last executing test programs:

1m52.324586513s ago: executing program 3 (id=494):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
getpid()
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup.cpu/cpuset.cpus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x1a1342, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xa8}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f00000007c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={@ifindex, r4, 0x3}, 0x12)
sched_setscheduler(0x0, 0x2, 0x0)

1m51.313524902s ago: executing program 3 (id=499):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket(0x2, 0x3, 0x6)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x2, 0x0, @multicast2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f00000001c0))
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32], 0x0}, 0x94)

1m49.792911951s ago: executing program 3 (id=505):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r4, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
pipe2(&(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000240)={{&(0x7f00003a2000/0x2000)=nil, 0x2000}, 0x2})
write$uinput_user_dev(r5, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x6, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)

1m48.592860575s ago: executing program 3 (id=508):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@nombcache}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==")
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@ipv6_newrule={0x1c, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0x6, 0x0, 0x0, 0x1, 0x10002}}, 0x1c}, 0x1, 0x0, 0x0, 0x20008081}, 0x20040080)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

1m47.742438292s ago: executing program 3 (id=509):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000fd0000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB], 0x50)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x8, 0x4, 0x3}, 0x48)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r4, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r3, &(0x7f0000000080), &(0x7f0000000180)=@tcp=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000400)={r3, &(0x7f0000000080), 0x20000000}, 0x20)

1m47.205881224s ago: executing program 3 (id=512):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

1m47.044102786s ago: executing program 32 (id=512):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

1m31.407388201s ago: executing program 1 (id=552):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000000}}, {@jqfmt_vfsv0}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP")
mlock2(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x650ce4b086bd440f)

1m31.070527067s ago: executing program 1 (id=553):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f00000002c0)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@usrjquota}, {@acl}, {@grpjquota}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000200))
pipe2$9p(0x0, 0x800)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000009000/0x4000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

1m30.682426767s ago: executing program 1 (id=555):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r2)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@delchain={0x48, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0x15}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xffffffffffffffa1, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40044}, 0x4804)

1m30.198729705s ago: executing program 1 (id=559):
open(0x0, 0x143bc2, 0x1c0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x6}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40086610, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x1)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x985201)
r2 = open(&(0x7f0000000200)='./file2\x00', 0x1c587f, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000000c0)={r2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1b, 0x0, "8db7a645ed46d5335dfa1ab0a34a10622e64ee4edb80cc9bd36b93b23733e6180aa539ec68114b5aba1c98911df5d030b49f32393a93ea4d0436aa3592a47913", "fc0177a6f3bb16d5d5568693e0e50bbf206c9d8db97cd01095e7ea15b0ba5f8a654e14dc7c4cc6b50488873b3acc6e02cd3eac8be657b534bfa1142100696b29", "c921095856cdf9fd81992394e3c7a178fb1c16c99189819ef400", [0x80, 0x87]}})
r3 = syz_open_dev$loop(&(0x7f0000000280), 0xffffffff, 0x4000)
ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f00000002c0)={0x0, {}, 0x0, {}, 0x2, 0x2, 0x10, 0x1d, "22b409b08352294f11220b333898db01a0cabd40f4ab6fd3d77c222fce572f35a956e7922ed67d4a8a5d47375dafa2face2ae4a77b721d437a1395578ec747c3", "1cae94a1e05df9e1478038136088ce23dc3cc42ebe9a8ab6769db2db8d8e9b52", [0x7, 0x80]})

1m29.23959449s ago: executing program 1 (id=561):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKU2aRJfKnioR9FiQe91SaahdNMt2U1pYsH2YC9epAgiFsS73j0W/wH/ioIWipSgBy+R2czmpdlNtukmu+1+PjDheWZm93memfk+eZ6dWTaAvjWS/SlEvBwR3yQRRyIiybcVI984srLf0uObU9mSxPLyp38l9f2yfOO9Gq87lGdeiojfvoo4VdhcbnVh8UqpXE7n8vxYbfbaWHVh8fTl2dJMOpNenZicPPv25MR7777Tsba+ceGf7z+5/+HZr08sfffLw6N3kzgXh/Nt69vxDG6tz4zESH5MBuPcEzuOd6CwXpJ0uwLsyEAe54OR9QFHYiCPeuDF92VELAN9KhH/0Kca44DG3L5D8+DnxqMPViZAm9tfXPlsJPbX50YHl5INM6NsvjvcgfKzMn79897dbInOfQ4BsK1btyPiTLG4uf9L8v5v5860sc+TZej/YO/cz8Y/bzYb/xRWxz/RZPxzqEns7sT28V942IFiWsrGf+/n5e7fUP7qTavhgTz3v/qYbzC5dLmcZn3b/yPiZAzuy/Jb3c85u/RgudW29eO/bMnKb4wF83o8LO7b+JrpUq30LG1e79HtiFeajn+T1fOfNDn/2fG40GYZx9N7r7Xatn37d9fyTxGvN53/rN3RSra+PzlWvx7GGlfFZn/fOf77xjVrR7Lb7c/O/8Gt2z+crL9fW336Mn7c/2/aatuG9kf71/9Q8lk9PZSvu1Gq1ebGI4aSjzevn1h7bSPf2D9r/8kTW/d/za7/AxHxeZvtv3Ps51fban+Xzv/0U53/p088+OiLH1qV317/91Y9dTJf007/124Fn+XYAQAAAAAAQK8pRMThSAqjq+lCYXR05fmOY3GwUK5Ua6cuVeavTkf9u7LDMVho3Ok+su55iPH8edhGfuKJ/GREHI2IbwcO1POjU5XydLcbDwAAAAAAAAAAAAAAAAAAAD3iUIvv/2f+GOh27YBd18ZPfg/tRT2Avbdt/Hfil56AntTG/3/gBSX+oX+Jf+hf4h/6l/iH/iX+oX+Jf+hf4h8AAAAAAAAAAAAAAAAAAAAAAAAAAAA66sL589myvPT45lSWn76+MH+lcv30dFot5LvMXRudqVRmyunoVGV2u/crVyrXxidi/sZYLa3WxqoLixdnK/NXaxcvz5Zm0ovp4K63CAAAAAAAAAAAAAAAAAAAAJ4/1YXFK6VyOZ2TkNhRotgb1ehSotgb1diFRLd7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY818AAAD//0h7Mcc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

1m27.660894734s ago: executing program 1 (id=565):
pipe2$9p(0x0, 0x0)
getsockopt(0xffffffffffffffff, 0x1, 0xf, 0x0, &(0x7f0000000040))
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
close(0xffffffffffffffff)
syz_open_dev$usbfs(0x0, 0xd, 0x20041)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000340)={'tunl0\x00', &(0x7f0000000200)=@ethtool_pauseparam={0x3f, 0x7, 0x7fff, 0x401}})

1m27.297989872s ago: executing program 33 (id=565):
pipe2$9p(0x0, 0x0)
getsockopt(0xffffffffffffffff, 0x1, 0xf, 0x0, &(0x7f0000000040))
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
close(0xffffffffffffffff)
syz_open_dev$usbfs(0x0, 0xd, 0x20041)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000340)={'tunl0\x00', &(0x7f0000000200)=@ethtool_pauseparam={0x3f, 0x7, 0x7fff, 0x401}})

