnZqbnLpQx9d31mDP1E/Gfp5eqS7Vzs9Xq9RvL1071qmQ9aKztnmJt0HivnMZHx8fHxsbHx06/evbVM6OjfRs2jK6TDRG7f9Kye36yrddu+IYqzf4/M5nOXC7lzVTbPiYymYXMZ7bD/qbV/v/EyVrXclv7/9Ve/vC93UdS9v/PNdae69T/d6hL78fKSiPnraZffbyfD/NRbubtLGc51/LeN85xw+OP25RP9Zu3duPjQmqZy3QWM5/pzOZcuaXa3FLN2ZzO6YzmrVzMVBZTzVSmM5NaFnM5i1lKrTyjJrKQWs5lKfNZSDVDmchLqWYsZ3M2p1JNLSO5nPlcylwuZDLnylyu50b5vJ/qUse7QWP3EzTeJWib+/+Vh/F/gjxo234Nh61aafb/ezsGrKwuDU3sWK0AAACA7fT3v8iBQ0/+/DdJf54tP5efmp6pje52tQAAAIBtVH5d75n6rL++9GwK7/8BAADgUVOUv7ErkgzmaGOp8UuoPfEhAAAAADwiyr//P1efDdaXjqa4eyeUK7tdNwAAAGB79L7Hfs+IYnj19r/Vq4351WZE8z6/g1PTM7WRifmZ18byQnmXgfKXBhty25MU/eXPD17OsUbUscHGfHBtjgP1qLGR18byco43GzL0fH32/FCbyPFG5IuNyBe7RJ6qRwLAo+54l/74fvv/lzPciBg+0rc3Sd+RNj3rqJ4VAB4WvcfY6RlR/OO99//9zWzX9P9P5vofGl8pGMk7eTfLuZrh8tcG5TcO1uT6b582PzO4+zWE0Qz3+DRgNfaXZyoZ7vF5wGDLQC/DPT4RaMTm35NTD/5AAMAOOt6hH95M/z/c8v4/G9//3x1a6JqfFALAQ+HuCPYPcGG32wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgO23rXf7H9hi8t82x/V7sMMQbFjY33wOtp7Pd5LsXJ2LbS6rsg35rCTZqeO1cws5mGz5WW17Gu9Nsvvt6rnQ13xJ3Hx7ebeuSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOykItnTbnsl2ZdkNMnJna/Vg3Nrtyuw8/6pdaW4kzv5IAd2rzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+m5v3/K2nMH2tsSl8lOZHkSpJ/3e06bqc7u12BbbJ/i+la7v9fP+ZZKdLXOOwp+icmF+Zn64e/HPuh8tVnn39Sn1qS77vfcsrAyrrBJZolrI/90eOrS0+UqQYnr71/87/f/a/q5PlUsjfnl6ZmJmcvLLx+L8nTxRdJNY1p1Wp9//fEzz5t0/Iv6i1tb325U+WTM7mx3L9rl7p7ud3cWL42Xi9pqfbm0v/8540PWnY9mWPJ80PJ0NqS/qM+dSjpWPq7lVZ8Xfx/cSDfy5Xy+NefjWKlqB+ivynbv//6jeVrI++8u3y1Q50O5miSq8lA9zp93LL7aHk9aas86yr99VJHy6D6P4d6tLGrlhzHOrThifKUGWy2YW/HNrSqdm5DqeV5r7Tb36jRqQ41eiovtDnSK/uSzjV6ofuRbq/4uvh1cTG/yv+1jP9RqR//E+n86lybRRnZcqZ0jKw0IsuWj7fueGt95O++f1+1bztMDZv1rTUv3krL9b95rLbperRSdL0etZS4udfFuhLXnRVdXhdlj3RoXYrm1adTmmY9DzWiOtTzb/NK0nek21VxQ2/9So8ryt30r7ffvdXX/w+Kofw+t4z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPyKZE+77ZXkRJKDq+vVZGUT2e7rtKMyWGy2itvq1t1/HgmVzSYo7uROPsiBB1MdAAAAAAAAAHba+cmvPvv8k/pU7G9uav59v5r0JTlYfHd/JhfmZ3tk1J9cSXK7vjzQZn+XP/fX0+Xxe+u362uHN9sSAOB+/TkAAP//mWBg/A==") setrlimit(0x8, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000fc0)={&(0x7f00000021c0)={0x20, r5, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x69}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x880}, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r6 = socket$packet(0x11, 0x3, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f00000000c0)={{0x11, 0x80}, 0x0, 0x2000040e, 0x7fffffff, {0x74, 0xf}, 0x80, 0x2}) r7 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r7, 0x0, 0xc000091) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8042, 0x0) 12.169712748s ago: executing program 9 (id=2444): r0 = socket$nl_rdma(0x10, 0x3, 0x14) syz_open_dev$video4linux(&(0x7f00000000c0), 0x100000007, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mount(&(0x7f00000003c0)=@sr0, 0x0, 0x0, 0x0, 0x0) semget$private(0x0, 0x0, 0x280) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_procfs(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setpgid(0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x400c844) socket$inet6(0xa, 0x3, 0x3c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000580), r2) sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)={0x24, r4, 0x201, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0xffffa848}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000091}, 0x0) 12.064016399s ago: executing program 3 (id=2445): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) pread64(r1, &(0x7f0000000180), 0x0, 0x7fff) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000040)='./file0\x00', 0x180c850, &(0x7f0000000140)=ANY=[@ANYBLOB="757466383d302c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d102c696f636861727365743d6575632d6a702c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c636865636b3d7374726963742c636f6465706167653d3935302c6e6f6e756d7461696c3d302c757466383d302c6e6f6e756d742c000000000000"], 0x1, 0x363, &(0x7f0000000c80)="$eJzs3U9oHFUYAPBvM/lbaJODUBSE0ZugoX/woKeUkkIxF5Wl6kFcbKqSjYUsLqaHbuNFPAoe9eRFPOjBQ88iKOLNg1crSFU8aG8Fi092d3Z3trtJU2Fbg7/fYfnyvffNe7OZZF8m2ZdXVmLj/ExcuHHjeszPV2J65fRK3KzEUmTRcyVGzY7JAQAHw82U4s/Utc+SyoSnBABMWOf1/7XDpcw7X+/VP3n1B4ADr/j5f2GvPvO7NVycyJQAgAkbuf//6FDz7PCv+qdLfxUAABxUz7/40jOn1iKey/P5iM13m9VmNZ4etJ+6EG9EPdbjWCzGrYjuQqH9UOk8njm7tnosz/NW/LIU1XZFsxqx2WpWuyuFU1mnfi6Ox2IsFfXFaiOllJ35Ym31eN4REVdanfFjs9KszsShYvwfD8V6nIg8Hhipjzi7tnoiLw5Q3ezVtyJ2Bvct2vNfjsX4/tW4GPU4v3AuUuota9ZWLx/P89Npbai+WZ2L8/1nYdc7IAAAAAAAAAAAAAAAAAAAAAAA8K8s531L/f1v0mD/nuXlMe2d/XG69cX+QDvd/YHSXIqU/nj7iep7WQztD3T7/jzN6nRM3d9TBwAAAAAAAAAAAAAAAAAAgP+MxvZs1Or19a3G9qWNctDaamxPRUQ78+a3n321EKN97hBMF2OUmvIidWmjlrJe55QN9SmCrD14L/Pp1f6My33m+mcxdhpzuzfV64cf+fnDQebhrHfkvwd9sqnx5dlt0ygHm0e6U7qbJ+rSySI4cYfO11JKux3n8sujVVGJmL77T9zeQWoH31x//cGTjaNPdjJfpq7HHl88d+2Dj3/bqNXbI7fVP5ndatxKG7Xi4/EX2+5BVrp+KtENKuUrYXqv8p3hTC374fcXHnr/u/2NnsqZt8b0ybqn8/lWY7tSfKV0mma7QTvXCab6VQv1s1nEbceZGXPxTyA4+tFK7erln37db1Xpm4SNOgAAAAAAAAAAAAAAAAAA4J4ovVe8ULzZd2avqqeenfzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODeGfz//1KwM5LZT/BXK0ab5ta3GhFH7vdpAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP/dPAAAA///fkWru") r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, 0x0, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x140f, 0x1, 0x800, 0x0, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}]}, 0x20}}, 0x0) 11.019219946s ago: executing program 3 (id=2447): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) pread64(r1, &(0x7f0000000180), 0x0, 0x7fff) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000040)='./file0\x00', 0x180c850, &(0x7f0000000140)=ANY=[@ANYBLOB="757466383d302c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d102c696f636861727365743d6575632d6a702c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c636865636b3d7374726963742c636f6465706167653d3935302c6e6f6e756d7461696c3d302c757466383d302c6e6f6e756d742c000000000000"], 0x1, 0x363, &(0x7f0000000c80)="$eJzs3U9oHFUYAPBvM/lbaJODUBSE0ZugoX/woKeUkkIxF5Wl6kFcbKqSjYUsLqaHbuNFPAoe9eRFPOjBQ88iKOLNg1crSFU8aG8Fi092d3Z3trtJU2Fbg7/fYfnyvffNe7OZZF8m2ZdXVmLj/ExcuHHjeszPV2J65fRK3KzEUmTRcyVGzY7JAQAHw82U4s/Utc+SyoSnBABMWOf1/7XDpcw7X+/VP3n1B4ADr/j5f2GvPvO7NVycyJQAgAkbuf//6FDz7PCv+qdLfxUAABxUz7/40jOn1iKey/P5iM13m9VmNZ4etJ+6EG9EPdbjWCzGrYjuQqH9UOk8njm7tnosz/NW/LIU1XZFsxqx2WpWuyuFU1mnfi6Ox2IsFfXFaiOllJ35Ym31eN4REVdanfFjs9KszsShYvwfD8V6nIg8Hhipjzi7tnoiLw5Q3ezVtyJ2Bvct2vNfjsX4/tW4GPU4v3AuUuota9ZWLx/P89Npbai+WZ2L8/1nYdc7IAAAAAAAAAAAAAAAAAAAAAAA8K8s531L/f1v0mD/nuXlMe2d/XG69cX+QDvd/YHSXIqU/nj7iep7WQztD3T7/jzN6nRM3d9TBwAAAAAAAAAAAAAAAAAAgP+MxvZs1Or19a3G9qWNctDaamxPRUQ78+a3n321EKN97hBMF2OUmvIidWmjlrJe55QN9SmCrD14L/Pp1f6My33m+mcxdhpzuzfV64cf+fnDQebhrHfkvwd9sqnx5dlt0ygHm0e6U7qbJ+rSySI4cYfO11JKux3n8sujVVGJmL77T9zeQWoH31x//cGTjaNPdjJfpq7HHl88d+2Dj3/bqNXbI7fVP5ndatxKG7Xi4/EX2+5BVrp+KtENKuUrYXqv8p3hTC374fcXHnr/u/2NnsqZt8b0ybqn8/lWY7tSfKV0mma7QTvXCab6VQv1s1nEbceZGXPxTyA4+tFK7erln37db1Xpm4SNOgAAAAAAAAAAAAAAAAAA4J4ovVe8ULzZd2avqqeenfzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODeGfz//1KwM5LZT/BXK0ab5ta3GhFH7vdpAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP/dPAAAA///fkWru") r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, 0x0, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x140f, 0x1, 0x800, 0x0, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}]}, 0x20}}, 0x0) 9.701441087s ago: executing program 3 (id=2449): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) pread64(r1, &(0x7f0000000180), 0x0, 0x7fff) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000040)='./file0\x00', 0x180c850, &(0x7f0000000140)=ANY=[@ANYBLOB="757466383d302c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d102c696f636861727365743d6575632d6a702c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c636865636b3d7374726963742c636f6465706167653d3935302c6e6f6e756d7461696c3d302c757466383d302c6e6f6e756d742c000000000000"], 0x1, 0x363, &(0x7f0000000c80)="$eJzs3U9oHFUYAPBvM/lbaJODUBSE0ZugoX/woKeUkkIxF5Wl6kFcbKqSjYUsLqaHbuNFPAoe9eRFPOjBQ88iKOLNg1crSFU8aG8Fi092d3Z3trtJU2Fbg7/fYfnyvffNe7OZZF8m2ZdXVmLj/ExcuHHjeszPV2J65fRK3KzEUmTRcyVGzY7JAQAHw82U4s/Utc+SyoSnBABMWOf1/7XDpcw7X+/VP3n1B4ADr/j5f2GvPvO7NVycyJQAgAkbuf//6FDz7PCv+qdLfxUAABxUz7/40jOn1iKey/P5iM13m9VmNZ4etJ+6EG9EPdbjWCzGrYjuQqH9UOk8njm7tnosz/NW/LIU1XZFsxqx2WpWuyuFU1mnfi6Ox2IsFfXFaiOllJ35Ym31eN4REVdanfFjs9KszsShYvwfD8V6nIg8Hhipjzi7tnoiLw5Q3ezVtyJ2Bvct2vNfjsX4/tW4GPU4v3AuUuota9ZWLx/P89Npbai+WZ2L8/1nYdc7IAAAAAAAAAAAAAAAAAAAAAAA8K8s531L/f1v0mD/nuXlMe2d/XG69cX+QDvd/YHSXIqU/nj7iep7WQztD3T7/jzN6nRM3d9TBwAAAAAAAAAAAAAAAAAAgP+MxvZs1Or19a3G9qWNctDaamxPRUQ78+a3n321EKN97hBMF2OUmvIidWmjlrJe55QN9SmCrD14L/Pp1f6My33m+mcxdhpzuzfV64cf+fnDQebhrHfkvwd9sqnx5dlt0ygHm0e6U7qbJ+rSySI4cYfO11JKux3n8sujVVGJmL77T9zeQWoH31x//cGTjaNPdjJfpq7HHl88d+2Dj3/bqNXbI7fVP5ndatxKG7Xi4/EX2+5BVrp+KtENKuUrYXqv8p3hTC374fcXHnr/u/2NnsqZt8b0ybqn8/lWY7tSfKV0mma7QTvXCab6VQv1s1nEbceZGXPxTyA4+tFK7erln37db1Xpm4SNOgAAAAAAAAAAAAAAAAAA4J4ovVe8ULzZd2avqqeenfzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODeGfz//1KwM5LZT/BXK0ab5ta3GhFH7vdpAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP/dPAAAA///fkWru") r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, 0x0, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x140f, 0x1, 0x800, 0x0, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}]}, 0x20}}, 0x0) 8.355484068s ago: executing program 3 (id=2450): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) pread64(r1, &(0x7f0000000180), 0x0, 0x7fff) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000040)='./file0\x00', 0x180c850, &(0x7f0000000140)=ANY=[@ANYBLOB="757466383d302c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d102c696f636861727365743d6575632d6a702c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c636865636b3d7374726963742c636f6465706167653d3935302c6e6f6e756d7461696c3d302c757466383d302c6e6f6e756d742c000000000000"], 0x1, 0x363, &(0x7f0000000c80)="$eJzs3U9oHFUYAPBvM/lbaJODUBSE0ZugoX/woKeUkkIxF5Wl6kFcbKqSjYUsLqaHbuNFPAoe9eRFPOjBQ88iKOLNg1crSFU8aG8Fi092d3Z3trtJU2Fbg7/fYfnyvffNe7OZZF8m2ZdXVmLj/ExcuHHjeszPV2J65fRK3KzEUmTRcyVGzY7JAQAHw82U4s/Utc+SyoSnBABMWOf1/7XDpcw7X+/VP3n1B4ADr/j5f2GvPvO7NVycyJQAgAkbuf//6FDz7PCv+qdLfxUAABxUz7/40jOn1iKey/P5iM13m9VmNZ4etJ+6EG9EPdbjWCzGrYjuQqH9UOk8njm7tnosz/NW/LIU1XZFsxqx2WpWuyuFU1mnfi6Ox2IsFfXFaiOllJ35Ym31eN4REVdanfFjs9KszsShYvwfD8V6nIg8Hhipjzi7tnoiLw5Q3ezVtyJ2Bvct2vNfjsX4/tW4GPU4v3AuUuota9ZWLx/P89Npbai+WZ2L8/1nYdc7IAAAAAAAAAAAAAAAAAAAAAAA8K8s531L/f1v0mD/nuXlMe2d/XG69cX+QDvd/YHSXIqU/nj7iep7WQztD3T7/jzN6nRM3d9TBwAAAAAAAAAAAAAAAAAAgP+MxvZs1Or19a3G9qWNctDaamxPRUQ78+a3n321EKN97hBMF2OUmvIidWmjlrJe55QN9SmCrD14L/Pp1f6My33m+mcxdhpzuzfV64cf+fnDQebhrHfkvwd9sqnx5dlt0ygHm0e6U7qbJ+rSySI4cYfO11JKux3n8sujVVGJmL77T9zeQWoH31x//cGTjaNPdjJfpq7HHl88d+2Dj3/bqNXbI7fVP5ndatxKG7Xi4/EX2+5BVrp+KtENKuUrYXqv8p3hTC374fcXHnr/u/2NnsqZt8b0ybqn8/lWY7tSfKV0mma7QTvXCab6VQv1s1nEbceZGXPxTyA4+tFK7erln37db1Xpm4SNOgAAAAAAAAAAAAAAAAAA4J4ovVe8ULzZd2avqqeenfzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODeGfz//1KwM5LZT/BXK0ab5ta3GhFH7vdpAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP/dPAAAA///fkWru") r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, 0x0, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x140f, 0x1, 0x800, 0x0, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}]}, 0x20}}, 0x0) 7.173449787s ago: executing program 3 (id=2452): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa15, &(0x7f00000002c0)="$eJzs3c1vHOd9B/DvrEiJog1VtlVXFWxrJUM2bbMUSdUSBB9qiVxKdPlSkBRgoS0sw5IKQURd2C1gGz3IQNFTjBhBECDJJfAxJwPOIb4EuiXHnHIIkPg/CIxcohwCBju7lJbkvog0RSrK57MYzdvveduZnUe73J0n/CVbWVkppy2uX/rxTlaWh8/5ya8++/yT+vTxrezNnrxa/DQZSFJN+v5Univ9E5ML87M9MrqZXElyOymS7Etj3sH+NWtXUnw7j99bv53ihzncJtnAJhtHTyv8Vdvt8w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5KE5Ojo2NFZqbnLr1Z7awcArzL/tXsvixH/S6+7FVskRT1KQMDq0N9Hz50b/fT9X+O55nG2jONkb8H8tFjTx987am+ymr6LhXaEe9/+NHNt5eXr713b1N/28C+Zrvqy/t2rHr3b+/Wkl2ozU0vzk/PnrtQq04vzlfPnj49evLi1GJ1ajq1xcuLS7XZ6sRC7dzS/EJ1aOKl6tjZs6eqtZHL85fmLkyOzNRWN575h/HR0dPVN0b+pXZuYXF+7uQbI4sTF6dnZqbnLpQx9d31mDP1E/Gfp5eqS7Vzs9Xq9RvL1071qmQ9aKztnmJt0HivnMZHx8fHxsbHx06/evbVM6OjfRs2jK6TDRG7f9Kye36yrddu+IYqzf4/M5nOXC7lzVTbPiYymYXMZ7bD/qbV/v/EyVrXclv7/9Ve/vC93UdS9v/PNdae69T/d6hL78fKSiPnraZffbyfD/NRbubtLGc51/LeN85xw+OP25RP9Zu3duPjQmqZy3QWM5/pzOZcuaXa3FLN2ZzO6YzmrVzMVBZTzVSmM5NaFnM5i1lKrTyjJrKQWs5lKfNZSDVDmchLqWYsZ3M2p1JNLSO5nPlcylwuZDLnylyu50b5vJ/qUse7QWP3EzTeJWib+/+Vh/F/gjxo234Nh61aafb/ezsGrKwuDU3sWK0AAACA7fT3v8iBQ0/+/DdJf54tP5efmp6pje52tQAAAIBtVH5d75n6rL++9GwK7/8BAADgUVOUv7ErkgzmaGOp8UuoPfEhAAAAADwiyr//P1efDdaXjqa4eyeUK7tdNwAAAGB79L7Hfs+IYnj19r/Vq4351WZE8z6/g1PTM7WRifmZ18byQnmXgfKXBhty25MU/eXPD17OsUbUscHGfHBtjgP1qLGR18byco43GzL0fH32/FCbyPFG5IuNyBe7RJ6qRwLAo+54l/74fvv/lzPciBg+0rc3Sd+RNj3rqJ4VAB4WvcfY6RlR/OO99//9zWzX9P9P5vofGl8pGMk7eTfLuZrh8tcG5TcO1uT6b582PzO4+zWE0Qz3+DRgNfaXZyoZ7vF5wGDLQC/DPT4RaMTm35NTD/5AAMAOOt6hH95M/z/c8v4/G9//3x1a6JqfFALAQ+HuCPYPcGG32wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgO23rXf7H9hi8t82x/V7sMMQbFjY33wOtp7Pd5LsXJ2LbS6rsg35rCTZqeO1cws5mGz5WW17Gu9Nsvvt6rnQ13xJ3Hx7ebeuSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOykItnTbnsl2ZdkNMnJna/Vg3Nrtyuw8/6pdaW4kzv5IAd2rzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+m5v3/K2nMH2tsSl8lOZHkSpJ/3e06bqc7u12BbbJ/i+la7v9fP+ZZKdLXOOwp+icmF+Zn64e/HPuh8tVnn39Sn1qS77vfcsrAyrrBJZolrI/90eOrS0+UqQYnr71/87/f/a/q5PlUsjfnl6ZmJmcvLLx+L8nTxRdJNY1p1Wp9//fEzz5t0/Iv6i1tb325U+WTM7mx3L9rl7p7ud3cWL42Xi9pqfbm0v/8540PWnY9mWPJ80PJ0NqS/qM+dSjpWPq7lVZ8Xfx/cSDfy5Xy+NefjWKlqB+ivynbv//6jeVrI++8u3y1Q50O5miSq8lA9zp93LL7aHk9aas86yr99VJHy6D6P4d6tLGrlhzHOrThifKUGWy2YW/HNrSqdm5DqeV5r7Tb36jRqQ41eiovtDnSK/uSzjV6ofuRbq/4uvh1cTG/yv+1jP9RqR//E+n86lybRRnZcqZ0jKw0IsuWj7fueGt95O++f1+1bztMDZv1rTUv3krL9b95rLbperRSdL0etZS4udfFuhLXnRVdXhdlj3RoXYrm1adTmmY9DzWiOtTzb/NK0nek21VxQ2/9So8ryt30r7ffvdXX/w+Kofw+t4z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPyKZE+77ZXkRJKDq+vVZGUT2e7rtKMyWGy2itvq1t1/HgmVzSYo7uROPsiBB1MdAAAAAAAAAHba+cmvPvv8k/pU7G9uav59v5r0JTlYfHd/JhfmZ3tk1J9cSXK7vjzQZn+XP/fX0+Xxe+u362uHN9sSAOB+/TkAAP//mWBg/A==") setrlimit(0x8, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000fc0)={&(0x7f00000021c0)={0x20, r5, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x69}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x880}, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r6 = socket$packet(0x11, 0x3, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f00000000c0)={{0x11, 0x80}, 0x0, 0x2000040e, 0x7fffffff, {0x74, 0xf}, 0x80, 0x2}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0xc000091) setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8042, 0x0) 4.507012799s ago: executing program 2 (id=2455): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x52, 0x1, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000003180), &(0x7f00000031c0)=0xc) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) getegid() r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 3.269297938s ago: executing program 2 (id=2456): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x52, 0x1, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000003180), &(0x7f00000031c0)=0xc) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) getegid() r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 2.032139658s ago: executing program 2 (id=2457): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000b80), 0x2, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x100000000) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x9, 0xfffffffd, 0x1, 0x81, 0xfffffdff, 0x7ff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x2, 0x0, @empty}, 0x1c) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000140)={'filter\x00', 0x7, 0x4, 0x3c8, 0x110, 0x1f8, 0x110, 0x2e0, 0x1f8, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="58607b1c69cb", @mac=@link_local, @loopback}}}, {{@arp={@remote, @empty, 0x0, 0x0, 0x0, 0x0, {@mac=@random="492f869a9354"}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6gre0\x00', 'veth1_virt_wifi\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) syz_open_dev$vim2m(0x0, 0xb, 0x2) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x0, 0x2b8, 0xb0000010, 0x268, 0x5c8f0200, 0x360, 0x3a8, 0x3a8, 0x360, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x228, 0x268, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0x20000f1, 0x0, 0x0, 0x0, 0xffffff80, 0x1, 0x7fffffff}}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x9, 0x8, "3382c5031d9efbc97e4a438857c13553fc74d2fcfd215c16a492e68df2e4"}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000100)={0x0, 0x2, 0xfffffffffffffffc}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_mount_image$exfat(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x1000000, &(0x7f0000000840)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303030303030372c666d61736b3d30303030303030303030303030303030303030303030322c696f636861727365743d69736f383835392d31332c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646d61736b3d30303030303030303030303030303337313630373234312c696f636861727365743d63703933322c6572726f72733d72656d6f756e742d726f2c666d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703836362c00ce0a5a71797b7256e90d2c78b433e66c4b4bc11d1f2c4d0cc1067826fa1a2c7e4d91d9b0179d604e463f435112f83befe3fe654c7636195294441b3602771ab07c8432acef3d5d173bdcde62c060457d460e95674bf5088b838b15ca8513626878d244b25d4f64d3c7eeeeeb484c2ffa3f8b4ad3ae9cb028b2b4d6e1aa1ec5406b99aa5b65ee0d12a169116f65688cbd61df820a0edfc5c40da44e70327aafebaa4a7c8bb964a37c5d89a99fb4fd0b149070fb825786654ff7ddcf75358ded9cd800000000a0c3328e6a138baad4bd205d6fb08d", @ANYRES16, @ANYBLOB="ebe050f9a6e26556b98b3a694ca1d9f8df1d1907a2607c94fad06b78ed9f520e602e86e81adc6386a9cd7f05df985b7d7649fbe21aac9ea3cd407d5b9c5b0b7ff5572dc06f5dc6fa7d1206852880bc490a27a1ec2e3d77acc8c7454c8cfc31b1cddd5727a3a7bb058f019d781f3174f03a4f699b28b8ee3491fe8da4a5d8b2431b5b560ae1638b532ebadbb95c3d0ecece79ca4492a146892118cd97d3a346c6e0eccede0661be772eb19221fdc8f58e6d741bd5212bb2a9b57a1666e4bb084eecf00117c99520a8", @ANYRESHEX, @ANYRESHEX], 0x1, 