48.577968173s ago: executing program 0 (id=713):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000006c0)={@multicast, @remote, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x26, 0x1c, 0x67, 0x0, 0x9, 0x2, 0x0, @remote, @broadcast}, {0x11, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
socket$key(0xf, 0x3, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x0, 0x0})
symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00')
lstat(&(0x7f0000000200)='./file0\x00', 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000400)='net/sockstat\x00')
preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1, 0x0, 0x0)

42.920591906s ago: executing program 0 (id=744):
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000140))
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000300))

42.678298985s ago: executing program 0 (id=746):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2000844, &(0x7f00000008c0)=ANY=[@ANYBLOB='errors=remount-ro,showexec,uid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000001,dmask=00000000000000000000005,dots,nodots,dots,nodots,debug,allow_utime=00000000000000000000011,gid=', @ANYRESDEC, @ANYRESOCT], 0x1, 0x24b, &(0x7f0000000540)="$eJzs3b9u01AUB+DTNm1DFzojBkssTBXwBlYVJIQlpCAPMGGpsLQIyV0MU16BjWfgkXiMTt2MWpfG/QMDxDipv0+KfKKfr3Tukrv4xO8efjw8+HT8of7xLcbjJEYRsziN2I312IjG2sV1/bzeirZZtEIAYCVMp0Xadw/8i82rX9du3lGWaXF21/aNpK47bAwAAAAAAAAAAIAOLez5fwBgZXj+/+4ry7TYuXVEM//eS0MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEXFa1/frP3z67g8AWDznPwAMj/MfAIbH+Q8Aw/P6zduXaZZNpkkyjjiZVXmVN9cmf/4imzxJzu3OV51U+19/1dnkaZMn7bzKN2PnYv2zW/OtePyoyc+y/VfZtXw7DjreOwAAAAAAAAAAAAAAAAAAACyLveTSlfn+Kt9o8r3f5U3V+n+Aa/P7o3gw+m/bAAAAAAAAAAAAAAAAAAAAgJV2/PnLYXF09L5UKC6Le/EXq8axHM0rFlL0/csEAAAAAAAAAAAAAAAAAADDMx/67bsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjP/P3/3RV97xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYhp8BAAD//91hkqw=")
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[], 0xc)