0x1517, &(0x7f00000046c0)="$eJzs3AnYjVXXOPC19t43D4mTZMpee92cZNgkSYaEDEmSJEmmhCRJkpBMmZKQhMxJ5pBMIZnneU6SV5IkISHJ/l+q7/W9X19fXd/b/+99/8/6XdfNXs991jrrPut5zrnPfT3n+brdwEp1KpevxczwT8Ff/usKACkA0AcAMgFABADFMhfLfGl/Oo1d/7k7EX+tB6dc6Q7ElSTzT91k/qmbzD91k/mnbjL/1E3mn7rJ/FM3mb8QqdmWqTmukS31bn/++r/7n3fL9f9/Q/L6//+tP/WTJvNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2RW79qwB4F/g+vef2P7+WP16iftK9/M7W/S/yrty33lCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIVKTc+EyAwD/sb7SfQkhhBBCCCGEEOKvE9Je6Q6EEEIIIYQQQgjxfx8CGA0GIkgDaSEF0kF6uAoywNWQETJBAq6BzHAtZIHrICtkg+yQA3KGTJALLBA4YIghN+SBJNwAeeFGyAf5oQAUBA+FoDDcBEXgZigKt0AxmLUA4DYoASWhFJSG26EM3AFloRyUhzuhAlSESlAZ7oIqcDdUhXugGtwL1eE+qAH3Q014AGrBg1AbHoI68DDUhUegHtSHBtAQGv2v8l+ATvAidIYu0BW6QXd4CXpAT+gFvaEPvAx94RXoB69CfxgAA+E1GASvw2B4A4bAUBgGb8JwGAEjYRSMhjEwFt6CcfA2jId3YAJMhEkwGabAVJgG78J0mAEz4T2YBe/DbJgDc2EezIcPYAEshEXwISyGj2AJLIVlsBxWwEpYBathDZ6AdbAeNsBG2ASbYQtshW2wHXbATtgFu8vtgY9hL3wC++BT2A+f/TYf1v4P+WfhH/PbIyCgQoUGDabBNJiCKZge02MGzIAZMSMmMIGZMTNmwSyYFbNidsyOOTEn5sJcSEjIyJgbc2MSk5gX82I+zIcFsAB69FgYC2MRvBmLYlEshsWwOBbHElgSS2JpLI1lsAyWxbJY/rY5AFgBK2ElvAvvwruxKlbFalgNq2N1rIE1sCbWxFpYC2tjbayDdbAu1sV6WA8bYANshI2wMTbGJtgEm2EzbI7NsQW2wJbYElthK2yNrbENtsG22BbbYTtsjx2wA76AL+CL+CJ2wQqqG3bH7tgDe2Av7I298WXsi6/gK/gq9scBOBBfw9fwdRyMZ3AIDsVhOAzLqBE4EkchqzE4FsfiOByH43E8TsCJOBEn4xScitNwGk7HGTgD38NZ+D6+j3NwDs7D+TgfF+BCXISLcDGexSW4FJfhclyBK3EFrsY1uBrX4XpchxtxI27GzbgVt+J23I47cSfuxt34MX6Mn+An2B/34348gAfwIB7EQ3gID+NhPIJHtl4FgMfwGB7H43gCT+IpPImn8TSewbN4Ds/heTyPF/C5nF/W3p1/bX9QlxhlVBqVRqWoFJVepVcZVAaVUWVUCZVQmVVmlUVlUVlVVpVdZVc5VU6VS+VSpEixilVulVslVVLlVXlVPpVPFVAFlFdeFVaFVRFVRBVVRVUxdasqrm5TJVRJ1dSXVqVVGdXMl1XlVHlVXlVQFVUlVVlVVlVUFVVVVVXVVDVVXVVXNdT9qqbqhr3wQXVpMnXUAKyrBmI9VV81UA3V6/ioaqwGYxPVVDVTj6uhOARbqMa+pXpKtVIjsbV6Ro3CZ1VbNQbbqedVe9VBdVQvqE6qie+suqgJ2E11V5Oxh+qpeqneajpWVJcmVkm9qvqrAWqgek3Nw9fVYPWGGqKGqmHqTTVcjVAj1Sg1Wo1RY9Vbapx6W41X76gJaqKapCarKWqqmqbeVdPVDDVTvadmqffVbDVHzVXz1Hz1gVqgFqpF6kO1WH2klqilaplarlaolWqVWq3WqLVqnVqvNqiNapParLaorWqb2q52qJ1ql9qt9qiP1V71idqnPlX71WfqgPqbOqg+V4fUF+qw+lIdUV+po+prdUx9o46rLuqEOqlOqe/UafW9OqPOqnPqB3Ve/aguqJ/URRUUaNRKa210pNPotDpFp9Pp9VU6g75aZ9SZdEJfozPra3UWfZ3OqrPp7DqHzqmv17m01aSdZh3r3DqPTuobdF59o86n8+sCuqD2upAurG/SRfTNuqi+RRfTt+ri+jZdQpfUpXRpfbsuo+/QZXU5XV7fqSvoirqSrqzv0lX03bqqvkdX0/fq6vo+XUPfr2vqB3Qt/aCurR/SdfTDuq5+RNfT9XUD3VA30o/qxvox3UQ31c3047q5fkK30E/qlvop3Uo/rVvrZ3Qb/axuq5/T7fTzur3uoDvqn/RFHXRn3UV31d2i7vol3UP31L10b91Hv6z76ld0P/2q7q8H6IH6NT1Iv64H6zf0ED1UD9Nv6uF6hB6pR+nReoweq9/S4/Tberx+R0/QE/UkPVlP0VN1r18rzfwT+W//N/n9fr73zXqL3qq36e16h96pd+ndeo/eo/fqvXqf3qf36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6mj+vj+oQ+qX/Q3+nT+nt9Rp/VZ/UP+rw+ry/8+hiAQaOMNsZEJo1Ja1JMOpPeXGUymKtNRpPJJMw1JrO51mQx15msJpvJbnKYnOZ6k8tYQ8YZNrHJbfKYpLnB5DU3mnwmvylgChpvCpnC5qZ/Ov93+ls+6ZeTl9AFwDQ2jU0T08Q0M81Mc9PctDAtTEvT0rQyrUxr09q0MW1MW9PWtDPtTHvT3nQ0HU0n08l0RjBdTVfT3bxkepieppfpbfqYl01f09f0M/1Mf9PfDDQDzSAzyAw2g80QM8QYABhuhpuRZqQZbUabsWasGWfGmfFmvJlgJphJZpKZYqaYaWaamW6mm5lmppllZpnZZraZa+aa+Wa+WWAWmEVmkVlsFpslZqlZapab5WalWWlWm9VmrVlr1pv1ZqPZaJaYLWaL2Wa2mR1mh9lldpk9Zo/Za/aafWaf2W/2mwPmgDloDppD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5ZU6Z0+a0OWPOmHPmnDlvzpsL5oK5aC5eOu2LVKQiE5koTZQmSolSovRR+ihDlCHKGGWMElEiyhxljrJE10VZo2xR9ihHlDO6PsoV2YgiF3EUR7mjPFEyuiHKG90Y5YvyRwWigpGPCkWFo5uiItHNUdHolqhYdGtUPLotKhGVjEpFpaPbozLRHVHZqFxUProzqhBVjCpFlaO7oirR3VHV6J6oWnRvVD26L6oR3R/VjB6IakUPRrWjh6I60cNR3eiRqF5UP2oQNYwa/aX1QziT7THf2XaxaaGb7W5fsj1sT9vL9rZ97Mu2r33F9rOv2v52gB1oX7OD7Ot2sH3DDrFD7TD7ph1uR9iRdpQdbcfYsfYtO86+bcfbd+wEO9FOspPtFDvVTrPv2ul2hp1p37Oz7Pt2tp1j59p5dr79wC6wC+0i+6FdbD+yS+xSu8wutyvsSrvKrrZr7Fq7zq63G+xGu8lutlvsVrvNbrc77E67y+62e+zHdq/9xO6zn9r99jN7wKb8en7/hT1sv7RH7Ff2qP3aHrPf2OP2W3vCnrSn7Hf2tP3enrFn7Tn7gz1vf7QX7E/2og2XTu4vvbyTIUNpKA2lUAqlp/SUgTJQRspICUpQZspMWSgLZaWslJ2yU07KSbkoF13CxJSbclOSkpSX8lI+ykcFqAB58lSYClMRKkJFqSgVo2JUnIpTCSpBpagU3U630x10B5WjcnQn3UkVqSJVpspUhapQVapK1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB41oAbUiBpRY2pMTagJNaNm1JyaUwtqQS2pJbWiVtSaWlMbakNtqS21o3bUntpTR+pInagTdabO1JW6UnfqTj2oB/WiXtSH+lBf6kv9qB/1p/40kAbSIBpEg2kwDaGhNIzepOE0gkbSKBpNY2gsjaVxNI7G03iaQBNoEk2iKTSFptE0mk7TaSbNpFk0i2bTbJpLc2k+zacFtIAW0SJaTItpCS2hZbSMVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI120A7aRbtoD+2hvbSX9tE+2k/76QAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+giBUpx6Vx6d5XL4K52GV0m91/j7C6Hy+mud7mcdVldtn+IyTmXz+V3BVxB510hV9jd9Ju4hCvpSrnS7nZXxt3hyv4mrrJmxy+/iO7udZXdXa6Ku9tVdfe4au5eV93d52q4h11N94ir5eq72q6hq+MednXdI66eq+8auIauuXvCtXBPupbuKdfKPf2beIFb6Na4tW6dW+/2uk/cOfeDO+q+dufdj66z6+L6uJddX/eK6+dedf3dgN/Ew9ybbrgb4Ua6UW60G/ObeJKb7Ka4qW6ae9dNdzN+E893H7hZbpGb7ea4uW7ez/Glnha5D91i95Fb4pa6ZW65W+FWulVu9d97Xe42uk1us9vjPnbb3Ha3w+10u9zun+NLx7HPfer2u8/cEfeVO+g+d4fcMXfYfflzfOn4jrlv3HH3rTvhTrpT7jt32n3vzrizPx//pWP/zv3kLrrggJEVazYccRpOyymcjtPzVZyBr+aMnIkTfA1n5ms5C1/HWTkbZ+ccnJOv51xsmdgxc8y5OQ8n+QbOyzdyPs7PBbggey7EhfkmLsI3c1G+hYvxrVycb+MSXJJLcWm+ncvwHVyWy3F5vpMrcEWuxJX5Lq7Cd3NVvoer8b1cne/jGnw/1+QHuBY/yLX5Ia7DD3NdfoTrcX1uwA25ET/KjfkxbsJNuRk/zs35CW7BT3JLfopb8dPcmp/hNvwst+XnuB0/z+25A3fkF7gTv8iduQt35W7cHYF7cE/uxb25D7/MffkV7sevcn8ewAP5NR7Er/NgfoOH8FAexm/ycB7BI3kUj+YxPJbf4nH8No/nd3gCT+RJPJmn8FSexu/ydJ7BM/k9nsXv82yew3N5Hs/nD3gBL+RF/CEv5o94CS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VtvJ2Rd/KuS0/z/DHv5U94H3/K+/kzPsB/44P8OR/iL/gwf8lH+Cs+yl/zMf6Gj/O3fIJP8in+jk/z93yGz/I5/oHP8498gX/iixwYYoxVrGMTR3GaOG2cEqeL08dXxRniq+OMcaY4EV8TZ46vjbPE18VZ42xx9jhHnDO+Ps4V25hiF3Mcx7njPHEyviHOG98Y54vzxwXigrGPC8WF45viIvHNcdH4lrhYfGtcPL4tLhGXjB++t3R8e1wmviMuG5eLy8d3xhXiinGluHJ8V1wlvjuuGt8TV4vvjYvG98U14vvjmvEDca34wbh2/FBcJ344rhs/EteL68cN4oZxo/jRuHH8WNwkbho3ix+Pm8dPxC3iJ+OW8VNxq/jpP9zfNe4Wd49fil+KQ7hHz03OS85PfpBckFyYXJT8MLk4+VFySXJpcllyeXJFcmVyVXJ1ck1ybXJdcn1yQ3JjclNyczKEymnBo1dee+Mjn8an9Sk+nU/vr/IZ/NU+o8/kE/4an9lf67P463xWn81n9zl8Tn+9z+WtJ+88+9jn9nl80t/g8/obfT6f3xfwBb33hXxh39A38o18Y/+Yb+Kb+gge94/7J/wT/kn/pH/Kt/JP+9b+Gd/GP+vb+uf8c/5539538B39C76Tf9F39l18V9/Vd/fdfQ/fw/fyvXwf38f39X19P9/P9/f9/UA/0A/yg/xgP9gP8UP8MD/MD/fD/Ug/0o/2o/1YP9aP8+P8eD/eT/AT/CQ/yU/xU/w0P81P99P9TD/Tz8o3y8/2s/1cP9fP9/P9Ar/AL/KL/GK/2C/xS/wyv8yv8Cv8Kr/Kr/Fr/Dq/zm/wG/wmv8lv8Vv8Nr/N7/A7/C6/y+/xe/xev9fv8/v8fr/fH/AHzgV/0B/yX/jD/kt/xH/lj/qv/TH/jT/uv/Un/El/yn/nT/vv/Rl/1p/zP/jz/kd/wf/kL/rgxybeSoxLvJ0Yn3gnMSExMTEpMTkxJTE1MS3xbmJ6YkZiZuK9xKzE+4nZiTmJuYl5ifmJDxILEgsTixIfJhYnPkosSSxNLEssT6xIrEyEcP22OOQOeUIy3BDyhhtDvpA/FAgFgw+FQuFwUygSbg5Fwy2hWLg1FA+3hRKhZCgVHgn1Qv3QIDQMjcKjoXF4LDQJTUOz8HhoHp4ILcKToWV4KrQKT4fW4ZnQJjwb2obnQrvwfGgfOoSO4YXQKbwYOgcduoZuoXt4KfQIPUOv0Dv0CS+HvuGV0C+8GvqHAWFgeC0MCq+HweGNMCQMDcPCm2F4GBFGhlFhdBgTxoa3wrjwdhgf3gkTwsQwKUwOU8LUMC28G6aHGWFmeC/MCu+H2WFOmBvmhfnhg7AgLAyLwodhcfgoLAlLw7KwPEDKyrAqrA5rwtqwLqwPG8LGsClsDlvC1rAtbA87ws6wK+wOe8LHYW/4JOwLn4b94bNwIPwtHAyfh0Phi3A4fBmOhK/C0fB1OBa+CcfDt+FEOBlOhe/C6fB9OBPOhnPhh3A+/BguhJ/CRfnMmhBCCCHEn6L/YH+3f4jU3/9Vv36lOwBcvT3H4f9ac0PWX9Y9Vc7mCQB4qku7B/9jq1Cha9euv952iYYozxwASFzOTwOX46XQDJ6AltAUivy3/fVUHc7zH9RP3gqQ/j/lpMDl+HL9m3+n/ohZf1h/DkC+PJdz0sHl+HL9or+pHf1cP1vjP6if7vOxAE3+U14GuBxfrl8YHoOnoeU/3FIIIYQQQgghhPhFT1WqzR+9v730/jynuZyTFn6JzZ94fw6/fMJACCGEEEIIIYQQV9CzHTo++WjLlk3b/M6i3O/vkkVqWaT512jj334B8C/Rxp9bXOlnJiGEEEIIIcRf7fJJ/5XuRAghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESL3+X/w5sSt9jEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSV9n8CAAD//yldK4M=") mount$nfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2000, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f00000000c0)={0x0, 0x0}, 0x10) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) 1.853145031s ago: executing program 2 (id=2458): socket$key(0xf, 0x3, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420750f52e274daad4b4ae7bf4356377f00000000000000303030"], 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000300), &(0x7f00000002c0), 0x0, 0x0, 0xfffffffffffffffd) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10) 470.240073ms ago: executing program 2 (id=2459): socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfff7fffffffffff5}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) symlinkat(0x0, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_settime(0x0, 0x0, 0x0, &(0x7f0000000780)) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) close(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0), 0x1, 0x228, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiMwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWLF+Rapn6+7g0Dw8GozxMZGJcz7mdiYJgZtnMPsr/KG6CRwcDMwMCgwsDAwMTAwpCWmZNq4MHAyMAM5RiyQFXBVDMxcIAl9JLzc1LaGRjBSQCsbTkDC9wMw8cMrHCOETLH2KIBahJDO5RWgdIeUHo5lH4MpeXRkg0L2IR+KE+jgYGBjaEisaSkyJCNgQHKgosZwcWMBOA2M0FtncuE6rnjTAyjYBSMglEwCkbBKBgFo2AUjIJRMJIBIAAA///ZbLn7") 376.292745ms ago: executing program 3 (id=2460): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa15, &(0x7f00000002c0)="$eJzs3c1vHOd9B/DvrEiJog1VtlVXFWxrJUM2bbMUSdUSBB9qiVxKdPlSkBRgoS0sw5IKQURd2C1gGz3IQNFTjBhBECDJJfAxJwPOIb4EuiXHnHIIkPg/CIxcohwCBju7lJbkvog0RSrK57MYzdvveduZnUe73J0n/CVbWVkppy2uX/rxTlaWh8/5ya8++/yT+vTxrezNnrxa/DQZSFJN+v5Univ9E5ML87M9MrqZXElyOymS7Etj3sH+NWtXUnw7j99bv53ihzncJtnAJhtHTyv8Vdvt8w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5KE5Ojo2NFZqbnLr1Z7awcArzL/tXsvixH/S6+7FVskRT1KQMDq0N9Hz50b/fT9X+O55nG2jONkb8H8tFjTx987am+ymr6LhXaEe9/+NHNt5eXr713b1N/28C+Zrvqy/t2rHr3b+/Wkl2ozU0vzk/PnrtQq04vzlfPnj49evLi1GJ1ajq1xcuLS7XZ6sRC7dzS/EJ1aOKl6tjZs6eqtZHL85fmLkyOzNRWN575h/HR0dPVN0b+pXZuYXF+7uQbI4sTF6dnZqbnLpQx9d31mDP1E/Gfp5eqS7Vzs9Xq9RvL1071qmQ9aKztnmJt0HivnMZHx8fHxsbHx06/evbVM6OjfRs2jK6TDRG7f9Kye36yrddu+IYqzf4/M5nOXC7lzVTbPiYymYXMZ7bD/qbV/v/EyVrXclv7/9Ve/vC93UdS9v/PNdae69T/d6hL78fKSiPnraZffbyfD/NRbubtLGc51/LeN85xw+OP25RP9Zu3duPjQmqZy3QWM5/pzOZcuaXa3FLN2ZzO6YzmrVzMVBZTzVSmM5NaFnM5i1lKrTyjJrKQWs5lKfNZSDVDmchLqWYsZ3M2p1JNLSO5nPlcylwuZDLnylyu50b5vJ/qUse7QWP3EzTeJWib+/+Vh/F/gjxo234Nh61aafb/ezsGrKwuDU3sWK0AAACA7fT3v8iBQ0/+/DdJf54tP5efmp6pje52tQAAAIBtVH5d75n6rL++9GwK7/8BAADgUVOUv7ErkgzmaGOp8UuoPfEhAAAAADwiyr//P1efDdaXjqa4eyeUK7tdNwAAAGB79L7Hfs+IYnj19r/Vq4351WZE8z6/g1PTM7WRifmZ18byQnmXgfKXBhty25MU/eXPD17OsUbUscHGfHBtjgP1qLGR18byco43GzL0fH32/FCbyPFG5IuNyBe7RJ6qRwLAo+54l/74fvv/lzPciBg+0rc3Sd+RNj3rqJ4VAB4WvcfY6RlR/OO99//9zWzX9P9P5vofGl8pGMk7eTfLuZrh8tcG5TcO1uT6b582PzO4+zWE0Qz3+DRgNfaXZyoZ7vF5wGDLQC/DPT4RaMTm35NTD/5AAMAOOt6hH95M/z/c8v4/G9//3x1a6JqfFALAQ+HuCPYPcGG32wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgO23rXf7H9hi8t82x/V7sMMQbFjY33wOtp7Pd5LsXJ2LbS6rsg35rCTZqeO1cws5mGz5WW17Gu9Nsvvt6rnQ13xJ3Hx7ebeuSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOykItnTbnsl2ZdkNMnJna/Vg3Nrtyuw8/6pdaW4kzv5IAd2rzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+m5v3/K2nMH2tsSl8lOZHkSpJ/3e06bqc7u12BbbJ/i+la7v9fP+ZZKdLXOOwp+icmF+Zn64e/HPuh8tVnn39Sn1qS77vfcsrAyrrBJZolrI/90eOrS0+UqQYnr71/87/f/a/q5PlUsjfnl6ZmJmcvLLx+L8nTxRdJNY1p1Wp9//fEzz5t0/Iv6i1tb325U+WTM7mx3L9rl7p7ud3cWL42Xi9pqfbm0v/8540PWnY9mWPJ80PJ0NqS/qM+dSjpWPq7lVZ8Xfx/cSDfy5Xy+NefjWKlqB+ivynbv//6jeVrI++8u3y1Q50O5miSq8lA9zp93LL7aHk9aas86yr99VJHy6D6P4d6tLGrlhzHOrThifKUGWy2YW/HNrSqdm5DqeV5r7Tb36jRqQ41eiovtDnSK/uSzjV6ofuRbq/4uvh1cTG/yv+1jP9RqR//E+n86lybRRnZcqZ0jKw0IsuWj7fueGt95O++f1+1bztMDZv1rTUv3krL9b95rLbperRSdL0etZS4udfFuhLXnRVdXhdlj3RoXYrm1adTmmY9DzWiOtTzb/NK0nek21VxQ2/9So8ryt30r7ffvdXX/w+Kofw+t4z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPyKZE+77ZXkRJKDq+vVZGUT2e7rtKMyWGy2itvq1t1/HgmVzSYo7uROPsiBB1MdAAAAAAAAAHba+cmvPvv8k/pU7G9uav59v5r0JTlYfHd/JhfmZ3tk1J9cSXK7vjzQZn+XP/fX0+Xxe+u362uHN9sSAOB+/TkAAP//mWBg/A==") setrlimit(0x8, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000fc0)={&(0x7f00000021c0)={0x20, r5, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x69}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x880}, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r6 = socket$packet(0x11, 0x3, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f00000000c0)={{0x11, 0x80}, 0x0, 0x2000040e, 0x7fffffff, {0x74, 0xf}, 0x80, 0x2}) r7 = socket(0x10, 0x2, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r7, 0x1, 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8042, 0x0) 236.742527ms ago: executing program 9 (id=2461): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x52, 0x1, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000003180), &(0x7f00000031c0)=0xc) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) getegid() r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 0s ago: executing program 2 (id=2462): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, &(0x7f0000000100)={0x0, @bt={0x9, 0x81, 0x1, 0x1, 0x7, 0xffff, 0x18, 0x1ff, 0x5, 0x1, 0x800, 0x8, 0xffffffff, 0x3, 0xb, 0x30, {0x2, 0x47ee}, 0x3, 0x5a}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') read$eventfd(r5, &(0x7f0000000080), 0x8) kernel console output (not intermixed with test programs): utor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 270.820210][ T26] audit: type=1326 audit(1750814560.062:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.4.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 270.914846][ T26] audit: type=1326 audit(1750814560.062:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.4.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 271.161765][ T26] audit: type=1326 audit(1750814560.062:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.4.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 272.112385][ T4260] Bluetooth: hci1: command 0x041b tx timeout [ 273.059737][ T26] audit: type=1326 audit(1750814560.072:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.4.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 273.087070][ T26] audit: type=1326 audit(1750814560.072:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.4.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 273.366314][ T6198] loop6: detected capacity change from 0 to 512 [ 273.435441][ T6198] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 273.498912][ T6198] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 274.435399][ T6198] EXT4-fs (loop6): 1 truncate cleaned up [ 274.473912][ T6198] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 274.618175][ T4260] Bluetooth: hci1: command 0x040f tx timeout [ 275.297908][ T6149] chnl_net:caif_netlink_parms(): no params data found [ 275.485502][ T5254] EXT4-fs (loop6): unmounting filesystem. [ 275.792945][ T6229] loop6: detected capacity change from 0 to 8 [ 276.162761][ T6149] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.179285][ T6149] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.198334][ T6149] device bridge_slave_0 entered promiscuous mode [ 276.332453][ T6149] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.349079][ T6149] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.405336][ T6149] device bridge_slave_1 entered promiscuous mode [ 276.678967][ T4260] Bluetooth: hci1: command 0x0419 tx timeout [ 277.755643][ T6149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.038862][ T4267] Bluetooth: hci2: command 0x0406 tx timeout [ 278.097478][ T26] kauditd_printk_skb: 55 callbacks suppressed [ 278.097496][ T26] audit: type=1800 audit(1750814569.312:73): pid=6248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.452" name="file1" dev="loop6" ino=5 res=0 errno=0 [ 278.144200][ T6149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.543582][ T6149] team0: Port device team_slave_0 added [ 278.579434][ T6149] team0: Port device team_slave_1 added [ 280.611055][ T6149] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.642120][ T6149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.787088][ T6149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.887511][ T6149] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.898175][ T6149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.972135][ T6149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.993523][ T4468] device hsr_slave_0 left promiscuous mode [ 281.016977][ T4468] device hsr_slave_1 left promiscuous mode [ 281.189984][ T4468] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 281.216949][ T4468] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.051224][ T4468] device bridge_slave_1 left promiscuous mode [ 282.058125][ T4468] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.107067][ T4468] device bridge_slave_0 left promiscuous mode [ 282.138220][ T4468] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.976232][ T4468] team0 (unregistering): Port device team_slave_1 removed [ 284.078223][ T4468] team0 (unregistering): Port device team_slave_0 removed [ 284.185569][ T4468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.275799][ T4468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.738333][ T6311] loop6: detected capacity change from 0 to 4096 [ 285.820855][ T6311] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 287.879660][ T5254] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 289.157968][ T6324] input: syz0 as /devices/virtual/input/input8 [ 294.234011][ T4468] bond0 (unregistering): Released all slaves [ 295.683539][ T6291] netlink: 12 bytes leftover after parsing attributes in process `syz.2.466'. [ 295.710268][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.466'. [ 296.326013][ T6149] device hsr_slave_0 entered promiscuous mode [ 296.341850][ T6149] device hsr_slave_1 entered promiscuous mode [ 298.545752][ T6381] loop6: detected capacity change from 0 to 512 [ 299.526293][ T6381] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.490: invalid indirect mapped block 256 (level 2) [ 299.829096][ T6381] EXT4-fs (loop6): 2 truncates cleaned up [ 299.836754][ T6381] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 302.230351][ T6389] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 302.329930][ T5254] EXT4-fs (loop6): unmounting filesystem. [ 304.413689][ T4260] Bluetooth: hci3: unknown advertising packet type: 0x70 [ 304.679331][ T6149] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 304.757165][ T6149] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 305.756853][ T6149] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 305.803897][ T6149] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 306.653233][ T6440] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 307.646275][ T6149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.768521][ T6149] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.776514][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 307.793355][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 307.822016][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.617969][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.689645][ T4476] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.697296][ T4476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.792514][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.814130][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.849048][ T4476] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.856927][ T4476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.964861][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 309.016603][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 309.076083][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 309.362780][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 310.173350][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 310.233250][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 310.404265][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 310.414003][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 310.424248][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 310.433674][ T4481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 310.458646][ T6149] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 311.592668][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 311.618512][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 315.492728][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 315.636571][ T4308] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 315.663061][ T6149] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.022311][ T6540] netlink: 12 bytes leftover after parsing attributes in process `syz.3.523'. [ 316.062793][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.3.523'. [ 316.921734][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.928273][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.361384][ T6554] 9pnet: Could not find request transport: fd0x0000000000000004 [ 317.602335][ T6558] overlayfs: failed to clone upperpath [ 318.677617][ T5900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 318.717570][ T5900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 318.956899][ T5900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 318.977514][ T5900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 319.004738][ T5900] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 319.043957][ T5900] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 319.661226][ T6149] device veth0_vlan entered promiscuous mode [ 319.791115][ T6149] device veth1_vlan entered promiscuous mode [ 319.821174][ T6149] device veth0_macvtap entered promiscuous mode [ 319.833880][ T6149] device veth1_macvtap entered promiscuous mode [ 321.102480][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 321.197855][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 321.237534][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 321.265176][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 321.517615][ T6149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.830028][ T6149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.910295][ T6149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.939860][ T6149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.974946][ T6149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.007717][ T6149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.028892][ T6149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.096143][ T6149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.140462][ T6149] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 324.098773][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 324.164072][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 325.307909][ T4267] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 325.321657][ T4267] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 325.331898][ T4267] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 325.340160][ T4267] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 325.360564][ T4269] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 325.368175][ T4269] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 325.591112][ T6637] netlink: 'syz.4.546': attribute type 29 has an invalid length. [ 325.603659][ T6637] netlink: 'syz.4.546': attribute type 29 has an invalid length. [ 325.822903][ T6640] loop6: detected capacity change from 0 to 40427 [ 325.852923][ T6640] F2FS-fs (loop6): invalid crc value [ 325.903110][ T6640] F2FS-fs (loop6): Found nat_bits in checkpoint [ 325.932480][ T6640] F2FS-fs (loop6): Start checkpoint disabled! [ 325.953902][ T6640] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 327.398919][ T4269] Bluetooth: hci5: command 0x0409 tx timeout [ 328.551723][ T6660] fuse: Bad value for 'fd' [ 329.478925][ T4269] Bluetooth: hci5: command 0x041b tx timeout [ 330.038007][ T6676] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 330.046969][ T6676] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 330.058758][ T6676] overlayfs: missing 'lowerdir' [ 330.166526][ T4481] kworker/u4:14: attempt to access beyond end of device [ 330.166526][ T4481] loop6: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 331.565389][ T4269] Bluetooth: hci5: command 0x040f tx timeout [ 332.783075][ T6691] netlink: 'syz.3.559': attribute type 29 has an invalid length. [ 332.885659][ T6691] netlink: 'syz.3.559': attribute type 29 has an invalid length. [ 332.962377][ T6630] chnl_net:caif_netlink_parms(): no params data found [ 333.250825][ T6706] netlink: 104 bytes leftover after parsing attributes in process `syz.2.560'. [ 334.008744][ T4260] Bluetooth: hci5: command 0x0419 tx timeout [ 335.775993][ T6630] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.823886][ T6630] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.014163][ T6630] device bridge_slave_0 entered promiscuous mode [ 339.088860][ T6630] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.096018][ T6630] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.885827][ T6630] device bridge_slave_1 entered promiscuous mode [ 341.030713][ T6630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.335269][ T6630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.903186][ T6630] team0: Port device team_slave_0 added [ 342.981919][ T6630] team0: Port device team_slave_1 added [ 343.094620][ T6630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.146189][ T6630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.254738][ T6630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.354703][ T6630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.417156][ T6630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.501145][ T6630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.521506][ T6797] loop6: detected capacity change from 0 to 8 [ 343.917610][ T26] audit: type=1800 audit(1750814891.133:74): pid=6800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.580" name="file1" dev="loop6" ino=5 res=0 errno=0 [ 344.076369][ T6630] device hsr_slave_0 entered promiscuous mode [ 344.095634][ T6630] device hsr_slave_1 entered promiscuous mode [ 344.156536][ T6630] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 344.165938][ T6630] Cannot create hsr debugfs directory [ 344.603181][ T4387] device hsr_slave_0 left promiscuous mode [ 344.639432][ T4387] device hsr_slave_1 left promiscuous mode [ 344.649483][ T4387] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 344.667328][ T4387] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.768272][ T4387] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.861097][ T4387] device bridge_slave_1 left promiscuous mode [ 346.867394][ T4387] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.940264][ T4387] device bridge_slave_0 left promiscuous mode [ 346.946575][ T4387] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.168560][ T4387] device veth1_macvtap left promiscuous mode [ 347.189773][ T4387] device veth0_macvtap left promiscuous mode [ 347.196076][ T4387] device veth1_vlan left promiscuous mode [ 347.210379][ T4387] device veth0_vlan left promiscuous mode [ 349.288377][ T6864] fuse: Bad value for 'group_id' [ 349.944995][ T4387] team0 (unregistering): Port device team_slave_1 removed [ 350.148868][ T4387] team0 (unregistering): Port device team_slave_0 removed [ 351.435471][ T4387] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.601802][ T6884] overlayfs: missing 'lowerdir' [ 351.952669][ T4387] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.657915][ T6882] Process accounting resumed [ 354.897932][ T4387] bond0 (unregistering): Released all slaves [ 357.539188][ T4260] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 357.548372][ T4260] Bluetooth: hci2: Injecting HCI hardware error event [ 357.572902][ T4260] Bluetooth: hci2: hardware error 0x00 [ 359.230113][ T6936] loop6: detected capacity change from 0 to 32768 [ 360.087374][ T4260] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 360.610624][ T6936] XFS (loop6): Mounting V5 Filesystem [ 360.737861][ T6936] XFS (loop6): Ending clean mount [ 361.204975][ T6955] autofs4:pid:6955:autofs_fill_super: called with bogus options [ 361.261746][ T5254] XFS (loop6): Unmounting Filesystem [ 364.412892][ T6990] device veth0_to_team entered promiscuous mode [ 365.326207][ T6630] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 365.353952][ T6630] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 365.497494][ T6630] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 365.509269][ T6630] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 366.858419][ T7025] loop6: detected capacity change from 0 to 40427 [ 366.903246][ T7025] F2FS-fs (loop6): invalid crc value [ 366.953979][ T7025] F2FS-fs (loop6): Found nat_bits in checkpoint [ 366.989266][ T6630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.029232][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 367.044564][ T7025] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 367.047252][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 367.242930][ T6630] 8021q: adding VLAN 0 to HW filter on device team0 [ 367.265944][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 368.206925][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 368.317957][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.325359][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.333338][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 368.353766][ T7037] 9pnet_virtio: no channels available for device syz [ 368.361438][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 368.371670][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.378912][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 368.398221][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 368.407341][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 368.416318][ T5254] syz-executor: attempt to access beyond end of device [ 368.416318][ T5254] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 368.416652][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 368.466284][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 368.476551][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 368.486685][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 368.557463][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 368.649841][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 368.689767][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 368.731493][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 369.756403][ T6630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 369.863183][ T6630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 369.948042][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 369.956979][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 376.746758][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 376.755435][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 376.783452][ T6630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 378.509155][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.515525][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.932644][ T7163] loop6: detected capacity change from 0 to 2048 [ 385.026868][ T7163] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 385.039017][ T7163] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 385.339386][ T4269] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 385.353241][ T4269] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 385.363163][ T4269] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 385.574629][ T4269] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 385.586380][ T4269] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 385.599188][ T4269] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 386.022215][ T5254] EXT4-fs (loop6): unmounting filesystem. [ 388.258865][ T4267] Bluetooth: hci1: command 0x0409 tx timeout [ 389.974162][ T7170] chnl_net:caif_netlink_parms(): no params data found [ 390.122328][ T4267] Bluetooth: hci3: unexpected event for opcode 0x0c47 [ 390.687100][ T4267] Bluetooth: hci1: command 0x041b tx timeout [ 391.781967][ T7225] loop6: detected capacity change from 0 to 8 [ 391.821638][ T7225] SQUASHFS error: Unable to read inode 0x127 [ 392.759205][ T4267] Bluetooth: hci1: command 0x040f tx timeout [ 393.806719][ T7170] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.839282][ T7170] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.871415][ T7170] device bridge_slave_0 entered promiscuous mode [ 393.893007][ T7170] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.951821][ T7170] bridge0: port 2(bridge_slave_1) entered disabled state [ 393.988409][ T7170] device bridge_slave_1 entered promiscuous mode [ 394.035709][ T4308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.060251][ T4308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.167235][ T4267] Bluetooth: hci1: command 0x0419 tx timeout [ 395.440169][ T7170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 396.393884][ T7170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 398.862339][ T7170] team0: Port device team_slave_0 added [ 398.872273][ T7170] team0: Port device team_slave_1 added [ 400.612825][ T7280] lo speed is unknown, defaulting to 1000 [ 400.909416][ T7170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.917455][ T7170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 401.104659][ T7170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 401.178001][ T7280] lo speed is unknown, defaulting to 1000 [ 402.639988][ T7170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 402.647066][ T7170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 402.685068][ T7280] lo speed is unknown, defaulting to 1000 [ 402.752798][ T7170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 402.814113][ T7280] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 402.939595][ T7280] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 404.035096][ T7318] netlink: 12 bytes leftover after parsing attributes in process `syz.6.700'. [ 404.054530][ T7170] device hsr_slave_0 entered promiscuous mode [ 404.089233][ T7318] netlink: 48 bytes leftover after parsing attributes in process `syz.6.700'. [ 404.131081][ T7170] device hsr_slave_1 entered promiscuous mode [ 404.215173][ T7280] lo speed is unknown, defaulting to 1000 [ 405.296898][ T7280] lo speed is unknown, defaulting to 1000 [ 405.600562][ T7280] lo speed is unknown, defaulting to 1000 [ 405.607439][ T7280] lo speed is unknown, defaulting to 1000 [ 405.640180][ T7280] lo speed is unknown, defaulting to 1000 [ 405.716321][ T7280] lo speed is unknown, defaulting to 1000 [ 409.835228][ T4476] device hsr_slave_0 left promiscuous mode [ 409.864765][ T7380] futex_wake_op: syz.4.713 tries to shift op by -1; fix this program [ 409.963986][ T4476] device hsr_slave_1 left promiscuous mode [ 409.991797][ T4476] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.021520][ T4476] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.055717][ T4476] device bridge_slave_1 left promiscuous mode [ 410.076255][ T4476] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.117906][ T4476] device bridge_slave_0 left promiscuous mode [ 410.137186][ T4476] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.318358][ T7426] futex_wake_op: syz.3.727 tries to shift op by -1; fix this program [ 413.426734][ T4476] team0 (unregistering): Port device team_slave_1 removed [ 414.260491][ T7435] overlayfs: unrecognized mount option "smackfsfloor=workdir" or missing value [ 414.945685][ T4476] team0 (unregistering): Port device team_slave_0 removed [ 415.254416][ T4476] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 415.465811][ T4476] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.492567][ T4476] bond0 (unregistering): Released all slaves [ 416.715762][ T7452] netlink: 'syz.3.732': attribute type 8 has an invalid length. [ 418.068516][ T7472] overlayfs: failed to clone upperpath [ 418.575231][ T7170] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 418.605817][ T7170] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 418.635955][ T7170] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 418.684879][ T7170] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 420.189432][ T7170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 420.209730][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 420.218119][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 420.974214][ T7170] 8021q: adding VLAN 0 to HW filter on device team0 [ 421.050651][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 421.069920][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 421.094616][ T4387] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.101766][ T4387] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.308189][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 421.345012][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 422.204612][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 422.626102][ T4387] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.633426][ T4387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 422.726891][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 422.935260][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 423.009299][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 423.060293][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 423.211743][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 423.317513][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 423.393907][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 423.512784][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 423.655016][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 423.755435][ T7170] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 423.793764][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 423.808314][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 423.835166][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 424.837829][ T7529] netlink: 12 bytes leftover after parsing attributes in process `syz.3.755'. [ 424.888894][ T7529] netlink: 48 bytes leftover after parsing attributes in process `syz.3.755'. [ 427.286426][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 427.315930][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 427.477857][ T7170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.055884][ T7564] overlayfs: failed to clone