41.326241841s ago: executing program 0 (id=752):
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000002380)='./file1\x00', 0x3a0cc0a, &(0x7f0000000140)={[], [{@uid_eq}], 0x2c}, 0x3, 0x9f4, &(0x7f0000000380)="$eJzs3U1sHGf9B/Dv+CXx343StM2/hKptNilp3TY4tkNTol5I7HXi4hdkO1IjhJrSJCiKRVFLpbbiECTEiQoOiAPcKnHhVKmX9oJygysXDkioZ24Vp4gDi2Z2HTux12unjjdJPx9rPW+/eZ7f4xnPI4935wn3s0ajUb3ucPncn3YyWe49pyc+/+jjD8vXz69lV3rzUvFpMpCklvQlOZD0j0/Mz810KOhqciHJ9aRIsjvN6aZcSPHr7FlZvp7iD2W9lXN32DA2pcFXWrfPPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBcV4xMjI6NFpqdmz71Wa68aArzdxp6V8j6rRv0uPutYb1KUrwwMLA/1fWD/yubHy2+H82Rz6clqQPIM5IOHHt/3ymN9Pcv7b5DwVvy3NRjylnd85/0Prr6xtHTp7W1K5H5zpj47tTA3NXPqTL02tTBXO3nixMixs5MLtcmp6frC+YXF+kxtfL5+anFuvjY0/nxt9OTJ47X68Pm5c7NnJoan68srX/7m2MjIidqrw9+rn5pfmJs99urwwvjZqenpqdkzVUy5uYx5uTwRvzu1WFusn5qp1S5fWbp0/JaM1jklyqDRTi0pg8Y6BY2NjI2Njo6NjZ546eRLL4+M9K2s6E21YuQ2WbPLzZM2e7Jd5y/d9/uezUZu8xUc7lxPq//PdKYym3N5LbV1v8YzkfnMZabN9pbl/v/IsfqG9a7u/5d7+QMrm59I1f8/3Vx6ul3/3yaXnft6J+/ng1zNG1nKUi7l7Vu27r6DEhuN9Vv1x781fxbdbvGtX2dSz2ymspC5TGUmp6o1tdaaWk7mRE5kJK/nbCazkFomM5Xp1LOQ81nIYurVGTWe+dRzKot9zTYOZTzPp5bRnMzJHE8t9QznfOZyLrM5k4mcqkq5nCvVz/34BjneDBrdTNDYBkEb9P+tFVvo//mK2u5LONyxRqv/39U5dGh8JxICAAAAtt3X/5q9+x/9yz+T/jxV3WMHAAAAHjTV2/WeLCf95dxTKSanpusjawPf3fncAAAAgO1RVJ+xK5IM5mBzbvmTUOvcBAAAAADuR9X//58uJ4Pl3MEU/v4HAACAB03nZ+x3jCiOppZr5abaxWbkxVZE6zm/g5NT0/Xh8bnpV0bzbPWUgeqTBmtK682+pPr4wQs51Iw6NNicDt5a4kAZNTr8ymgGcrjVkKFnyskzQ+tEjpWRL+S5ZuRzy5EDWRN5vIwEgAfd4Q364832/y/kaDPi6BPV49v7nlinDx7RswLAvaLzGDsdI4pvLQ//0+bv/95cPth8S8Fw3sxbWcrFHK0+bVC946BVaq4XWSl1cNXbEI52uBswuGqEl6PL9wMO7ln3fsBgX24O9HJ0zR2BduUeX/dnV2z70QCAnXF4TT+8Qf/faDTn1tz/3/jv/0FvKQSAe8rNEezv4sztdfZ3p6kAQMuqXnrz3XLvXU0JAAAAAAAAAAAAAAAAAAAAAAAAAAAA7nt38/n/PUnu7sgCX2LmWpLd3U9jh2f+1Trsaza11l/reoarZnbny5czsCMjXLz/g1338Kl+ZzNdvCgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwY4qkd731PcnupG8kybGdz+ruudbtBLqsuJEbeS97u50HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCDpvX8/540pw81V6WvJzmS5EKS73c7x+10o9sJdNmq5/+XxzyNIn3Nw56if3xifm6mPPzZXW7//KOPPyxfd1JPWUBZwy2DS7RqaL/XI9VegxOX3rn607d+Ups4XSV5enFyemKmyHdWAh8vPklqab6WLef7s6J1Ft/a8k/Klnaut6xlsqp3oqr3zPyqer+23t436z3y59+0b9uKlTSuLF0aK2tarL+2+O6Pr7y3KujRHEqeGUqGbq3pR+WrTU2H0r9RvcUXxS+LvfldLlTHv0yjaBTlIXq4av//Xb6ydGn4zbeWLrbJaV8OJrmYDGw+p4Nrj8Sy6qzr6S9rHamCym/7O5S3oYd69zYazRJH27ThkeqUGdxSG2rt21Dp8HNvtfF4m4wey7NbPtLPdqix5T+NpuZS8UXxj+Js/p5frBr/o6c8/keymd/OMqaKXHWmtG/zkZWWj63e8PrtkW1/K7kLfpUf5ts3j3/Pqut/61jtzPVoVY137feiaPZCLdX8/tt6pNbVp12WrTz3N6Pa5Pn/eXHtfh3yfLHDFWUr7exQUkvj4eZ0KP/ONeP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA974i6V1vfU9yJMm+JA+Xy7WksR319QwW21HMJu1as+baDtZ+7+i5OVfcyI28l71dTQcAAAAAAACAbXN64vOPPv6wfFX/j+/NN4pPk4Hmf/r7kuwrfts/PjE/N9OhoP7kQpLr5fzA1nIo98ueleXr5dKBrbcFANic/wUAAP//wc5tdw==")
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca}, 0x38)
syz_open_dev$loop(0x0, 0x6, 0x400)
open_tree(0xffffffffffffff9c, 0x0, 0x101)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000780)={"34f4c8cdd40c7e8da1dfb5a6b23d43094d0a56a08d68444cf9de5569d62c8d537b760706f633f0d4c235ea15a520b62bad08e174482eda03d7390eb336cf4f3d1478a4757eef283d2c52c56f324ecbd3f4545a3f921112c85dc9f5acb747ae6943c012b7b67e0792e1ca1f6fb95e0d47ae151b4ace71faa7bce1fb01158f362598fae789d5351cccf5a53cd847ac1fae09127010e469698575b8e68da02e2d3b3efd9a8d0a503bff090e706151b85874b74f99734150d293c872d32262646e3af78c678c499bc2a103c86ba755a6490a2e464f5a455cbef3e1c9699a1c1434c55739ce141441e595b6a31857b68e4d34f4e9d03c282256a7f1e3a233727c7e5193ffea75b68b4a002524e87d9d740b80722536ebb11683f0174228ee2f78dfa15451883b930cc4b4b15ee18324ee59f939c054cd7138fbf4e031f738cde3404eebaa80ea9b0b8541b3aca338302e04e2937481ef25d1b84816112dc30666e3c510ddc5eb912cdb0edba49cab644e3eeecbd316c0ffc6929033afeebb1b6e90407ac2d5b0b77d6bff87134f4a8b8cfd040748befa9d082f117a40f733868e79415308e40fc84db6b3b20b7d4f2fa5ffa4e61911443dd9c3f952f1751566b6eec1931f163ef67c2b1cae3b98c7780b52f5e071b4aaecf39ebf91311d9ae6719d333388bd03179a090fd5722deaa312320c04cfe4f8df19ea425d0a09d672f5a1c78515cf98fd0c0c4eec5f37fac00e6772ece8954576ff580959050febe1492441d815ec2975b9ae99d7ecd21d956d21ddf6ae990d858472aaa1e927e281fbdbf88db5870146219f1e4ae755d89dee65504a0e4a8188ed1375a298c8f22827fe39d75c4156fba35f5927ccb8df004a7030cf667e5254d679d5ed300d73d7f2a2b964d2d90cf4ef9a54c51ec594dcd19a3d495c361ddf9280433996c6851adac9127dabbe3deac5455c643faf2a8151616d95ad487620db16147da8b73596dd0e4364f9d0c7c3446ca5c372602e7373fd9dd6ae69e4aff123e8fea93cad56ae30eaf0c8fb89df09c09365ce0a6446061fa745a399a16c81207ec7bc00cd18d14e70099f5dee481b18f351cd6b5a8fcb6959171e8810e9cf9fd4c0c082995f2e495fff5374dfe139a15cd2c4ac65922b545288276f328533ac90624087ee31ca327916c4c2ad4f6b1a294dba41dd70ce30cfe15df2af239dc89002ed1ac7551c3ff8503583010dd2ed38998b16656634a8705e0d48f36d7f94779c50bae758e0ecc48158a2125f188a2a33ceb4326130ebdc7ab89f4b44efe37a86bd5692771c2086e8ca46d22964d334efddcef7b41fbd5d87ff9ae30fa30d5c6e9102b5916516724b5b99d9a3fceaf1b819531c84d4cbd9167bb9cf8d56d5a055b12d7b9d03b47860ab5f21621af1abfb4ef4c83954b33733aec398910f1b3ad35c0290f3c04772"})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x0, 0x6, 0x9, '\x00', 0x1001})
r4 = fsmount(r0, 0x0, 0x0)
syz_clone3(&(0x7f000000dd80)={0x200a00500, 0x0, 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
fcntl$notify(r5, 0x402, 0x8000000a)
madvise(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x65)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x15)
r6 = getpid()
fcntl$setownex(r5, 0xf, &(0x7f0000000140)={0x2, r6})
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7\x00', 0x4)

40.618851966s ago: executing program 0 (id=755):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@delchain={0x48, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0x15}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xffffffffffffffa1, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40044}, 0x4804)

39.794455611s ago: executing program 0 (id=757):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r4, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
pipe2(&(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000240)={{&(0x7f00003a2000/0x2000)=nil, 0x2000}, 0x2})
write$uinput_user_dev(r5, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x6, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)

39.424222s ago: executing program 34 (id=757):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r4, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
pipe2(&(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000240)={{&(0x7f00003a2000/0x2000)=nil, 0x2000}, 0x2})
write$uinput_user_dev(r5, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x6, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)

14.022243137s ago: executing program 2 (id=894):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cache=fscache'])
utime(&(0x7f0000000200)='./file0\x00', 0x0)

13.69818922s ago: executing program 2 (id=898):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000004680)={&(0x7f0000003600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x7, [@enum={0x4, 0x1, 0x0, 0x6, 0x4, [{0x5}]}]}, {0x0, [0x0, 0x5f, 0x61, 0x5f, 0x2e]}}, &(0x7f0000003680)=""/4096, 0x33, 0x1000, 0x1}, 0x28)

13.44055982s ago: executing program 2 (id=899):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
ioctl$EVIOCGVERSION(0xffffffffffffffff, 0x80044501, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r3, 0x0, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x2, @empty, 0x100}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000000100), 0x4)

12.047235371s ago: executing program 2 (id=905):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r0, 0x4)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)

11.756989662s ago: executing program 2 (id=908):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cache=fscache'])
utime(&(0x7f0000000200)='./file0\x00', 0x0)

11.595632374s ago: executing program 2 (id=911):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x42a00180, 0x0, 0x0, 0x0, 0x0, 0x0)

3.114661656s ago: executing program 6 (id=961):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001100)={{r0}, &(0x7f0000001080), &(0x7f00000001c0)=r1}, 0x20)
mkdir(&(0x7f0000000f00)='./file0\x00', 0x0)

2.066619168s ago: executing program 6 (id=965):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d58c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb6220030100dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000066d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c9727ec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f0dafc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa1c22015e53fd8a46be933ab460d8629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8f12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d61800aaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e3c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c59869c9200a1306ffa5a71ca69e89a69fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b2267bd8f803ea38f10a6e9c4a49bf23525e08c12d229211fe4d88cf1440f29accfa50f327ac1fb20d7f164100111bd21fca713b2475f1c997f3000000000080c426bcec79c6bc83ce4e6cbb17c01be69db342192d0a716cc24710d23321441f475ec485d642b61c6bd907071dbbe37c0b78f60fd2ad0d13ca62d9d9aafb01c3920b64cb5e023810e2de4327f90c389ce36d90ff9f3cb9d8cd2260d05a8126943a3df17157470595c68ac8df7fea6d42ecb2cdb65b4f2aef0dc4b2de949a6d4ec37f2fd693ae44944041a64fe6336aba1c66b1b95d2edbc40364a049616ae962d75eae619548aa86bd5f0bad56e7ad7de2ee5e6f3b42e3a27094b6b5face99456d9af1926b21d37faf7612d9752cf58e6424decd530b5419e117ec086174439af6ee6c7fdb2d19c9280fa9a02e8fa6a38acfff09050d912635fed175fd06f577d40000000000000000000000000000754bffd73c0888ba8834f20b3acea57b7817663e12c1a5503bc4c13af59bda21688d68698c53ce3aa767657774db09ece7ec888d3af290207d36fa433b35e17dc0f3dc728ea1c633a4ef9e7d9bf81b57492e0544800921d1b751c5fbc163"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x55, 0x0, 0xffffffffffffffff, 0x3}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff43052f002000636777fbac141443e000000d62079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
socketpair(0x11, 0x8000a, 0x300, &(0x7f0000000000))
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)

1.870501803s ago: executing program 5 (id=969):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='mm_lru_insertion\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r2, &(0x7f0000000200), 0x43451)

1.833701596s ago: executing program 7 (id=970):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
mount$9p_fd(0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cache=fscache'])
utime(&(0x7f0000000200)='./file0\x00', 0x0)

1.721134125s ago: executing program 7 (id=971):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)

1.674594179s ago: executing program 4 (id=972):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)

1.652029961s ago: executing program 6 (id=973):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
ioctl$EVIOCGVERSION(0xffffffffffffffff, 0x80044501, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x2, @empty, 0x100}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, 0x0, 0x0)

1.609904144s ago: executing program 5 (id=974):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r4, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
pipe2(&(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000240)={{&(0x7f00003a2000/0x2000)=nil, 0x2000}, 0x2})
write$uinput_user_dev(r5, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x6, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)

1.486610663s ago: executing program 4 (id=975):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.311421467s ago: executing program 7 (id=976):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)

881.032691ms ago: executing program 7 (id=977):
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast})

659.440868ms ago: executing program 6 (id=978):
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

659.184808ms ago: executing program 5 (id=979):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x4c00, 0x0}, 0x0)

446.549125ms ago: executing program 6 (id=980):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110c23003f)
write$cgroup_int(r2, &(0x7f00000002c0)=0x9, 0x12)

446.303565ms ago: executing program 4 (id=981):
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cache=fscache'])
utime(&(0x7f0000000200)='./file0\x00', 0x0)

440.331525ms ago: executing program 5 (id=982):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000060000000600000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)

343.813593ms ago: executing program 4 (id=983):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

334.485384ms ago: executing program 5 (id=984):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000030000001800000000000000000000000000000095000000000000009500000000000000d5b2307878b6a5229917ebb4029a0bea3522c1f874a88524b8256e9616dc84ef9f539900f13815da3cbc479df45e1acd7454a155dd43645345f9a4cddab3d6d9d40e13de56bf656d77b7451f09e02bcb6cf96a4c0fce8ff74fe80460b51e50b4d8105ae605917a45734dbd377e5f99ad246b74853c2ec4862629a63ca0445673c32ad594e33b56f0d0fc6e3a6c84dcd0b6a6746ccfe43cab05ecc5c02583d24d43d968d74062c0f54d148107a22b928921fd"], &(0x7f0000000000)='GPL\x00'}, 0x1a)

194.020784ms ago: executing program 4 (id=985):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xd, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8001}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

158.460298ms ago: executing program 5 (id=986):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, 0x0, &(0x7f0000000b00)=""/151}, 0x20)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

158.240897ms ago: executing program 7 (id=987):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x3, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x3}]}, @ptr, @restrict={0x1, 0x0, 0x0, 0x4}]}, {0x0, [0x2e]}}, 0x0, 0x4b}, 0x28)

58.537325ms ago: executing program 6 (id=988):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
close(r2)
close(r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)

58.184855ms ago: executing program 4 (id=989):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='timer_start\x00', r2}, 0x18)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000180))

0s ago: executing program 7 (id=990):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f00000003c0), &(0x7f00000004c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r2}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x98}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

kernel console output (not intermixed with test programs):