upperpath [ 429.419252][ T7585] bridge0: port 3(netdevsim0) entered blocking state [ 429.428421][ T7585] bridge0: port 3(netdevsim0) entered disabled state [ 429.848465][ T7585] device netdevsim0 entered promiscuous mode [ 429.856608][ T7585] bridge0: port 3(netdevsim0) entered blocking state [ 429.863469][ T7585] bridge0: port 3(netdevsim0) entered forwarding state [ 432.579691][ T4574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 432.624673][ T4574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 432.710650][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 432.737993][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 432.780360][ T7170] device veth0_vlan entered promiscuous mode [ 432.815705][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 432.847246][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 432.892952][ T7170] device veth1_vlan entered promiscuous mode [ 433.029352][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 433.038399][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 433.071810][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 433.133237][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 433.190593][ T7170] device veth0_macvtap entered promiscuous mode [ 433.369075][ T7170] device veth1_macvtap entered promiscuous mode [ 434.004400][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 434.049977][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 434.971662][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.039256][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.055157][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.107608][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.171810][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.218891][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.268959][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.287780][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.323930][ T7170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 435.336398][ T7655] x_tables: ip6_tables: tcpmss match: only valid for protocol 6 [ 435.352135][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 435.368005][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 435.431699][ T7657] overlayfs: failed to clone upperpath [ 435.451555][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.489174][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.535248][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.582960][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.630001][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.646974][ T7662] netlink: 72 bytes leftover after parsing attributes in process `syz.3.789'. [ 435.667967][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.690379][ T7170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.742140][ T7170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.919045][ T7170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 435.940509][ T7170] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.962387][ T7170] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.029135][ T7170] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.038335][ T7170] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.771357][ T7662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.789'. [ 436.780656][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 436.949728][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 437.285623][ T4481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.327659][ T4481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.396780][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 437.501830][ T4481] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 438.428187][ T4481] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.454444][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 439.803296][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.811156][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.037599][ T7727] xt_TPROXY: Can be used only with -p tcp or -p udp [ 441.169575][ T7727] netlink: 8 bytes leftover after parsing attributes in process `syz.6.802'. [ 441.226465][ T7727] device wireguard0 entered promiscuous mode [ 441.256057][ T7728] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 442.894556][ T7747] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input9 [ 447.820177][ T7788] loop7: detected capacity change from 0 to 16 [ 447.945945][ T7789] atomic_op ffff88807cbb3998 conn xmit_atomic 0000000000000000 [ 448.572987][ T7788] erofs: (device loop7): mounted with root inode @ nid 36. [ 448.885229][ T7794] syz.7.815: attempt to access beyond end of device [ 448.885229][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 448.902976][ T7794] syz.7.815: attempt to access beyond end of device [ 448.902976][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 448.918893][ T7794] syz.7.815: attempt to access beyond end of device [ 448.918893][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 448.935737][ T7794] syz.7.815: attempt to access beyond end of device [ 448.935737][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 448.954932][ T7794] syz.7.815: attempt to access beyond end of device [ 448.954932][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 448.970165][ T7794] syz.7.815: attempt to access beyond end of device [ 448.970165][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 448.985304][ T7794] syz.7.815: attempt to access beyond end of device [ 448.985304][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 449.000663][ T7794] syz.7.815: attempt to access beyond end of device [ 449.000663][ T7794] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 450.020669][ T7802] overlayfs: failed to clone upperpath [ 458.537245][ T7869] netlink: 12 bytes leftover after parsing attributes in process `syz.4.836'. [ 461.129802][ T7905] overlayfs: failed to clone upperpath [ 461.196442][ T26] audit: type=1326 audit(1750815008.413:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 461.613914][ T26] audit: type=1326 audit(1750815008.413:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 461.992919][ T26] audit: type=1326 audit(1750815008.443:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 462.939068][ T26] audit: type=1326 audit(1750815008.443:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 462.961770][ T26] audit: type=1326 audit(1750815008.443:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 463.011454][ T26] audit: type=1326 audit(1750815008.443:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 463.577742][ T26] audit: type=1326 audit(1750815008.443:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 463.785026][ T7924] netdevsim netdevsim6: Direct firmware load for JngkNq>*x(O@ēƙaWfV! _)ADIwC7;gB|hV`f?:VmUWX:SZ;˩6h?Aeim/S6_C?F failed with error -2 [ 463.805240][ T7924] netdevsim netdevsim6: Falling back to sysfs fallback for: JngkNq>*x(O@ēƙaWfV! _)ADIwC7;gB|hV`f?:VmUWX:SZ;˩6h?Aeim/S6_C?F [ 464.439108][ T26] audit: type=1326 audit(1750815008.443:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 464.476755][ T26] audit: type=1326 audit(1750815008.443:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 466.161912][ T26] audit: type=1326 audit(1750815008.443:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 466.415589][ T7947] tipc: New replicast peer: 255.255.255.255 [ 466.424092][ T7947] tipc: Enabled bearer , priority 10 [ 468.203519][ T4299] tipc: Node number set to 4277350826 [ 469.148659][ T26] audit: type=1326 audit(1750815008.443:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 469.204743][ T26] audit: type=1326 audit(1750815008.443:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 469.249670][ T26] audit: type=1326 audit(1750815008.443:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 469.279379][ T26] audit: type=1326 audit(1750815008.443:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 469.302082][ T26] audit: type=1326 audit(1750815008.443:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 470.909788][ T7971] tipc: Started in network mode [ 470.914749][ T7971] tipc: Node identity 4, cluster identity 4711 [ 470.921103][ T7971] tipc: Node number set to 4 [ 470.946764][ T26] audit: type=1326 audit(1750815008.443:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 471.111791][ T26] audit: type=1326 audit(1750815008.443:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 471.385942][ T7980] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 471.398617][ T7980] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 473.836954][ T7990] IPVS: length: 24 != 3277873464 [ 473.887913][ T7990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.863'. [ 474.565687][ T8004] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 475.228815][ T26] audit: type=1326 audit(1750815022.423:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8009 comm="syz.3.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7fc00000 [ 476.498901][ T4267] Bluetooth: hci3: Malformed Event: 0x02 [ 476.509267][ T4267] Bluetooth: hci3: unexpected event for opcode 0x0428 [ 477.757333][ T8044] netlink: 'syz.4.875': attribute type 21 has an invalid length. [ 477.765375][ T8044] netlink: 128 bytes leftover after parsing attributes in process `syz.4.875'. [ 477.774573][ T8044] netlink: 'syz.4.875': attribute type 6 has an invalid length. [ 477.782632][ T8044] netlink: 3 bytes leftover after parsing attributes in process `syz.4.875'. [ 478.081530][ T8030] ceph: No mds server is up or the cluster is laggy [ 479.648056][ T8057] loop7: detected capacity change from 0 to 512 [ 479.659941][ T8057] EXT4-fs: Ignoring removed nobh option [ 479.682107][ T8059] overlayfs: unrecognized mount option "verity=off" or missing value [ 479.752038][ T8057] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.878: invalid indirect mapped block 256 (level 2) [ 479.841084][ T8057] EXT4-fs (loop7): 2 truncates cleaned up [ 479.986154][ T8057] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 480.519067][ T4267] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 480.528261][ T4267] Bluetooth: hci3: Injecting HCI hardware error event [ 480.541233][ T4269] Bluetooth: hci3: hardware error 0x00 [ 481.575870][ T7170] EXT4-fs (loop7): unmounting filesystem. [ 482.436146][ T8092] 9pnet_virtio: no channels available for device 127.0.0.1 [ 483.184965][ T4269] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 484.463899][ T8114] overlayfs: failed to clone upperpath [ 484.526996][ T8115] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 485.125646][ T8113] loop7: detected capacity change from 0 to 128 [ 487.249127][ T8138] siw: device registration error -23 [ 487.259907][ T8132] device wireguard0 entered promiscuous mode [ 490.244985][ T4269] Bluetooth: hci0: unexpected event for opcode 0x1001 [ 490.701584][ T8182] netlink: 28 bytes leftover after parsing attributes in process `syz.4.910'. [ 493.599420][ T8219] loop7: detected capacity change from 0 to 256 [ 494.623675][ T4269] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 494.639203][ T4269] Bluetooth: hci4: unexpected event for opcode 0x2039 [ 495.423967][ T8240] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 497.721213][ T8279] overlayfs: unrecognized mount option "verity=off" or missing value [ 499.138892][ T4269] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 499.148001][ T4269] Bluetooth: hci0: Injecting HCI hardware error event [ 499.159664][ T4269] Bluetooth: hci0: hardware error 0x00 [ 500.333073][ T8298] loop7: detected capacity change from 0 to 8 [ 501.609085][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.615474][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.751028][ T26] audit: type=1800 audit(1750815048.863:93): pid=8306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.949" name="file1" dev="loop7" ino=5 res=0 errno=0 [ 502.099323][ T4269] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 502.880856][ T8340] loop7: detected capacity change from 0 to 4096 [ 502.904533][ T8340] ntfs3: loop7: Different NTFS' sector size (4096) and media sector size (512) [ 503.640721][ T8340] ntfs3: loop7: failed to convert "c46c" to cp1255 [ 504.315320][ T8374] netlink: 'syz.3.976': attribute type 1 has an invalid length. [ 504.976556][ T8420] xt_NFQUEUE: number of total queues is 0 [ 506.208173][ T8426] loop7: detected capacity change from 0 to 32768 [ 506.247280][ T8426] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop7 scanned by syz.7.989 (8426) [ 506.580932][ T8426] BTRFS info (device loop7): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 506.598849][ T8426] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm [ 506.611488][ T8426] BTRFS info (device loop7): force zlib compression, level 3 [ 506.625611][ T8426] BTRFS info (device loop7): force clearing of disk cache [ 506.662258][ T8426] BTRFS info (device loop7): setting nodatasum [ 506.677808][ T8426] BTRFS info (device loop7): allowing degraded mounts [ 506.704226][ T8426] BTRFS info (device loop7): enabling disk space caching [ 506.733812][ T8426] BTRFS info (device loop7): disk space caching is enabled [ 506.944826][ T26] audit: type=1326 audit(1750815054.163:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8494 comm="syz.4.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 507.010859][ T26] audit: type=1326 audit(1750815054.163:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8494 comm="syz.4.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7d4998d290 code=0x7ffc0000 [ 507.144657][ T8426] BTRFS info (device loop7): rebuilding free space tree [ 507.190980][ T26] audit: type=1326 audit(1750815054.163:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8494 comm="syz.4.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d4998e929 code=0x7ffc0000 [ 507.344106][ T8426] BTRFS info (device loop7): disabling free space tree [ 507.391947][ T8426] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 507.448804][ T8426] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 508.378452][ T7170] BTRFS info (device loop7): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 511.117519][ T8591] input: syz1 as /devices/virtual/input/input11 [ 513.484260][ T8630] overlayfs: failed to resolve './file1': -2 [ 514.577752][ T8673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1060'. [ 514.629593][ T8679] netlink: 144 bytes leftover after parsing attributes in process `syz.6.1062'. [ 516.286332][ T26] audit: type=1326 audit(1750815063.503:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8733 comm="syz.7.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f570638e929 code=0x7ffc0000 [ 516.376480][ T26] audit: type=1326 audit(1750815063.543:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8733 comm="syz.7.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f570638e929 code=0x7ffc0000 [ 516.498886][ T26] audit: type=1326 audit(1750815063.543:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8733 comm="syz.7.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f570638e929 code=0x7ffc0000 [ 516.580755][ T26] audit: type=1326 audit(1750815063.543:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8733 comm="syz.7.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f570638e929 code=0x7ffc0000 [ 516.631424][ T8738] loop7: detected capacity change from 0 to 1024 [ 516.696894][ T26] audit: type=1326 audit(1750815063.543:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8733 comm="syz.7.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f570638e929 code=0x7ffc0000 [ 517.788733][ T8545] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 517.987676][ T8545] usb 8-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 518.028109][ T8545] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.062594][ T8545] usb 8-1: Product: syz [ 518.066838][ T8545] usb 8-1: Manufacturer: syz [ 518.090709][ T8545] usb 8-1: SerialNumber: syz [ 518.122533][ T8545] usb 8-1: config 0 descriptor?? [ 518.153511][ T8545] i2c-tiny-usb 8-1:0.0: version 6d.cc found at bus 008 address 002 [ 518.761588][ T8545] i2c i2c-1: failure reading functionality [ 518.856315][ T8545] i2c i2c-1: connected i2c-tiny-usb device [ 518.909151][ T8545] usb 8-1: USB disconnect, device number 2 [ 519.869520][ T8822] syz.4.1109[8822] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 519.869634][ T8822] syz.4.1109[8822] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 520.130898][ T8814] loop7: detected capacity change from 0 to 4096 [ 521.446868][ T8814] ntfs3: loop7: Mark volume as dirty due to NTFS errors [ 521.509820][ T8814] ntfs3: loop7: Failed to load $Extend. [ 521.700767][ T7170] ntfs3: loop7: ntfs_evict_inode r=5 failed, -22. [ 521.902390][ T8854] device bridge0 entered promiscuous mode [ 521.953158][ T8854] device macvlan2 entered promiscuous mode [ 521.976774][ T8854] bridge0: port 3(macvlan2) entered blocking state [ 522.002101][ T8854] bridge0: port 3(macvlan2) entered disabled state [ 522.044416][ T8854] device bridge0 left promiscuous mode [ 523.208517][ T8869] loop7: detected capacity change from 0 to 32768 [ 523.391036][ T8869] XFS (loop7): Mounting V5 Filesystem [ 523.481150][ T8869] XFS (loop7): Ending clean mount [ 523.532662][ T8869] XFS (loop7): Quotacheck needed: Please wait. [ 523.691411][ T8869] XFS (loop7): Quotacheck: Done. [ 524.967704][ T26] audit: type=1326 audit(1750815072.183:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 525.037922][ T26] audit: type=1326 audit(1750815072.213:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 525.118051][ T26] audit: type=1326 audit(1750815072.213:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 525.534474][ T8869] syz.7.1125 (8869): drop_caches: 2 [ 525.536530][ T8946] overlayfs: failed to clone upperpath [ 525.540877][ T26] audit: type=1326 audit(1750815072.753:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 525.591218][ T26] audit: type=1326 audit(1750815072.753:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.3.