3][ T4548] EXT4-fs error (device loop4): ext4_free_blocks:6223: comm syz.4.78: Freeing blocks not in datazone - block = 0, count = 4096
[   92.557158][ T4548] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.78: Invalid inode bitmap blk 0 in block_group 0
[   92.572701][ T4548] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem
[   92.581146][ T4520] Quota error (device loop4): remove_tree: Getting block too big (0 >= 9)
[   92.581588][ T4548] EXT4-fs (loop4): 1 orphan inode deleted
[   92.595962][ T4548] EXT4-fs (loop4): mounted filesystem without journal. Opts: €�; max_batch_time=0x0000000000000006,i_version,,errors=continue. Quota mode: writeback.
[   92.616719][ T4520] EXT4-fs error (device loop4): ext4_release_dquot:6243: comm kworker/u4:12: Failed to release dquot type 0
[   92.634794][ T4548] device lo entered promiscuous mode
[   92.641108][ T4548] device tunl0 entered promiscuous mode
[   92.647768][ T4548] device gre0 entered promiscuous mode
[   92.655350][ T4548] device gretap0 entered promiscuous mode
[   92.661898][ T4548] device erspan0 entered promiscuous mode
[   92.668473][ T4548] device ip_vti0 entered promiscuous mode
[   92.676440][ T4548] device ip6_vti0 entered promiscuous mode
[   92.683438][ T4548] device sit0 entered promiscuous mode
[   92.690148][ T4548] device ip6tnl0 entered promiscuous mode
[   92.697091][ T4548] device ip6gre0 entered promiscuous mode
[   92.704126][ T4548] device syz_tun entered promiscuous mode
[   92.710998][ T4548] device ip6gretap0 entered promiscuous mode
[   92.717993][ T4548] device bridge0 entered promiscuous mode
[   92.724550][ T4548] device vcan0 entered promiscuous mode
[   92.730351][ T4548] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   92.738143][ T4548] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   92.745576][ T4548] device bond0 entered promiscuous mode
[   92.751392][ T4548] device bond_slave_0 entered promiscuous mode
[   92.757765][ T4548] device bond_slave_1 entered promiscuous mode
[   92.765259][ T4548] device team0 entered promiscuous mode
[   92.770988][ T4548] device team_slave_0 entered promiscuous mode
[   92.778417][ T4548] device team_slave_1 entered promiscuous mode
[   92.785998][ T4548] device dummy0 entered promiscuous mode
[   92.792748][ T4548] device nlmon0 entered promiscuous mode
[   92.804276][ T4548] device caif0 entered promiscuous mode
[   92.810144][ T4548] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   92.952209][ T4552] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   92.968597][ T4552] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   94.142897][ T4566] 9pnet: Insufficient options for proto=fd
[   94.273675][ T4571] loop2: detected capacity change from 0 to 512
[   94.383180][ T4579] loop0: detected capacity change from 0 to 1024
[   95.167793][ T4571] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000008,min_batch_time=0x0000000000000000,,errors=continue. Quota mode: writeback.
[   95.186783][ T4579] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,noquota,,errors=continue. Quota mode: none.
[   95.200956][ T4579] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.202728][ T4571] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.264889][ T4586] loop1: detected capacity change from 0 to 512
[   95.411795][ T4586] EXT4-fs (loop1): orphan cleanup on readonly fs
[   95.512569][ T4586] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.90: bg 0: block 248: padding at end of block bitmap is not set
[   95.590927][ T4586] Quota error (device loop1): write_blk: dquota write failed
[   95.603386][ T4586] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   95.633347][ T4586] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.90: Failed to acquire dquot type 1
[   95.927625][ T4586] EXT4-fs (loop1): 1 truncate cleaned up
[   96.008224][ T4601] input: syz1 as /devices/virtual/input/input9
[   96.152158][ T4586] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   96.246673][ T4602] loop0: detected capacity change from 0 to 1024
[   96.429249][ T4602] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz.0.92: Invalid block bitmap block 0 in block_group 0
[   96.448448][ T4602] Quota error (device loop0): write_blk: dquota write failed
[   96.456214][ T4602] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   96.468649][ T4602] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.92: Failed to acquire dquot type 0
[   96.496556][ T4602] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.92: Freeing blocks not in datazone - block = 0, count = 4096
[   96.656408][ T4602] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.92: Invalid inode bitmap blk 0 in block_group 0
[   96.670721][ T4602] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem
[   96.679620][ T4602] EXT4-fs (loop0): 1 orphan inode deleted
[   96.685471][ T4602] EXT4-fs (loop0): mounted filesystem without journal. Opts: €�; max_batch_time=0x0000000000000006,i_version,,errors=continue. Quota mode: writeback.
[   96.708547][  T154] Quota error (device loop0): remove_tree: Getting block too big (0 >= 9)
[   96.727647][  T154] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:2: Failed to release dquot type 0
[   96.766665][ T4586] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   96.779581][ T4602] device lo entered promiscuous mode
[   96.785746][ T4602] device tunl0 entered promiscuous mode
[   96.792372][ T4602] device gre0 entered promiscuous mode
[   96.799181][ T4602] device gretap0 entered promiscuous mode
[   96.805629][ T4602] device erspan0 entered promiscuous mode
[   96.812069][ T4602] device ip_vti0 entered promiscuous mode
[   96.818910][ T4602] device ip6_vti0 entered promiscuous mode
[   96.826026][ T4602] device sit0 entered promiscuous mode
[   96.833271][ T4602] device ip6tnl0 entered promiscuous mode
[   96.840194][ T4602] device ip6gre0 entered promiscuous mode
[   96.847796][ T4602] device syz_tun entered promiscuous mode
[   96.854177][ T4602] device ip6gretap0 entered promiscuous mode
[   96.860961][ T4602] device bridge0 entered promiscuous mode
[   96.868161][ T4602] device vcan0 entered promiscuous mode
[   96.873878][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   96.881620][ T4602] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   96.893894][ T4602] device bond0 entered promiscuous mode
[   96.899577][ T4602] device bond_slave_0 entered promiscuous mode
[   96.906778][ T4602] device bond_slave_1 entered promiscuous mode
[   96.914540][ T4602] device team0 entered promiscuous mode
[   96.920222][ T4602] device team_slave_0 entered promiscuous mode
[   96.926639][ T4602] device team_slave_1 entered promiscuous mode
[   96.928300][ T4586] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 0
[   96.934196][ T4602] device dummy0 entered promiscuous mode
[   96.950044][ T4602] device nlmon0 entered promiscuous mode
[   96.958213][ T4602] device caif0 entered promiscuous mode
[   96.963842][ T4602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   98.184016][ T4616] loop0: detected capacity change from 0 to 1764
[   98.311315][ T4623] 9pnet: Insufficient options for proto=fd
[   98.567811][ T4630] loop1: detected capacity change from 0 to 128
[   99.015752][ T4630] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   99.426582][ T4638] input: syz1 as /devices/virtual/input/input10
[   99.887663][ T4630] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  100.276376][ T4651] loop2: detected capacity change from 0 to 128
[  101.393240][ T4651] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none.
[  101.439782][ T4667] 9pnet: Insufficient options for proto=fd
[  101.479083][ T4651] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  101.504740][ T4669] loop1: detected capacity change from 0 to 1024
[  101.706266][ T4669] EXT4-fs (loop1): Ignoring removed orlov option
[  101.753059][ T4669] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  102.773636][ T4680] input: syz1 as /devices/virtual/input/input11
[  103.141968][ T4678] loop0: detected capacity change from 0 to 512
[  103.305138][ T4669] EXT4-fs (loop1): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,mblk_io_submit,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  103.369705][ T4678] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  103.440471][ T4689] loop2: detected capacity change from 0 to 2048
[  103.505954][ T4678] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  103.600072][ T4689]  loop2: p1 < > p3
[  103.658685][ T4689] loop2: p3 size 134217728 extends beyond EOD, truncated
[  103.719543][ T4678] EXT4-fs (loop0): 1 orphan inode deleted
[  103.771175][ T4678] EXT4-fs (loop0): 1 truncate cleaned up
[  103.871961][ T4678] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback.
[  104.000612][ T4678] EXT4-fs error (device loop0): ext4_lookup:1858: inode #15: comm syz.0.118: iget: bad extra_isize 46 (inode size 256)
[  104.739835][ T4678] EXT4-fs (loop0): Remounting filesystem read-only
[  105.906735][ T4715] 9pnet: Insufficient options for proto=fd
[  106.067189][ T4592] udevd[4592]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  106.082664][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  106.133545][ T4722] loop1: detected capacity change from 0 to 1024
[  106.171721][ T4722] EXT4-fs (loop1): Ignoring removed bh option
[  106.302899][ T2286] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  106.385951][ T4731] loop0: detected capacity change from 0 to 512
[  106.402966][ T4731] EXT4-fs (loop0): inline encryption not supported
[  106.409693][ T4722] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x000000000000000a,data_err=ignore,grpquota,abort,user_xattr,bh,errors=remount-ro,. Quota mode: writeback.
[  106.420735][ T4731] EXT4-fs (loop0): Ignoring removed nobh option
[  106.510008][ T4733] input: syz1 as /devices/virtual/input/input12
[  106.667200][ T4731] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  106.890602][ T4731] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[  107.240237][ T4731] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.133: Corrupt directory, running e2fsck is recommended
[  107.283939][ T4731] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  107.307931][ T4731] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2228: inode #15: comm syz.0.133: corrupted in-inode xattr
[  107.350549][ T4731] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.133: couldn't read orphan inode 15 (err -117)
[  107.420249][ T2286] usb 5-1: config 0 interface 0 altsetting 73 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.443339][ T4731] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,inlinecrypt,jqfmt=vfsold,auto_da_alloc,grpjquota=.journal_checksum,barrier=0x0000000000000007,nobh,grpid,,,errors=continue. Quota mode: writeback.
[  107.461957][ T2286] usb 5-1: config 0 interface 0 has no altsetting 0
[  107.510463][ T2286] usb 5-1: New USB device found, idVendor=05ac, idProduct=027e, bcdDevice= 0.00
[  107.529923][ T2286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.565891][ T4731] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  107.670764][ T4731] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[  107.760643][ T2286] usb 5-1: config 0 descriptor??
[  107.780311][ T4731] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.133: Corrupt directory, running e2fsck is recommended
[  107.805163][ T4744] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  107.866443][ T4744] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[  108.184058][ T4744] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.133: Corrupt directory, running e2fsck is recommended
[  108.555113][ T2286] hid-generic 0003:05AC:027E.0001: hidraw0: USB HID v0.00 Device [HID 05ac:027e] on usb-dummy_hcd.4-1/input0
[  108.577498][ T4731] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  108.617760][ T4731] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[  108.628289][ T4731] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.133: Corrupt directory, running e2fsck is recommended
[  108.669518][ T4744] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  108.671670][ T2286] usb 5-1: USB disconnect, device number 2
[  108.929385][ T4291] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  109.189306][ T4291] usb 4-1: Using ep0 maxpacket: 32
[  109.311921][ T4291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.672502][ T4291] usb 4-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.00
[  109.774062][ T4291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.963293][ T4750] fido_id[4750]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  110.017715][ T4291] usb 4-1: config 0 descriptor??
[  110.578520][ T4762] netlink: 48 bytes leftover after parsing attributes in process `syz.1.140'.
[  111.008370][ T4291] usbhid 4-1:0.0: can't add hid device: -71
[  111.014589][ T4291] usbhid: probe of 4-1:0.0 failed with error -71
[  111.155895][ T4291] usb 4-1: USB disconnect, device number 2
[  114.976270][ T1108] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  115.242210][ T4798] loop3: detected capacity change from 0 to 128
[  115.372537][ T4800] netlink: 48 bytes leftover after parsing attributes in process `syz.2.153'.
[  115.437879][ T1108] usb 1-1: not running at top speed; connect to a high speed hub
[  115.627406][ T1108] usb 1-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  116.045946][ T1108] usb 1-1: config 1 interface 0 has no altsetting 0
[  116.235750][ T1108] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40
[  116.255154][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.310913][ T1108] usb 1-1: Product: syz
[  116.324719][ T1108] usb 1-1: Manufacturer: syz
[  116.345543][ T1108] usb 1-1: SerialNumber: syz
[  117.095865][ T1108] usbhid 1-1:1.0: can't add hid device: -71
[  117.312217][ T1108] usbhid: probe of 1-1:1.0 failed with error -71
[  117.541733][ T1108] usb 1-1: USB disconnect, device number 2
[  118.418118][ T4831] loop1: detected capacity change from 0 to 512
[  118.771522][ T4831] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.164: casefold flag without casefold feature
[  118.787467][ T4831] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.164: couldn't read orphan inode 15 (err -117)
[  118.803245][ T4831] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback.
[  119.458871][ T4840] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  119.764285][ T4849] netlink: 48 bytes leftover after parsing attributes in process `syz.4.166'.
[  120.757912][ T4859] loop0: detected capacity change from 0 to 1024
[  122.472376][    C1] sched: RT throttling activated
[  122.553200][ T4859] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz.0.171: Invalid block bitmap block 0 in block_group 0
[  122.572130][ T4859] Quota error (device loop0): write_blk: dquota write failed
[  122.579719][ T4859] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  122.589770][ T4859] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.171: Failed to acquire dquot type 0
[  122.633932][ T4859] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.171: Freeing blocks not in datazone - block = 0, count = 4096
[  122.648731][ T4859] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.171: Invalid inode bitmap blk 0 in block_group 0
[  122.666274][ T4859] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem
[  122.676188][    T9] Quota error (device loop0): remove_tree: Getting block too big (0 >= 9)
[  122.685399][ T4859] EXT4-fs (loop0): 1 orphan inode deleted
[  122.691241][ T4859] EXT4-fs (loop0): mounted filesystem without journal. Opts: €�; max_batch_time=0x0000000000000006,i_version,,errors=continue. Quota mode: writeback.
[  122.716640][ T4859] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  122.765466][    T9] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:0: Failed to release dquot type 0
[  122.947374][ T4859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  125.737913][ T4883] loop1: detected capacity change from 0 to 512
[  125.814055][ T4881] loop3: detected capacity change from 0 to 512
[  128.263703][ T4883] EXT4-fs: failed to create workqueue
[  128.269155][ T4883] EXT4-fs (loop1): mount failed
[  129.465822][ T4905] loop2: detected capacity change from 0 to 1024
[  129.857682][ T4905] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  130.010042][ T4905] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  130.920643][ T4918] loop3: detected capacity change from 0 to 128
[  131.426126][ T4925] input: syz1 as /devices/virtual/input/input13
[  132.712180][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  132.718738][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  133.571843][ T4947] loop4: detected capacity change from 0 to 512
[  133.600286][ T4949] loop0: detected capacity change from 0 to 1024
[  133.748989][ T4949] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  133.764441][ T4949] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  133.800737][ T4949] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #15: comm syz.0.195: lblock 0 mapped to illegal pblock 0 (length 1)
[  134.067855][ T4352] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #15: comm kworker/u4:8: lblock 0 mapped to illegal pblock 0 (length 1)
[  134.257442][ T4352] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  134.600743][ T4352] EXT4-fs (loop0): This should not happen!! Data will be lost
[  134.600743][ T4352] 
[  135.327900][ T4976] input: syz1 as /devices/virtual/input/input14
[  137.717018][ T5003] loop4: detected capacity change from 0 to 1024
[  137.755433][ T5003] EXT4-fs (loop4): Unrecognized mount option "defcontext=unconfined_u" or missing value
[  138.325819][ T5016] input: syz1 as /devices/virtual/input/input15
[  139.276471][ T5022] loop0: detected capacity change from 0 to 256
[  139.285357][ T5020] loop2: detected capacity change from 0 to 128