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 525.680097][ T7170] XFS (loop7): Unmounting Filesystem [ 527.500431][ T9019] loop7: detected capacity change from 0 to 8192 [ 529.899797][ T9066] xt_CT: No such helper "snmp" [ 531.299152][ T9099] loop7: detected capacity change from 0 to 1024 [ 531.327124][ T9099] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 531.519864][ T9099] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 531.562129][ T9099] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 531.726497][ T9099] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 531.825994][ T9099] EXT4-fs (loop7): Remounting filesystem read-only [ 532.092587][ T7170] EXT4-fs (loop7): unmounting filesystem. [ 533.467103][ T26] audit: type=1326 audit(1750815080.683:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 533.636358][ T26] audit: type=1326 audit(1750815080.753:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 533.834753][ T26] audit: type=1326 audit(1750815080.753:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 534.008330][ T26] audit: type=1326 audit(1750815080.753:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 534.198166][ T26] audit: type=1326 audit(1750815080.753:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 534.348806][ T26] audit: type=1326 audit(1750815080.753:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 534.401094][ T26] audit: type=1326 audit(1750815080.753:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ea778e929 code=0x7ffc0000 [ 534.933000][ T26] audit: type=1326 audit(1750815082.153:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ea772ab19 code=0x7ffc0000 [ 535.061809][ T26] audit: type=1326 audit(1750815082.153:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ea772ab19 code=0x7ffc0000 [ 535.155755][ T26] audit: type=1326 audit(1750815082.153:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9131 comm="syz.2.1210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ea772ab19 code=0x7ffc0000 [ 539.533959][ T26] kauditd_printk_skb: 183 callbacks suppressed [ 539.533978][ T26] audit: type=1326 audit(1750815086.753:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 539.685870][ T26] audit: type=1326 audit(1750815086.793:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 539.841821][ T26] audit: type=1326 audit(1750815086.793:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 539.894698][ T26] audit: type=1326 audit(1750815086.793:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 540.058712][ T26] audit: type=1326 audit(1750815086.793:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 540.183066][ T26] audit: type=1326 audit(1750815086.793:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 540.278851][ T26] audit: type=1326 audit(1750815086.793:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 540.325037][ T9314] netlink: 'syz.2.1257': attribute type 4 has an invalid length. [ 540.440808][ T26] audit: type=1326 audit(1750815086.793:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 540.513835][ T9315] netlink: 'syz.2.1257': attribute type 4 has an invalid length. [ 540.619904][ T26] audit: type=1326 audit(1750815086.803:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 540.703511][ T4333] lo speed is unknown, defaulting to 1000 [ 540.750519][ T26] audit: type=1326 audit(1750815086.803:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9294 comm="syz.6.1252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4a8e52ab19 code=0x7ffc0000 [ 541.269599][ T9346] loop8: detected capacity change from 0 to 7 [ 541.283262][ T8788] Dev loop8: unable to read RDB block 7 [ 541.293281][ T8788] loop8: unable to read partition table [ 541.316788][ T8788] loop8: partition table beyond EOD, truncated [ 541.365951][ T9346] Dev loop8: unable to read RDB block 7 [ 541.398886][ T9346] loop8: unable to read partition table [ 541.428252][ T9346] loop8: partition table beyond EOD, truncated [ 541.468723][ T9346] loop_reread_partitions: partition scan of loop8 (被x ) failed (rc=-5) [ 541.471013][ T8788] Dev loop8: unable to read RDB block 7 [ 541.495713][ T8788] loop8: unable to read partition table [ 541.522042][ T8788] loop8: partition table beyond EOD, truncated [ 541.552394][ T9351] Dev loop8: unable to read RDB block 7 [ 541.588817][ T9351] loop8: unable to read partition table [ 541.594875][ T9351] loop8: partition table beyond EOD, truncated [ 541.633966][ T9351] loop_reread_partitions: partition scan of loop8 (被x ) failed (rc=-5) [ 541.687320][ T9363] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1271'. [ 541.815900][ T9367] overlayfs: failed to clone lowerpath [ 542.524376][ T9401] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1281'. [ 543.845013][ T9443] loop7: detected capacity change from 0 to 16 [ 543.877541][ T9443] MTD: Attempt to mount non-MTD device "/dev/loop7" [ 544.946426][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1301'. [ 546.723706][ T9530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1317'. [ 546.787473][ T9530] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 547.425989][ T9498] overlayfs: failed to clone upperpath [ 547.830721][ T9575] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1325'. [ 548.591827][ T9612] netlink: 'syz.4.1338': attribute type 4 has an invalid length. [ 549.131523][ T9628] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1343'. [ 549.668281][ T9651] syz.6.1350[9651] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 549.668405][ T9651] syz.6.1350[9651] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 550.743678][ T9672] loop7: detected capacity change from 0 to 512 [ 550.883492][ T9672] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 550.899120][ T9672] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 551.138184][ T7170] EXT4-fs error (device loop7): ext4_readdir:263: inode #12: block 32: comm syz-executor: path /103/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 551.550931][ T9701] af_packet: tpacket_rcv: packet too big, clamped from 25 to 4294967272. macoff=96 [ 552.390740][ T9726] tipc: Started in network mode [ 552.408038][ T9726] tipc: Node identity ffffa848, cluster identity 4711 [ 552.433563][ T9726] tipc: Node number set to 4294944840 [ 553.741346][ T9749] overlayfs: failed to clone upperpath [ 555.320668][ T9790] overlayfs: failed to clone upperpath [ 556.901283][ T9835] overlayfs: failed to clone upperpath [ 560.211620][ T9934] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1431'. [ 561.180082][ T9951] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaa [ 562.124695][ T9967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1443'. [ 562.691817][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.698191][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.044819][T10000] 8021q: VLANs not supported on ip6_vti0 [ 564.327915][T10004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1457'. [ 566.048978][ T8543] libceph: connect (1)[c::]:6789 error -101 [ 566.056216][ T8543] libceph: mon0 (1)[c::]:6789 connect error [ 566.332216][ T126] libceph: connect (1)[c::]:6789 error -101 [ 566.338304][ T126] libceph: mon0 (1)[c::]:6789 connect error [ 566.358248][T10064] overlayfs: failed to clone upperpath [ 566.818198][T10050] ceph: No mds server is up or the cluster is laggy [ 567.860582][ T4260] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 567.872216][ T4260] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 567.881551][ T4260] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 567.891667][ T4260] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 567.904244][ T4260] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 567.912047][ T4267] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 567.967777][ T7170] EXT4-fs (loop7): unmounting filesystem. [ 568.252790][ T126] libceph: connect (1)[c::]:6789 error -101 [ 568.258912][ T126] libceph: mon0 (1)[c::]:6789 connect error [ 568.446498][ T4468] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.736812][T10081] lo speed is unknown, defaulting to 1000 [ 568.847310][ T4468] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.695226][ T4468] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.915283][ T4468] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.960011][ T4269] Bluetooth: hci1: command 0x0409 tx timeout [ 570.260882][T10124] overlayfs: failed to clone upperpath [ 570.612967][T10081] chnl_net:caif_netlink_parms(): no params data found [ 572.039214][ T4260] Bluetooth: hci1: command 0x041b tx timeout [ 572.040182][T10081] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.125026][T10081] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.160631][T10081] device bridge_slave_0 entered promiscuous mode [ 572.270850][T10081] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.278026][T10081] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.315189][T10081] device bridge_slave_1 entered promiscuous mode [ 572.497112][T10081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.659321][T10081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.861806][T10081] team0: Port device team_slave_0 added [ 574.070564][T10081] team0: Port device team_slave_1 added [ 574.119956][ T4260] Bluetooth: hci1: command 0x040f tx timeout [ 576.199174][ T4260] Bluetooth: hci1: command 0x0419 tx timeout [ 576.243909][T10081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 576.278946][T10081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.339103][T10081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 576.694785][T10081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 576.712555][T10081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.848599][T10081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 577.187365][T10081] device hsr_slave_0 entered promiscuous mode [ 577.199846][T10081] device hsr_slave_1 entered promiscuous mode [ 577.217194][T10081] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 577.237355][T10081] Cannot create hsr debugfs directory [ 577.312322][ T4468] device hsr_slave_0 left promiscuous mode [ 577.342020][ T4468] device hsr_slave_1 left promiscuous mode [ 577.430005][ T4468] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 577.446553][ T4468] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 577.504665][ T4468] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 577.523798][ T4468] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 577.545408][ T4468] device bridge_slave_1 left promiscuous mode [ 577.558729][ T4468] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.568454][ T4468] device bridge_slave_0 left promiscuous mode [ 577.581516][ T4468] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.696757][ T4468] device veth1_macvtap left promiscuous mode [ 577.713671][ T4468] device veth0_macvtap left promiscuous mode [ 577.733019][ T4468] device veth1_vlan left promiscuous mode [ 577.758198][ T4468] device veth0_vlan left promiscuous mode [ 578.999854][T10249] overlayfs: failed to clone upperpath [ 583.046960][ T4468] team0 (unregistering): Port device team_slave_1 removed [ 583.797776][ T4468] team0 (unregistering): Port device team_slave_0 removed [ 583.933000][ T4468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 584.066223][ T4468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 589.250925][ T4468] bond0 (unregistering): Released all slaves [ 589.368803][T10268] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1520'. [ 590.073482][T10081] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 590.083972][T10081] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 590.600455][T10081] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 590.787646][T10081] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 591.125348][T10081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.143886][T10081] 8021q: adding VLAN 0 to HW filter on device team0 [ 591.160120][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 591.184606][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 591.242493][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 591.450803][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 591.752709][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.759960][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 591.931609][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 591.941012][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 591.950222][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.957364][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 591.982978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 591.992800][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 592.020394][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 592.059892][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 592.256318][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 592.266309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 592.275971][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 592.285179][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 592.313608][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 592.670753][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 593.235246][T10081] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 593.290222][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 593.307617][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 597.514638][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 597.533932][ T2962] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 597.577239][T10081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 599.580563][T10445] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 599.687790][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1572'. [ 599.703799][T10466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1572'. [ 600.584120][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 600.613129][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 600.709401][T10081] device veth0_vlan entered promiscuous mode [ 600.737606][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 600.767339][ T26] kauditd_printk_skb: 66 callbacks suppressed [ 600.767354][ T26] audit: type=1326 audit(1750815147.983:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10477 comm="syz.3.1576" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa00198e929 code=0x0 [ 600.768417][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 600.971054][T10081] device veth1_vlan entered promiscuous mode [ 601.010564][T10081] device veth0_macvtap entered promiscuous mode [ 601.021665][T10081] device veth1_macvtap entered promiscuous mode [ 601.038034][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 601.053075][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 601.835809][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 601.857875][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 601.898408][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 601.949750][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 602.018664][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 602.069359][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 602.081592][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 602.118566][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.284848][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.004766][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.015102][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.029302][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.058584][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 603.090375][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 603.128860][T10081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 603.159531][T10501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1581'. [ 603.585956][T10508] 9pnet_virtio: no channels available for device [ 604.842377][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 604.919639][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 604.941750][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 604.966128][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.163940][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 605.362174][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 605.444333][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 605.967623][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.011894][T10081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.017710][T10527] tmpfs: Unknown parameter 'usrquota' [ 606.033007][T10081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.216000][T10081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 607.159270][T10081] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.219587][T10081] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.294036][T10081] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.323352][T10081] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.369561][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 607.392984][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 607.914967][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.089772][ T4476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.108231][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.118387][ T4476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.447283][ T4574] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 608.472888][ T4574] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 611.725880][T10575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1599'. [ 612.737530][T10585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1602'. [ 618.088883][T10636] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1614'. [ 618.330603][T10636] tipc: Enabled bearer , priority 10 [ 620.591562][T10676] ptrace attach of "./syz-executor exec"[4264] was attempted by ""[10676] [ 624.121972][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.128338][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.133173][T10701] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1626'. [ 634.207965][T10788] delete_channel: no stack [ 635.848836][T10806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1653'. [ 636.357661][ T26] audit: type=1326 audit(1750815183.573:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 636.465806][ T26] audit: type=1326 audit(1750815183.573:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 636.492707][ T26] audit: type=1326 audit(1750815183.613:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 637.882219][ T26] audit: type=1326 audit(1750815183.613:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 638.193014][ T26] audit: type=1326 audit(1750815183.613:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 638.660066][ T26] audit: type=1326 audit(1750815183.613:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 638.731252][ T26] audit: type=1326 audit(1750815183.613:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 639.658583][ T26] audit: type=1326 audit(1750815183.613:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 640.054152][ T26] audit: type=1326 audit(1750815183.613:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 640.904087][ T26] audit: type=1326 audit(1750815183.613:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.6.