[  139.813940][ T5022] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  140.006493][ T5022] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  140.335446][ T5022] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  140.398094][ T5030] loop2: detected capacity change from 0 to 256
[  140.447595][   T26] audit: type=1800 audit(1754545818.490:8): pid=5022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.219" name="file1" dev="loop0" ino=1048596 res=0 errno=0
[  140.533773][ T5030] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  141.040485][ T5038] loop1: detected capacity change from 0 to 512
[  141.173216][ T5038] EXT4-fs (loop1): Ignoring removed nobh option
[  141.413918][ T5038] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.225: corrupted inode contents
[  141.429838][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.436993][ T5038] EXT4-fs error (device loop1): ext4_dirty_inode:6040: inode #16: comm syz.1.225: mark_inode_dirty error
[  141.453184][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.466585][ T5038] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.225: corrupted inode contents
[  141.635247][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.644493][ T5038] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #16: comm syz.1.225: mark_inode_dirty error
[  141.733361][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.739991][ T5038] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.225: corrupted inode contents
[  141.799717][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.823619][ T5038] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  141.855268][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.881781][ T5038] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.225: corrupted inode contents
[  141.925910][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  141.961136][ T5038] EXT4-fs error (device loop1): ext4_truncate:4273: inode #16: comm syz.1.225: mark_inode_dirty error
[  141.989933][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  142.015557][ T5038] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  142.052018][ T5062] netlink: 48 bytes leftover after parsing attributes in process `syz.2.231'.
[  142.068820][ T5062] bridge0: port 3(syz_tun) entered blocking state
[  142.075553][ T5062] bridge0: port 3(syz_tun) entered disabled state
[  142.089634][ T5062] device syz_tun entered promiscuous mode
[  142.097783][ T5062] bridge0: port 3(syz_tun) entered blocking state
[  142.104299][ T5062] bridge0: port 3(syz_tun) entered forwarding state
[  142.129966][ T5062] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  142.734648][ T5038] EXT4-fs (loop1): Remounting filesystem read-only
[  142.753028][ T5038] EXT4-fs (loop1): 1 truncate cleaned up
[  142.780517][ T5038] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nobh,. Quota mode: writeback.
[  142.813066][ T5038] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.928744][ T5069] binfmt_misc: register: failed to install interpreter file ./file0
[  143.113673][ T5077] tmpfs: Bad value for 'nr_inodes'
[  143.169763][ T5080] loop3: detected capacity change from 0 to 128
[  143.208089][ T5081] netlink: 12 bytes leftover after parsing attributes in process `syz.4.238'.
[  143.220868][ T5083] loop2: detected capacity change from 0 to 256
[  143.348316][ T5086] netlink: 28 bytes leftover after parsing attributes in process `syz.4.238'.
[  143.452760][ T5086] 8021q: adding VLAN 0 to HW filter on device bond1
[  143.515981][ T5083] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  143.566972][ T5090] loop3: detected capacity change from 0 to 164
[  143.578233][ T5089] loop1: detected capacity change from 0 to 256
[  143.701089][ T5089] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  143.714914][ T5090] Unable to read rock-ridge attributes
[  143.738683][ T5089] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  143.772752][ T5090] Unable to read rock-ridge attributes
[  143.792388][ T5089] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  143.907239][   T26] audit: type=1800 audit(1754545821.951:9): pid=5089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.240" name="file1" dev="loop1" ino=1048608 res=0 errno=0
[  144.633401][ T5097] loop3: detected capacity change from 0 to 512
[  144.956368][ T5104] loop4: detected capacity change from 0 to 512
[  144.960315][ T5097] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.245: iget: bad i_size value: 38620345925642
[  144.991851][ T5097] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.245: couldn't read orphan inode 15 (err -117)
[  145.054278][ T5097] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  145.079861][ T5097] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.245: bg 0: block 5: invalid block bitmap
[  145.287976][ T5104] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback.
[  145.321156][ T5104] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  145.439367][ T5104] EXT4-fs error (device loop4): ext4_lookup:1858: inode #12: comm syz.4.247: iget: bad i_size value: 2533274857506816
[  145.750155][ T5117] loop4: detected capacity change from 0 to 1024
[  145.834527][ T5117] EXT4-fs (loop4): Ignoring removed orlov option
[  145.886130][ T5119] netlink: 24 bytes leftover after parsing attributes in process `syz.2.252'.
[  145.926126][ T5117] EXT4-fs (loop4): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  145.989224][ T5119] netlink: 12 bytes leftover after parsing attributes in process `syz.2.252'.
[  146.347946][ T5129] loop0: detected capacity change from 0 to 256
[  146.413989][ T5129] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  146.460776][ T5129] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  146.491773][ T5139] loop2: detected capacity change from 0 to 136
[  146.538030][ T5129] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  146.593553][ T5135] loop3: detected capacity change from 0 to 8192
[  146.618498][   T26] audit: type=1800 audit(1754545824.663:10): pid=5129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.258" name="file1" dev="loop0" ino=1048613 res=0 errno=0
[  146.680621][ T5142] loop4: detected capacity change from 0 to 256
[  146.793106][ T5139] iso9660: Corrupted directory entry in block 2 of inode 1472
[  146.833842][ T5142] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  148.213789][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  148.317734][ T5155] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  148.681647][ T5165] netlink: 24 bytes leftover after parsing attributes in process `syz.0.268'.
[  148.746267][ T5168] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'.
[  149.149412][ T5179] input: syz1 as /devices/virtual/input/input16
[  150.387495][ T5188] loop1: detected capacity change from 0 to 1024
[  150.402536][ T5189] netlink: 24 bytes leftover after parsing attributes in process `syz.3.274'.
[  150.490322][ T5188] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  150.504182][ T5193] loop4: detected capacity change from 0 to 512
[  150.584082][ T5188] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.668611][ T5193] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  150.671348][   T26] audit: type=1800 audit(1754545828.725:11): pid=5188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.276" name="file1" dev="loop1" ino=15 res=0 errno=0
[  150.677751][ T5193] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  150.776483][ T5193] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  150.820837][ T5193] System zones: 0-2, 18-18, 34-35
[  150.827598][ T5193] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  150.843902][ T5200] loop3: detected capacity change from 0 to 256
[  150.855183][   T26] audit: type=1800 audit(1754545828.905:12): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.277" name="file1" dev="loop4" ino=15 res=0 errno=0
[  150.982031][ T5202] loop1: detected capacity change from 0 to 512
[  150.996014][ T5200] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  151.071539][ T5202] EXT4-fs (loop1): 1 truncate cleaned up
[  151.077250][ T5202] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  151.216053][ T5205] netlink: 24 bytes leftover after parsing attributes in process `syz.4.281'.
[  151.831740][ T5206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.281'.
[  151.870136][ T5212] loop2: detected capacity change from 0 to 1024
[  152.248628][ T5220] input: syz1 as /devices/virtual/input/input17
[  153.713510][ T5222] input: syz1 as /devices/virtual/input/input18
[  153.929291][ T5212] EXT4-fs (loop2): Ignoring removed bh option
[  154.165482][ T5212] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000000,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none.
[  154.261253][ T5226] loop0: detected capacity change from 0 to 256
[  154.467074][ T5212] EXT4-fs error (device loop2): ext4_check_all_de:667: inode #12: block 7: comm syz.2.284: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0
[  154.498633][ T5212] EXT4-fs (loop2): Remounting filesystem read-only