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a8e58e929 code=0x7ffc0000 [ 646.114542][T10916] loop8: detected capacity change from 0 to 4096 [ 646.228163][T10916] ntfs3: loop8: Mark volume as dirty due to NTFS errors [ 646.506358][T10927] overlayfs: failed to clone upperpath [ 648.463756][T10933] ntfs3: loop8: ino=1e, "file1" attr_set_size [ 669.064451][T11099] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1722'. [ 671.413531][T11127] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 671.440552][T11127] CIFS: Unable to determine destination address [ 674.322070][T11152] overlayfs: failed to clone upperpath [ 675.094104][T11160] loop8: detected capacity change from 0 to 1024 [ 675.147864][T11160] EXT4-fs (loop8): Cannot use DAX on a filesystem that may contain inline data [ 678.075127][T11186] process '/newroot/433/file0' started with executable stack [ 678.589956][T11197] loop8: detected capacity change from 0 to 8 [ 683.391120][T11239] loop8: detected capacity change from 0 to 8192 [ 683.434655][T11239] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 683.448684][T11239] REISERFS (device loop8): found reiserfs format "3.5" with non-standard journal [ 683.458028][T11239] REISERFS (device loop8): using ordered data mode [ 683.465285][T11239] reiserfs: using flush barriers [ 683.475614][T11239] REISERFS (device loop8): journal params: device loop8, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 683.493515][T11239] REISERFS (device loop8): checking transaction log (loop8) [ 683.507580][T11239] REISERFS (device loop8): Using r5 hash to sort names [ 683.515313][T11239] REISERFS (device loop8): Created .reiserfs_priv - reserved for xattr storage. [ 684.159223][T11246] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.175331][T11246] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.186495][T11246] REISERFS (device loop8): Remounting filesystem read-only [ 684.194153][T11246] REISERFS error (device loop8): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 4 0x0 SD] stat data [ 684.235304][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.252434][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.266910][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.282642][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.293786][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.309636][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.322105][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.337753][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.348990][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.364623][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.375896][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.391563][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.402717][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.428311][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.442306][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.457695][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.468994][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.484655][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.502684][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.518449][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.529313][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.545533][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.558004][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.574515][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.585564][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.601320][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.612274][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.627654][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.638900][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.654541][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.666770][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.682325][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 684.694736][T11244] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 221, free_space(entry_count) 2 [ 684.710114][T11244] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 685.118555][ T4298] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 685.384855][ T4298] usb 9-1: Using ep0 maxpacket: 16 [ 685.440599][ T4298] usb 9-1: config 0 has an invalid interface number: 237 but max is 0 [ 685.561960][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.571907][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.604581][ T4298] usb 9-1: config 0 has no interface number 0 [ 685.735924][ T4298] usb 9-1: config 0 interface 237 has no altsetting 0 [ 687.063254][ T4298] usb 9-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad [ 687.103237][ T4298] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.112598][ T4298] usb 9-1: Product: syz [ 687.116796][ T4298] usb 9-1: Manufacturer: syz [ 687.122832][ T4298] usb 9-1: SerialNumber: syz [ 687.167655][ T4298] usb 9-1: config 0 descriptor?? [ 689.532212][ T4298] usb 9-1: can't set config #0, error -71 [ 689.598693][ T4298] usb 9-1: USB disconnect, device number 2 [ 692.275074][T11318] loop8: detected capacity change from 0 to 128 [ 692.357963][T11318] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 692.469121][T11318] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 693.787900][T11336] xt_CT: You must specify a L4 protocol and not use inversions on it [ 695.679174][T11353] sctp: [Deprecated]: syz.2.1780 (pid 11353) Use of struct sctp_assoc_value in delayed_ack socket option. [ 695.679174][T11353] Use struct sctp_sack_info instead [ 703.496282][T11410] vivid-000: kernel_thread() failed [ 703.902914][T11420] loop8: detected capacity change from 0 to 128 [ 706.060459][T11435] IPVS: set_ctl: invalid protocol: 50 0.0.0.0:20001 [ 708.996153][T11464] loop8: detected capacity change from 0 to 32768 [ 709.026809][T11464] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 scanned by syz.8.1801 (11464) [ 709.122373][T11464] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 709.132756][T11464] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm [ 709.141834][T11464] BTRFS info (device loop8): setting nodatacow, compression disabled [ 709.149963][T11464] BTRFS info (device loop8): max_inline at 0 [ 709.155949][T11464] BTRFS info (device loop8): enabling disk space caching [ 709.163088][T11464] BTRFS info (device loop8): turning off barriers [ 709.169580][T11464] BTRFS info (device loop8): turning on flush-on-commit [ 709.176522][T11464] BTRFS info (device loop8): doing ref verification [ 709.183158][T11464] BTRFS info (device loop8): force clearing of disk cache [ 709.190445][T11464] BTRFS info (device loop8): enabling ssd optimizations [ 709.197411][T11464] BTRFS info (device loop8): max_inline at 4096 [ 709.203720][T11464] BTRFS info (device loop8): disk space caching is enabled [ 709.547226][T11464] BTRFS info (device loop8): rebuilding free space tree [ 709.573378][T11464] BTRFS info (device loop8): disabling free space tree [ 709.580485][T11464] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 709.590199][T11464] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 710.943859][ T26] kauditd_printk_skb: 43 callbacks suppressed [ 710.943876][ T26] audit: type=1800 audit(1750815514.163:430): pid=11465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1801" name="bus" dev="loop8" ino=263 res=0 errno=0 [ 712.043356][T10081] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 712.161377][ T26] audit: type=1326 audit(1750815515.383:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.342439][ T26] audit: type=1326 audit(1750815515.383:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.454902][ T26] audit: type=1326 audit(1750815515.403:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.478020][ T26] audit: type=1326 audit(1750815515.403:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.528949][ T26] audit: type=1326 audit(1750815515.403:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.595562][ T26] audit: type=1326 audit(1750815515.403:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.624988][ T26] audit: type=1326 audit(1750815515.403:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.648279][ T26] audit: type=1326 audit(1750815515.403:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 712.674560][ T26] audit: type=1326 audit(1750815515.403:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fa00198e929 code=0x7ffc0000 [ 714.236905][T11526] netdevsim netdevsim3: Direct firmware load for JngkNq>*x(O@ēƙaWfV! _)ADIwC7;gB|hV`f?:VmUWX:SZ;˩6h?Aeim/S6_C?F failed with error -2 [ 714.256426][T11526] netdevsim netdevsim3: Falling back to sysfs fallback for: JngkNq>*x(O@ēƙaWfV! _)ADIwC7;gB|hV`f?:VmUWX:SZ;˩6h?Aeim/S6_C?F [ 715.092250][T11537] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 715.104821][T11540] fuse: Bad value for 'fd' [ 716.986648][T11566] xt_nat: multiple ranges no longer supported [ 723.395782][T11602] bridge0: port 3(netdevsim0) entered blocking state [ 723.402814][T11602] bridge0: port 3(netdevsim0) entered disabled state [ 723.416189][T11602] device netdevsim0 entered promiscuous mode [ 723.423349][T11602] bridge0: port 3(netdevsim0) entered blocking state [ 723.432052][T11602] bridge0: port 3(netdevsim0) entered forwarding state [ 724.319966][T11608] Invalid ELF header magic: != ELF [ 726.714617][T11614] trusted_key: encrypted_key: insufficient parameters specified [ 727.460791][T11642] xt_TCPMSS: Only works on TCP SYN packets [ 729.427062][T11641] tipc: Started in network mode [ 729.432066][T11641] tipc: Node identity 4, cluster identity 4711 [ 729.438261][T11641] tipc: Node number set to 4 [ 736.295392][T11701] xt_TCPMSS: Only works on TCP SYN packets [ 741.991460][T11772] Process accounting resumed [ 742.993952][T11778] xt_TCPMSS: Only works on TCP SYN packets [ 744.080780][T11796] xt_TCPMSS: Only works on TCP SYN packets [ 747.018896][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.025316][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.241746][T11810] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1866'. [ 748.018700][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 748.018715][ T26] audit: type=1326 audit(1750815551.233:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11803 comm="syz.2.1868" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ea778e929 code=0x0 [ 755.687904][T11739] tipc: Resetting bearer [ 756.725840][T11739] tipc: Disabling bearer [ 757.209769][ T4269] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 757.222066][ T4269] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 757.235433][ T4269] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 758.089113][ T4269] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 758.096773][ T4269] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 758.104174][ T4269] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 760.268906][ T4269] Bluetooth: hci2: command 0x0409 tx timeout [ 761.046257][ T4574] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 761.229792][T11891] lo speed is unknown, defaulting to 1000 [ 762.083344][ T4574] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.288497][ T4267] Bluetooth: hci2: command 0x041b tx timeout [ 763.786383][ T4574] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 765.188425][ T4267] Bluetooth: hci2: command 0x040f tx timeout [ 765.231390][ T4574] bridge0: port 3(netdevsim0) entered disabled state [ 766.724416][ T4574] device netdevsim0 left promiscuous mode [ 766.752707][ T4574] bridge0: port 3(netdevsim0) entered disabled state [ 766.984908][ T4574] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 768.202114][ T4267] Bluetooth: hci2: command 0x0419 tx timeout [ 768.427271][T11986] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1900'. [ 768.447436][T11986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1900'. [ 768.482100][T11891] chnl_net:caif_netlink_parms(): no params data found [ 772.307522][T11891] bridge0: port 1(bridge_slave_0) entered blocking state [ 772.335434][T11891] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.348234][T11891] device bridge_slave_0 entered promiscuous mode [ 772.461872][T11891] bridge0: port 2(bridge_slave_1) entered blocking state [ 772.469104][T11891] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.477399][T11891] device bridge_slave_1 entered promiscuous mode [ 772.490758][T12019] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1909'. [ 772.528484][T12019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1909'. [ 772.864919][T12034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1913'. [ 772.884379][T12034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1913'. [ 772.918867][T11891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 772.991664][T11891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 773.388299][ T4574] tipc: Disabling bearer [ 773.431796][ T4574] tipc: Left network mode [ 773.449295][T11891] team0: Port device team_slave_0 added [ 773.520507][T11891] team0: Port device team_slave_1 added [ 773.955190][T11891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 773.981941][T11891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 774.076972][T11891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 774.099114][T11891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 774.113570][T11891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 774.220954][T11891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 774.418580][T12064] fuse: Bad value for 'fd' [ 776.044426][T11891] device hsr_slave_0 entered promiscuous mode [ 776.051776][T11891] device hsr_slave_1 entered promiscuous mode [ 776.501838][T12082] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1924'. [ 776.523384][T12082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1924'. [ 777.868614][T12097] xt_TCPMSS: Only works on TCP SYN packets [ 780.442838][T11891] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 780.587349][T11891] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 781.104051][T11891] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 781.185121][T11891] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 781.249134][ T4574] device hsr_slave_0 left promiscuous mode [ 781.280707][ T4574] device hsr_slave_1 left promiscuous mode [ 781.305754][ T4574] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 781.329307][ T4574] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 781.355805][ T4574] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 781.375193][ T4574] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 781.411022][ T4574] device bridge_slave_1 left promiscuous mode [ 781.429082][ T4574] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.456327][ T4574] device bridge_slave_0 left promiscuous mode [ 781.479114][ T4574] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.597138][ T4574] device veth1_macvtap left promiscuous mode [ 781.611174][ T4574] device veth0_macvtap left promiscuous mode [ 781.617729][ T4574] device veth1_vlan left promiscuous mode [ 781.627749][ T4574] device veth0_vlan left promiscuous mode [ 784.625156][ T4574] team0 (unregistering): Port device team_slave_1 removed [ 784.698338][ T4574] team0 (unregistering): Port device team_slave_0 removed [ 784.815964][ T4574] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 784.935351][ T4574] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 786.180158][ T4574] bond0 (unregistering): Released all slaves [ 788.014249][T11891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 788.055231][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 788.079404][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 788.119848][T11891] 8021q: adding VLAN 0 to HW filter on device team0 [ 788.154028][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 788.222591][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 788.701642][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 788.708910][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 788.722463][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 788.756894][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 788.804826][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 788.828296][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 788.835663][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 788.866247][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 788.905985][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 788.955839][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 788.976009][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 788.985938][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 789.178968][T12199] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1954'. [ 789.189425][T12199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1954'. [ 789.206606][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 789.230783][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 789.240239][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 789.311744][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 789.337685][T11891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 789.419775][T11891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 789.435818][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 789.451020][ T4482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 791.627315][ T7437] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 791.640263][ T7437] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 791.702932][T11891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 795.265463][T11743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 795.379335][T11743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 797.063219][T11745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 797.079220][T11745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 797.162852][T11891] device veth0_vlan entered promiscuous mode [ 797.173488][T11745] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 797.213901][T11745] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 797.243596][T11891] device veth1_vlan entered promiscuous mode [ 799.165900][ T7437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 799.180966][ T7437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 799.225017][T11891] device veth0_macvtap entered promiscuous mode [ 799.239831][ T7437] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 799.291588][T11891] device veth1_macvtap entered promiscuous mode [ 799.887722][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.940295][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.967680][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.992882][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 800.007003][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 800.025665][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 800.036324][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 800.527774][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 800.654433][T11891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 800.675808][T12322] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1978'. [ 800.687931][T12322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1978'. [ 800.700329][T11743] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 800.721828][T11743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 800.773579][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.313745][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.348891][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.368676][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.396134][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.479447][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.494382][T11891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.514510][T11891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.616309][T11891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 802.627749][T11891] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.637274][T11891] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.652495][T11891] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.685821][T11891] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.377113][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 803.391393][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 805.850213][T12360] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1986'. [ 805.880644][T12360] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1986'. [ 806.155185][ T4482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 806.159422][T11741] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 806.174890][ T4482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 806.259366][T12377] xt_TCPMSS: Only works on TCP SYN packets [ 806.275616][T11741] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 806.800718][T11745] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 806.825637][T11745] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 808.569042][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.575752][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.344136][T12408] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1998'. [ 810.536224][T12408] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1998'. [ 821.265463][ T4267] Bluetooth: hci1: command 0x0406 tx timeout [ 826.026120][T12587] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2037'. [ 826.051753][T12587] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2037'. [ 832.053359][T12634] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2051'. [ 832.131910][T12634] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2051'. [ 838.305015][T12679] loop9: detected capacity change from 0 to 256 [ 840.785545][T12704] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2067'. [ 840.825668][T12704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2067'. [ 841.350650][T12718] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2069'. [ 841.529838][T12718] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2069'. [ 842.558115][T12729] loop9: detected capacity change from 0 to 256 [ 843.727161][T12711] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 845.898192][T12758] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2076'. [ 845.948805][T12758] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2076'. [ 853.464259][T12818] fuse: Bad value for 'fd' [ 857.179678][T12845] lo speed is unknown, defaulting to 1000 [ 857.185516][T12845] lo speed is unknown, defaulting to 1000 [ 857.191727][T12845] lo speed is unknown, defaulting to 1000 [ 857.202352][T12845] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 857.220310][T12845] lo speed is unknown, defaulting to 1000 [ 857.228574][T12845] lo speed is unknown, defaulting to 1000 [ 857.234998][T12845] lo speed is unknown, defaulting to 1000 [ 857.241903][T12845] lo speed is unknown, defaulting to 1000 [ 857.248511][T12845] lo speed is unknown, defaulting to 1000 [ 862.228352][T12894] fuse: Bad value for 'fd' [ 863.606340][T12906] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2109'. [ 864.462506][T12913] loop8: detected capacity change from 0 to 256 [ 865.527544][T12906] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2109'. [ 865.799347][T12820] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 869.936141][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 869.942551][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.291494][T12967] loop9: detected capacity change from 0 to 256 [ 873.221994][T12979] loop8: detected capacity change from 0 to 256 [ 873.900918][T12980] siw: device registration error -23 [ 873.947079][T12980] tipc: Started in network mode [ 873.952563][T12980] tipc: Node identity ffffa848, cluster identity 4711 [ 873.959941][T12980] tipc: Node number set to 4294944840 [ 874.247811][T12820] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 875.251637][T12993] loop8: detected capacity change from 0 to 256 [ 880.468402][T13045] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2141'. [ 882.278732][ T4269] Bluetooth: hci2: command 0x0406 tx timeout [ 882.289563][T13045] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2141'. [ 882.687230][T13067] loop9: detected capacity change from 0 to 256 [ 883.355384][T13064] siw: device registration error -23 [ 883.486490][T12820] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 884.511789][T13080] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2149'. [ 884.603268][T13078] siw: device registration error -23 [ 884.949710][T13080] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2149'. [ 884.964438][T13074] siw: device registration error -23 [ 888.037154][T13112] loop9: detected capacity change from 0 to 256 [ 889.071596][T12820] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 893.626193][T13152] loop8: detected capacity change from 0 to 256 [ 894.418723][T12852] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 896.256153][T13171] siw: device registration error -23 [ 899.524227][T13197] loop9: detected capacity change from 0 to 8 [ 900.844871][T13205] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2178'. [ 900.878563][T13205] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2178'. [ 901.767425][T13221] loop8: detected capacity change from 0 to 256 [ 901.811682][T13216] loop9: detected capacity change from 0 to 256 [ 907.033875][T13269] loop8: detected capacity change from 0 to 256 [ 907.626782][T13275] loop9: detected capacity change from 0 to 8 [ 907.678708][T12820] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 910.184098][T13304] loop9: detected capacity change from 0 to 8 [ 910.255061][T13308] loop8: detected capacity change from 0 to 8 [ 910.601662][T13312] siw: device registration error -23 [ 911.386393][T13320] siw: device registration error -23 [ 912.820178][T13336] loop8: detected capacity change from 0 to 8 [ 916.286234][T13358] loop9: detected capacity change from 0 to 256 [ 917.406455][T12820] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 917.896060][T13376] siw: device registration error -23 [ 919.578458][T13396] siw: device registration error -23 [ 924.429102][T13435] siw: device registration error -23 [ 926.155904][T13453] loop8: detected capacity change from 0 to 256 [ 926.243200][T12820] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 929.115542][T13479] loop9: detected capacity change from 0 to 256 [ 929.844199][T12820] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 931.037131][T13496] loop8: detected capacity change from 0 to 8 [ 931.334040][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.352528][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.745524][T13525] loop9: detected capacity change from 0 to 8 [ 938.945755][T13545] loop8: detected capacity change from 0 to 256 [ 940.879337][T13566] loop8: detected capacity change from 0 to 256 [ 941.305165][T13569] siw: device registration error -23 [ 946.061731][T13622] loop9: detected capacity change from 0 to 8 [ 948.231494][T13632] loop8: detected capacity change from 0 to 8 [ 953.343323][T13665] loop9: detected capacity change from 0 to 256 [ 953.369731][T12820] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 953.640446][T13675] siw: device registration error -23 [ 955.157341][T13687] x_tables: unsorted underflow at hook 1 [ 955.195393][T13687] loop8: detected capacity change from 0 to 256 [ 955.233691][T13687] exFAT-fs (loop8): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 956.779902][T13700] x_tables: unsorted underflow at hook 1 [ 956.803318][T13703] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2291'. [ 956.836851][T13703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2291'. [ 959.829033][T13730] loop9: detected capacity change from 0 to 8 [ 965.387035][T13767] x_tables: unsorted underflow at hook 1 [ 974.588865][T13858] x_tables: unsorted underflow at hook 1 [ 975.632461][T13867] x_tables: unsorted underflow at hook 1 [ 978.782971][T13893] x_tables: unsorted underflow at hook 1 [ 978.819259][T13893] loop9: detected capacity change from 0 to 256 [ 978.846995][T13893] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 979.761845][T13897] x_tables: unsorted underflow at hook 1 [ 982.459882][T13919] x_tables: unsorted underflow at hook 1 [ 982.504889][T13919] loop9: detected capacity change from 0 to 256 [ 982.548290][T13919] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 983.409734][T13922] siw: device registration error -23 [ 987.103350][T13949] x_tables: unsorted underflow at hook 1 [ 987.134890][T13949] loop9: detected capacity change from 0 to 256 [ 987.193910][T13949] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 990.656975][T13959] x_tables: unsorted underflow at hook 1 [ 992.440286][T13988] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 993.108124][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.125652][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.425544][T13992] x_tables: unsorted underflow at hook 1 [ 993.596280][T13999] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 994.446467][T13992] loop9: detected capacity change from 0 to 256 [ 994.506918][T13992] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 997.113982][T14028] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 997.912731][ T4502] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.029790][T14030] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2357'. [ 998.060732][ T4267] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 998.073859][ T4267] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 998.081082][T14030] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2357'. [ 998.090392][ T4267] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 998.099793][ T4267] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 998.107540][ T4267] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 998.115987][ T4267] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 998.424716][ T4502] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.456922][T14033] lo speed is unknown, defaulting to 1000 [ 998.464060][T14033] lo speed is unknown, defaulting to 1000 [ 999.789045][T14054] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1000.520814][ T4267] Bluetooth: hci1: command 0x0409 tx timeout [ 1000.540841][ T4502] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1000.710142][T14059] siw: device registration error -23 [ 1001.835864][ T4502] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.610962][ T4267] Bluetooth: hci1: command 0x041b tx timeout [ 1004.091488][T14101] x_tables: unsorted underflow at hook 1 [ 1004.233551][T14104] x_tables: unsorted underflow at hook 1 [ 1004.288469][T14033] chnl_net:caif_netlink_parms(): no params data found [ 1004.728421][ T4269] Bluetooth: hci1: command 0x040f tx timeout [ 1006.876878][T14128] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1007.178476][T14127] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1008.706811][ T4267] Bluetooth: hci1: command 0x0419 tx timeout [ 1009.137295][T14033] bridge0: port 1(bridge_slave_0) entered blocking state [ 1009.194906][T14033] bridge0: port 1(bridge_slave_0) entered disabled state [ 1009.584446][T14033] device bridge_slave_0 entered promiscuous mode [ 1009.625959][T14139] x_tables: unsorted underflow at hook 1 [ 1009.840476][T14033] bridge0: port 2(bridge_slave_1) entered blocking state [ 1010.108451][T14033] bridge0: port 2(bridge_slave_1) entered disabled state [ 1010.229875][T14144] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1010.306691][T14033] device bridge_slave_1 entered promiscuous mode [ 1011.028412][ T4502] tipc: Left network mode [ 1012.268509][T14156] x_tables: unsorted underflow at hook 1 [ 1012.335024][T14033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1012.643369][T14163] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1014.204958][T14033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1016.665495][T14187] x_tables: unsorted underflow at hook 1 [ 1016.689419][T14033] team0: Port device team_slave_0 added [ 1016.917469][T14190] x_tables: unsorted underflow at hook 1 [ 1017.843342][T14033] team0: Port device team_slave_1 added [ 1019.101134][T14033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1019.266642][T14211] loop9: detected capacity change from 0 to 8 [ 1020.419813][T14214] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1020.853947][T14033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1023.396835][T14033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1023.622672][T14033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1023.629833][T14033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1023.656061][T14033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1026.647829][T14033] device hsr_slave_0 entered promiscuous mode [ 1026.675974][T14033] device hsr_slave_1 entered promiscuous mode [ 1026.839022][T14033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1027.003075][T14033] Cannot create hsr debugfs directory [ 1028.512754][T14266] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2400'. [ 1028.600603][T14266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2400'. [ 1029.353738][T14290] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1029.996840][T14285] loop9: detected capacity change from 0 to 1764 [ 1031.078384][T14302] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1032.954186][T14309] x_tables: unsorted underflow at hook 1 [ 1033.555692][T14309] loop9: detected capacity change from 0 to 256 [ 1033.620509][T14309] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 1036.138715][T14329] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1036.148656][T14330] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1039.244419][T14347] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1041.474083][T14369] loop9: detected capacity change from 0 to 256 [ 1042.058318][T14372] trusted_key: encrypted_key: insufficient parameters specified [ 1042.786183][T14319] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1045.036773][T14395] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1045.996672][T14399] trusted_key: encrypted_key: insufficient parameters specified [ 1048.356193][ T4269] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1048.370590][ T4269] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1048.380122][ T4269] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1049.218381][ T4269] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1049.226085][ T4269] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1049.233849][ T4269] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1049.318278][ T4502] device hsr_slave_0 left promiscuous mode [ 1049.413944][ T4502] device hsr_slave_1 left promiscuous mode [ 1049.431284][ T4502] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1049.933365][T14436] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1051.488463][T14439] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1052.045912][ T4267] Bluetooth: hci5: command 0x0409 tx timeout [ 1052.948601][ T4502] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1053.067799][T14441] loop9: detected capacity change from 0 to 1764 [ 1053.076541][ T4502] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1053.095427][ T4502] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1053.116341][ T4502] device bridge_slave_1 left promiscuous mode [ 1053.174533][ T4502] bridge0: port 2(bridge_slave_1) entered disabled state [ 1053.244840][ T4502] device bridge_slave_0 left promiscuous mode [ 1053.430161][ T4502] bridge0: port 1(bridge_slave_0) entered disabled state [ 1053.438555][T14445] x_tables: unsorted underflow at hook 1 [ 1054.168348][ T4267] Bluetooth: hci5: command 0x041b tx timeout [ 1054.230894][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.237336][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.656151][ T4502] device veth1_macvtap left promiscuous mode [ 1054.675403][ T4502] device veth0_macvtap left promiscuous mode [ 1054.702371][ T4502] device veth1_vlan left promiscuous mode [ 1054.721533][ T4502] device veth0_vlan left promiscuous mode [ 1055.661620][T14470] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1056.298434][ T4269] Bluetooth: hci5: command 0x040f tx timeout [ 1056.652606][T14478] loop9: detected capacity change from 0 to 1764 [ 1056.671402][ T4267] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1056.709629][ T4260] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1056.730280][ T4260] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1057.203850][ T4260] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1057.475043][ T4267] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1057.484194][ T4267] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1058.464581][ T4269] Bluetooth: hci5: command 0x0419 tx timeout [ 1059.882350][ T4267] Bluetooth: hci3: command 0x0409 tx timeout [ 1060.798701][T14522] trusted_key: encrypted_key: insufficient parameters specified [ 1062.249667][ T4267] Bluetooth: hci3: command 0x041b tx timeout [ 1063.286667][ T4502] team0 (unregistering): Port device team_slave_1 removed [ 1063.386311][ T4502] team0 (unregistering): Port device team_slave_0 removed [ 1064.702223][ T4269] Bluetooth: hci3: command 0x040f tx timeout [ 1064.704487][T14539] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1065.537156][ T4502] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1065.727755][ T4502] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1066.779531][ T4267] Bluetooth: hci3: command 0x0419 tx timeout [ 1068.235294][T14553] x_tables: unsorted underflow at hook 1 [ 1068.482996][ T4502] bond0 (unregistering): Released all slaves [ 1068.760485][T14558] trusted_key: encrypted_key: master key parameter 'uRtڭKJCV7' is invalid [ 1069.747039][T14413] lo speed is unknown, defaulting to 1000 [ 1070.358284][ C1] ------------[ cut here ]------------ [ 1070.364428][ C1] refcount_t: addition on 0; use-after-free. [ 1070.370853][ C1] WARNING: CPU: 1 PID: 14565 at lib/refcount.c:25 refcount_warn_saturate+0xff/0x1a0 [ 1070.380314][ C1] Modules linked in: [ 1070.384233][ C1] CPU: 1 PID: 14565 Comm: syz.3.2460 Not tainted 6.1.141-syzkaller #0 [ 1070.392537][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1070.402642][ C1] RIP: 0010:refcount_warn_saturate+0xff/0x1a0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1070.408784][ C1] Code: 09 01 48 c7 c7 a0 d2 be 8a e8 ad 30 45 fd 0f 0b eb e0 e8 f4 1d 79 fd c6 05 fa 72 e2 09 01 48 c7 c7 e0 d1 be 8a e8 91 30 45 fd <0f> 0b eb c4 e8 d8 1d 79 fd c6 05 df 72 e2 09 01 48 c7 c7 40 d2 be [ 1070.428572][ C1] RSP: 0018:ffffc900001e0688 EFLAGS: 00010246 [ 1070.434657][ C1] RAX: 8b7154206aa70100 RBX: 0000000000000002 RCX: ffff8880297a8000 [ 1070.442769][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 1070.450829][ C1] RBP: ffffc900001e07e8 R08: dffffc0000000000 R09: fffff5200003c061 [ 1070.458881][ C1] R10: fffff5200003c061 R11: 1ffff9200003c060 R12: ffff88801dbd1c40 [ 1070.466892][ C1] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880753b5848 [ 1070.474951][ C1] FS: 00007fa0027b06c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1070.483969][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1070.490634][ C1] CR2: 00007ff8ef585193 CR3: 000000001d33b000 CR4: 00000000003506e0 [ 1070.498778][ C1] DR0: 0000000000000007 DR1: 0000000000000002 DR2: 0000000000000008 [ 1070.506773][ C1] DR3: 1000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1070.514858][ C1] Call Trace: [ 1070.518217][ C1] [ 1070.521092][ C1] tipc_crypto_xmit+0x17a9/0x2300 [ 1070.526205][ C1] ? tipc_crypto_do_cmd+0xde0/0xde0 [ 1070.531498][ C1] ? skb_clone+0x21b/0x370 [ 1070.536076][ C1] ? tipc_crypto_clone_msg+0x33/0x160 [ 1070.541565][ C1] tipc_crypto_clone_msg+0x91/0x160 [ 1070.546845][ C1] tipc_crypto_xmit+0x1928/0x2300 [ 1070.551981][ C1] ? tipc_crypto_do_cmd+0xde0/0xde0 [ 1070.557229][ C1] tipc_bearer_xmit_skb+0x242/0x3f0 [ 1070.562521][ C1] ? tipc_bearer_xmit_skb+0xa6/0x3f0 [ 1070.567856][ C1] ? tipc_bearer_min_mtu+0x1c0/0x1c0 [ 1070.573259][ C1] tipc_disc_timeout+0x568/0x6b0 [ 1070.578286][ C1] ? tipc_disc_init_msg+0x570/0x570 [ 1070.583550][ C1] call_timer_fn+0x1a0/0x670 [ 1070.588238][ C1] ? tipc_disc_init_msg+0x570/0x570 [ 1070.593497][ C1] ? call_timer_fn+0xc1/0x670 [ 1070.598268][ C1] ? __run_timers+0x7c0/0x7c0 [ 1070.602991][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1070.608309][ C0] ------------[ cut here ]------------ [ 1070.613817][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 1070.613844][ C1] ? tipc_disc_init_msg+0x570/0x570 [ 1070.613873][ C1] __run_timers+0x525/0x7c0 [ 1070.619086][ C0] refcount_t: saturated; leaking memory. [ 1070.619610][ C0] WARNING: CPU: 0 PID: 0 at lib/refcount.c:22 refcount_warn_saturate+0x153/0x1a0 [ 1070.624308][ C1] ? detach_timer+0x350/0x350 [ 1070.628824][ C0] Modules linked in: [ 1070.628841][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.141-syzkaller #0 [ 1070.634487][ C1] ? lock_chain_count+0x20/0x20 [ 1070.643619][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1070.643637][ C0] RIP: 0010:refcount_warn_saturate+0x153/0x1a0 [ 1070.648346][ C1] run_timer_softirq+0x63/0xf0 [ 1070.652225][ C0] Code: 09 01 48 c7 c7 80 d1 be 8a e8 59 30 45 fd 0f 0b eb 8c e8 a0 1d 79 fd c6 05 a5 72 e2 09 01 48 c7 c7 80 d1 be 8a e8 3d 30 45 fd <0f> 0b e9 6d ff ff ff e8 81 1d 79 fd c6 05 8a 72 e2 09 01 48 c7 c7 [ 1070.659968][ C1] handle_softirqs+0x2a1/0x920 [ 1070.664800][ C0] RSP: 0018:ffffc90000007688 EFLAGS: 00010246 [ 1070.674899][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 1070.681057][ C0] [ 1070.681066][ C0] RAX: e52ea3412c8bea00 RBX: 0000000000000001 RCX: ffffffff8c6bc680 [ 1070.685922][ C1] ? do_softirq+0x200/0x200 [ 1070.705595][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 1070.710392][ C1] ? irqtime_account_irq+0xb2/0x1b0 [ 1070.716439][ C0] RBP: ffffc900000077e8 R08: dffffc0000000000 R09: fffffbfff211707c [ 1070.721329][ C1] __irq_exit_rcu+0x12f/0x220 [ 1070.723642][ C0] R10: fffffbfff211707c R11: 1ffffffff211707b R12: ffff88801dbd1c40 [ 1070.731650][ C1] ? irq_exit_rcu+0x20/0x20 [ 1070.736169][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff888058241848 [ 1070.744198][ C1] irq_exit_rcu+0x5/0x20 [ 1070.749393][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1070.757395][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 1070.762092][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1070.770102][ C1] [ 1070.774586][ C0] CR2: 00007fefb4ce7d60 CR3: 000000001d33b000 CR4: 00000000003506f0 [ 1070.782588][ C1] [ 1070.786848][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1070.795828][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1070.801556][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1070.808205][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 [ 1070.811151][ C0] Call Trace: [ 1070.811162][ C0] [ 1070.819154][ C1] Code: 74 05 e8 ce 97 6d f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 c6 13 3e f7 65 8b 05 97 d4 e8 75 85 c0 74 3c 48 c7 04 24 0e 36 [ 1070.822103][ C0] tipc_crypto_xmit+0x17a9/0x2300 [ 1070.830115][ C1] RSP: 0018:ffffc90003dc75a0 EFLAGS: 00000206 [ 1070.836107][ C0] ? tipc_crypto_do_cmd+0xde0/0xde0 [ 1070.844091][ C1] [ 1070.850620][ C0] ? skb_clone+0x21b/0x370 [ 1070.853928][ C1] RAX: 8b7154206aa70100 RBX: 0000000000000a06 RCX: 8b7154206aa70100 [ 1070.856807][ C0] ? tipc_crypto_clone_msg+0x33/0x160 [ 1070.876492][ C1] RDX: dffffc0000000000 RSI: ffffffff8a6bffe0 RDI: 0000000000000001 [ 1070.881552][ C0] tipc_crypto_clone_msg+0x91/0x160 [ 1070.887620][ C1] RBP: ffffc90003dc7630 R08: dffffc0000000000 R09: fffffbfff211705d [ 1070.892843][ C0] tipc_crypto_xmit+0x1928/0x2300 [ 1070.895169][ C1] R10: fffffbfff211705d R11: 1ffffffff211705c R12: dffffc0000000000 [ 1070.899643][ C0] ? tipc_crypto_do_cmd+0xde0/0xde0 [ 1070.907603][ C1] R13: 0000000000000000 R14: ffff8880781196c0 R15: 1ffff920007b8eb4 [ 1070.913025][ C0] tipc_bearer_xmit_skb+0x242/0x3f0 [ 1070.921050][ C1] ? _raw_spin_unlock+0x40/0x40 [ 1070.926220][ C0] ? tipc_bearer_xmit_skb+0xa6/0x3f0 [ 1070.934262][ C1] ? __wake_up_common+0x2a4/0x4e0 [ 1070.939392][ C0] ? tipc_bearer_min_mtu+0x1c0/0x1c0 [ 1070.947409][ C1] __wake_up_sync_key+0x11b/0x180 [ 1070.952635][ C0] tipc_disc_timeout+0x568/0x6b0 [ 1070.960653][ C1] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 1070.965864][ C0] ? tipc_disc_init_msg+0x570/0x570 [ 1070.970759][ C1] ? sock_load_diag_module+0x130/0x130 [ 1070.976047][ C0] call_timer_fn+0x1a0/0x670 [ 1070.981089][ C1] __unix_dgram_recvmsg+0x498/0xd70 [ 1070.986365][ C0] ? tipc_disc_init_msg+0x570/0x570 [ 1070.991459][ C1] ? unix_unhash+0x10/0x10 [ 1070.996389][ C0] ? call_timer_fn+0xc1/0x670 [ 1071.002447][ C1] ? mark_lock+0x94/0x320 [ 1071.007656][ C0] ? __run_timers+0x7c0/0x7c0 [ 1071.013176][ C1] ? unix_dgram_recvmsg+0xa9/0xd0 [ 1071.017760][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1071.022984][ C1] ? unix_dgram_sendmsg+0x16c0/0x16c0 [ 1071.028199][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 1071.032628][ C1] ____sys_recvmsg+0x292/0x580 [ 1071.037345][ C0] ? tipc_disc_init_msg+0x570/0x570 [ 1071.041761][ C1] ? __sys_recvmsg_sock+0x40/0x40 [ 1071.046442][ C0] __run_timers+0x525/0x7c0 [ 1071.051556][ C1] ? import_iovec+0x6f/0xa0 [ 1071.056756][ C0] ? detach_timer+0x350/0x350 [ 1071.062189][ C1] ___sys_recvmsg+0x1b2/0x510 [ 1071.067511][ C0] ? lock_chain_count+0x20/0x20 [ 1071.072348][ C1] ? __sys_recvmsg+0x270/0x270 [ 1071.077561][ C0] run_timer_softirq+0x63/0xf0 [ 1071.082638][ C1] ? __lock_acquire+0x7c50/0x7c50 [ 1071.087104][ C0] handle_softirqs+0x2a1/0x920 [ 1071.091640][ C1] ? __might_fault+0xc2/0x120 [ 1071.096336][ C0] ? __irq_exit_rcu+0x12f/0x220 [ 1071.101037][ C1] ? __might_fault+0xa6/0x120 [ 1071.105885][ C0] ? do_softirq+0x200/0x200 [ 1071.110667][ C1] do_recvmmsg+0x359/0x7d0 [ 1071.115415][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 1071.120469][ C1] ? __sys_recvmmsg+0x280/0x280 [ 1071.125213][ C0] __irq_exit_rcu+0x12f/0x220 [ 1071.129915][ C1] ? do_futex+0x310/0x320 [ 1071.134757][ C0] ? irq_exit_rcu+0x20/0x20 [ 1071.139471][ C1] ? __lock_acquire+0x7c50/0x7c50 [ 1071.144052][ C0] irq_exit_rcu+0x5/0x20 [ 1071.148485][ C1] ? rcu_read_lock_sched_held+0x86/0xf0 [ 1071.153678][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 1071.158592][ C1] ? __se_sys_futex+0x14a/0x440 [ 1071.163262][ C0] [ 1071.167593][ C1] __x64_sys_recvmmsg+0x18d/0x240 [ 1071.172107][ C0] [ 1071.172120][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1071.177175][ C1] ? do_recvmmsg+0x7d0/0x7d0 [ 1071.181429][ C0] RIP: 0010:default_idle+0xb/0x10 [ 1071.186982][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 1071.192632][ C0] Code: 48 89 df e8 47 d4 b8 f7 e9 4c ff ff ff e8 bd 15 f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 66 90 0f 00 2d 17 24 4d 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48 [ 1071.197493][ C1] do_syscall_64+0x4c/0xa0 [ 1071.200439][ C0] RSP: 0018:ffffffff8c607d88 EFLAGS: 000002c6 [ 1071.205472][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1071.208459][ C0] [ 1071.208468][ C0] RAX: e52ea3412c8bea00 RBX: ffffffff8a197f77 RCX: e52ea3412c8bea00 [ 1071.214447][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1071.219056][ C0] RDX: 0000000000000001 RSI: ffffffff8a6bffe0 RDI: ffffffff8abf1360 [ 1071.224089][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1071.229314][ C0] RBP: ffffffff8c607ec0 R08: dffffc0000000000 R09: ffffed10171c6af6 [ 1071.249065][ C1] RIP: 0033:0x7fa00198e929 [ 1071.253477][ C0] R10: ffffed10171c6af6 R11: 1ffff110171c6af5 R12: 0000000000000000 [ 1071.259578][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1071.264247][ C0] R13: dffffc0000000000 R14: ffffffff8c6bc680 R15: 1ffffffff1bfd0f6 [ 1071.266573][ C1] RSP: 002b:00007fa0027b0038 EFLAGS: 00000246 [ 1071.274571][ C0] ? default_idle_call+0x77/0xc0 [ 1071.279279][ C1] ORIG_RAX: 000000000000012b [ 1071.287257][ C0] default_idle_call+0x84/0xc0 [ 1071.293184][ C1] RAX: ffffffffffffffda RBX: 00007fa001bb6080 RCX: 00007fa00198e929 [ 1071.301171][ C0] do_idle+0x1fc/0x570 [ 1071.305590][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1071.313593][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 1071.333223][ C1] RBP: 00007fa001a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1071.341218][ C0] ? asm_sysvec_call_function_single+0x16/0x20 [ 1071.347281][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1071.352250][ C0] ? schedule_idle+0x57/0x90 [ 1071.356912][ C1] R13: 0000000000000000 R14: 00007fa001bb6080 R15: 00007fff44f45ed8 [ 1071.361694][ C0] cpu_startup_entry+0x3f/0x60 [ 1071.369742][ C1] [ 1071.373801][ C0] rest_init+0x2dc/0x300 [ 1071.381829][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1071.381841][ C1] CPU: 1 PID: 14565 Comm: syz.3.2460 Not tainted 6.1.141-syzkaller #0 [ 1071.381861][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1071.381872][ C1] Call Trace: [ 1071.381878][ C1] [ 1071.381885][ C1] dump_stack_lvl+0x168/0x22e [ 1071.381912][ C1] ? memcpy+0x3c/0x60 [ 1071.381936][ C1] ? show_regs_print_info+0x12/0x12 [ 1071.381968][ C1] ? load_image+0x3b0/0x3b0 [ 1071.382008][ C1] panic+0x2c9/0x710 [ 1071.382038][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 1071.382077][ C1] __warn+0x2f8/0x4f0 [ 1071.382096][ C1] ? refcount_warn_saturate+0xff/0x1a0 [ 1071.382131][ C1] ? refcount_warn_saturate+0xff/0x1a0 [ 1071.382162][ C1] report_bug+0x2ba/0x4f0 [ 1071.382192][ C1] ? refcount_warn_saturate+0xff/0x1a0 [ 1071.382228][ C1] handle_bug+0x3a/0x70 [ 1071.382257][ C1] exc_invalid_op+0x16/0x40 [ 1071.382289][ C1] asm_exc_invalid_op+0x16/0x20 [ 1071.382309][ C1] RIP: 0010:refcount_warn_saturate+0xff/0x1a0 [ 1071.382342][ C1] Code: 09 01 48 c7 c7 a0 d2 be 8a e8 ad 30 45 fd 0f 0b eb e0 e8 f4 1d 79 fd c6 05 fa 72 e2 09 01 48 c7 c7 e0 d1 be 8a e8 91 30 45 fd <0f> 0b eb c4 e8 d8 1d 79 fd c6 05 df 72 e2 09 01 48 c7 c7 40 d2 be [ 1071.382361][ C1] RSP: 0018:ffffc900001e0688 EFLAGS: 00010246 [ 1071.382383][ C1] RAX: 8b7154206aa70100 RBX: 0000000000000002 RCX: ffff8880297a8000 [ 1071.382401][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 1071.382416][ C1] RBP: ffffc900001e07e8 R08: dffffc0000000000 R09: fffff5200003c061 [ 1071.382434][ C1] R10: fffff5200003c061 R11: 1ffff9200003c060 R12: ffff88801dbd1c40 [ 1071.382462][ C1] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880753b5848 [ 1071.382497][ C1] ? refcount_warn_saturate+0xff/0x1a0 [ 1071.382527][ C1] tipc_crypto_xmit+0x17a9/0x2300 [ 1071.382585][ C1] ? tipc_crypto_do_cmd+0xde0/0xde0 [ 1071.382626][ C1] ? skb_clone+0x21b/0x370 [ 1071.382660][ C1] ? tipc_crypto_clone_msg+0x33/0x160 [ 1071.382699][ C1] tipc_crypto_clone_msg+0x91/0x160 [ 1071.382741][ C1] tipc_crypto_xmit+0x1928/0x2300 [ 1071.382797][ C1] ? tipc_crypto_do_cmd+0xde0/0xde0 [ 1071.382843][ C1] tipc_bearer_xmit_skb+0x242/0x3f0 [ 1071.382878][ C1] ? tipc_bearer_xmit_skb+0xa6/0x3f0 [ 1071.382913][ C1] ? tipc_bearer_min_mtu+0x1c0/0x1c0 [ 1071.382960][ C1] tipc_disc_timeout+0x568/0x6b0 [ 1071.382993][ C1] ? tipc_disc_init_msg+0x570/0x570 [ 1071.383039][ C1] call_timer_fn+0x1a0/0x670 [ 1071.383063][ C1] ? tipc_disc_init_msg+0x570/0x570 [ 1071.383088][ C1] ? call_timer_fn+0xc1/0x670 [ 1071.383109][ C1] ? __run_timers+0x7c0/0x7c0 [ 1071.383142][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1071.383174][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 1071.383194][ C1] ? tipc_disc_init_msg+0x570/0x570 [ 1071.383222][ C1] __run_timers+0x525/0x7c0 [ 1071.383262][ C1] ? detach_timer+0x350/0x350 [ 1071.383293][ C1] ? lock_chain_count+0x20/0x20 [ 1071.383331][ C1] run_timer_softirq+0x63/0xf0 [ 1071.383368][ C1] handle_softirqs+0x2a1/0x920 [ 1071.383413][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 1071.383462][ C1] ? do_softirq+0x200/0x200 [ 1071.383503][ C1] ? irqtime_account_irq+0xb2/0x1b0 [ 1071.383541][ C1] __irq_exit_rcu+0x12f/0x220 [ 1071.383576][ C1] ? irq_exit_rcu+0x20/0x20 [ 1071.383622][ C1] irq_exit_rcu+0x5/0x20 [ 1071.383654][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 1071.383691][ C1] [ 1071.383699][ C1] [ 1071.383707][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1071.383730][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 [ 1071.383765][ C1] Code: 74 05 e8 ce 97 6d f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 c6 13 3e f7 65 8b 05 97 d4 e8 75 85 c0 74 3c 48 c7 04 24 0e 36 [ 1071.383784][ C1] RSP: 0018:ffffc90003dc75a0 EFLAGS: 00000206 [ 1071.383803][ C1] RAX: 8b7154206aa70100 RBX: 0000000000000a06 RCX: 8b7154206aa70100 [ 1071.383820][ C1] RDX: dffffc0000000000 RSI: ffffffff8a6bffe0 RDI: 0000000000000001 [ 1071.383837][ C1] RBP: ffffc90003dc7630 R08: dffffc0000000000 R09: fffffbfff211705d [ 1071.383855][ C1] R10: fffffbfff211705d R11: 1ffffffff211705c R12: dffffc0000000000 [ 1071.383873][ C1] R13: 0000000000000000 R14: ffff8880781196c0 R15: 1ffff920007b8eb4 [ 1071.383909][ C1] ? _raw_spin_unlock+0x40/0x40 [ 1071.383941][ C1] ? __wake_up_common+0x2a4/0x4e0 [ 1071.383981][ C1] __wake_up_sync_key+0x11b/0x180 [ 1071.384015][ C1] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 1071.384053][ C1] ? sock_load_diag_module+0x130/0x130 [ 1071.384097][ C1] __unix_dgram_recvmsg+0x498/0xd70 [ 1071.384138][ C1] ? unix_unhash+0x10/0x10 [ 1071.384173][ C1] ? mark_lock+0x94/0x320 [ 1071.384209][ C1] ? unix_dgram_recvmsg+0xa9/0xd0 [ 1071.384237][ C1] ? unix_dgram_sendmsg+0x16c0/0x16c0 [ 1071.384266][ C1] ____sys_recvmsg+0x292/0x580 [ 1071.384314][ C1] ? __sys_recvmsg_sock+0x40/0x40 [ 1071.384367][ C1] ? import_iovec+0x6f/0xa0 [ 1071.384395][ C1] ___sys_recvmsg+0x1b2/0x510 [ 1071.384437][ C1] ? __sys_recvmsg+0x270/0x270 [ 1071.384502][ C1] ? __lock_acquire+0x7c50/0x7c50 [ 1071.384540][ C1] ? __might_fault+0xc2/0x120 [ 1071.384565][ C1] ? __might_fault+0xa6/0x120 [ 1071.384594][ C1] do_recvmmsg+0x359/0x7d0 [ 1071.384638][ C1] ? __sys_recvmmsg+0x280/0x280 [ 1071.384674][ C1] ? do_futex+0x310/0x320 [ 1071.384719][ C1] ? __lock_acquire+0x7c50/0x7c50 [ 1071.384747][ C1] ? rcu_read_lock_sched_held+0x86/0xf0 [ 1071.384782][ C1] ? __se_sys_futex+0x14a/0x440 [ 1071.384824][ C1] __x64_sys_recvmmsg+0x18d/0x240 [ 1071.384864][ C1] ? do_recvmmsg+0x7d0/0x7d0 [ 1071.384904][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 1071.384931][ C1] do_syscall_64+0x4c/0xa0 [ 1071.384960][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1071.384983][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1071.385008][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1071.385044][ C1] RIP: 0033:0x7fa00198e929 [ 1071.385065][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1071.385084][ C1] RSP: 002b:00007fa0027b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1071.385108][ C1] RAX: ffffffffffffffda RBX: 00007fa001bb6080 RCX: 00007fa00198e929 [ 1071.385125][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1071.385141][ C1] RBP: 00007fa001a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1071.385155][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1071.385171][ C1] R13: 0000000000000000 R14: 00007fa001bb6080 R15: 00007fff44f45ed8 [ 1071.385203][ C1] [ 1071.387386][ C1] Kernel Offset: disabled [ 1072.078850][ C1] Rebooting in 86400 seconds..