[  154.706961][ T5239] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  154.960914][ T5243] input: syz1 as /devices/virtual/input/input19
[  156.671051][ T5264] input: syz1 as /devices/virtual/input/input20
[  157.405091][ T5265] netlink: 48 bytes leftover after parsing attributes in process `syz.0.301'.
[  157.704994][ T5265] bridge0: port 3(syz_tun) entered blocking state
[  157.711593][ T5265] bridge0: port 3(syz_tun) entered disabled state
[  157.719709][ T5265] bridge0: port 3(syz_tun) entered blocking state
[  157.726316][ T5265] bridge0: port 3(syz_tun) entered forwarding state
[  157.824851][ T5265] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  159.085993][ T5269] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  159.135643][ T5269] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  159.205080][ T5273] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  159.241923][ T5271] loop4: detected capacity change from 0 to 8192
[  159.449017][ T5271] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  159.650727][ T5282] input: syz1 as /devices/virtual/input/input21
[  160.379845][ T5288] loop1: detected capacity change from 0 to 128
[  160.809810][ T5296] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  160.829512][ T5296] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  160.992940][ T5300] input: syz1 as /devices/virtual/input/input22
[  161.836486][ T5314] loop2: detected capacity change from 0 to 164
[  163.453171][ T5314] Unable to read rock-ridge attributes
[  165.851654][ T5347] input: syz1 as /devices/virtual/input/input23
[  166.572514][ T5358] loop3: detected capacity change from 0 to 2048
[  166.580228][ T5359] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  166.684196][ T5359] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  167.886867][ T5358] EXT4-fs (loop3): Ignoring removed bh option
[  168.135227][ T5371] serio: Serial port pts0
[  168.477829][ T5358] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  168.969658][ T5358] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  169.011291][ T5358] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[  169.109141][ T5358] EXT4-fs (loop3): This should not happen!! Data will be lost
[  169.109141][ T5358] 
[  169.118851][ T5358] EXT4-fs (loop3): Total free blocks count 0
[  169.176924][ T5358] EXT4-fs (loop3): Free/Dirty block details
[  169.219179][ T5358] EXT4-fs (loop3): free_blocks=2415919104
[  169.234182][ T5358] EXT4-fs (loop3): dirty_blocks=16
[  169.258387][ T5358] EXT4-fs (loop3): Block reservation details
[  169.594263][ T5358] EXT4-fs (loop3): i_reserved_data_blocks=1
[  169.973904][ T5397] 9pnet: Insufficient options for proto=fd
[  169.992956][ T5389] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[  170.108986][ T5389] EXT4-fs (loop3): This should not happen!! Data will be lost
[  170.108986][ T5389] 
[  170.270252][ T5406] loop1: detected capacity change from 0 to 512
[  170.399989][ T5408] input: syz1 as /devices/virtual/input/input24
[  170.442790][ T5406] EXT4-fs (loop1): Ignoring removed nobh option
[  170.578085][ T5406] EXT4-fs (loop1): Test dummy encryption mode enabled
[  170.833195][ T5406] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  171.146018][ T5406] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.343: iget: bad i_size value: 38620345925642
[  171.260962][ T5406] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.343: couldn't read orphan inode 15 (err -117)
[  171.284741][ T5416] 9pnet: Insufficient options for proto=fd
[  172.234583][ T5422] input: syz1 as /devices/virtual/input/input25
[  172.630746][ T5406] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,debug_want_extra_isize=0x0000000000000004,data_err=ignore,nojournal_checksum,dioread_nolock,test_dummy_encryption=v1,,errors=continue. Quota mode: writeback.
[  172.710778][ T5426] loop3: detected capacity change from 0 to 512
[  172.812493][ T5406] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.343: iget: bad i_size value: 38620345925642
[  172.837325][ T5426] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  172.947515][ T5426] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  172.968599][ T5426] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  173.049132][ T5426] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3876: comm syz.3.349: Allocating blocks 41-42 which overlap fs metadata
[  173.122286][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  173.152352][ T5426] Quota error (device loop3): write_blk: dquota write failed
[  173.240068][ T5426] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5
[  173.272531][ T5426] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  173.275626][ T5429] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  173.296520][ T5429] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  173.316536][ T5426] EXT4-fs error (device loop3): ext4_acquire_dquot:6207: comm syz.3.349: Failed to acquire dquot type 1
[  173.372956][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  173.397658][ T5426] EXT4-fs error (device loop3): mb_free_blocks:1865: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  173.472579][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  173.541749][ T5426] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #12: comm syz.3.349: corrupted inode contents
[  173.598121][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  173.604705][ T5426] EXT4-fs error (device loop3): ext4_dirty_inode:6040: inode #12: comm syz.3.349: mark_inode_dirty error
[  173.997669][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.124464][ T5426] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #12: comm syz.3.349: corrupted inode contents
[  174.376712][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.383290][ T5426] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #12: comm syz.3.349: mark_inode_dirty error
[  174.448768][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.482687][ T5426] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #12: comm syz.3.349: corrupted inode contents
[  174.565372][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.575188][ T5426] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  174.593455][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.600320][ T5426] EXT4-fs error (device loop3): ext4_do_update_inode:5204: inode #12: comm syz.3.349: corrupted inode contents
[  174.621766][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.633514][ T5426] EXT4-fs error (device loop3): ext4_truncate:4273: inode #12: comm syz.3.349: mark_inode_dirty error
[  174.674810][ T5452] 9pnet: Insufficient options for proto=fd
[  174.703633][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.712979][ T5426] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  174.722725][ T5426] EXT4-fs (loop3): Remounting filesystem read-only
[  174.730017][ T5426] EXT4-fs (loop3): 1 truncate cleaned up
[  174.735800][ T5426] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000800000,noblock_validity,jqfmt=vfsold,nodelalloc,errors=remount-ro,nomblk_io_submit,usrjquota=,mb_optimize_scan=0x0000000000000001,resgid=0x00000000000000002. Quota mode: writeback.
[  175.137304][ T5465] input: syz1 as /devices/virtual/input/input26
[  176.320359][ T5480] loop3: detected capacity change from 0 to 512
[  177.065068][ T5487] team0: Port device bridge1 added
[  178.167999][ T5494] loop3: detected capacity change from 0 to 8192
[  178.668437][ T5503] input: syz1 as /devices/virtual/input/input27
[  178.946508][ T5505] netlink: 48 bytes leftover after parsing attributes in process `syz.0.374'.
[  178.958512][ T5505] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  179.805205][ T5516] loop2: detected capacity change from 0 to 512
[  179.969793][ T5516] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  180.078682][ T5516] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  180.094885][ T5516] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[  180.104842][ T5516] EXT4-fs (loop2): orphan cleanup on readonly fs
[  180.111344][ T5516] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0
[  180.303275][ T5516] EXT4-fs warning (device loop2): ext4_enable_quotas:6459: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  180.462192][ T5516] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  180.600442][ T5516] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.379: bg 0: block 40: padding at end of block bitmap is not set
[  180.874539][ T5516] EXT4-fs (loop2): Remounting filesystem read-only
[  180.921399][ T5516] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  180.931884][ T5516] EXT4-fs (loop2): Remounting filesystem read-only
[  180.942543][ T5516] EXT4-fs (loop2): 1 truncate cleaned up
[  180.948790][ T5516] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,noload,noblock_validity,dioread_lock,nouid32,nomblk_io_submit,. Quota mode: writeback.
[  181.904331][ T5548] netlink: 48 bytes leftover after parsing attributes in process `syz.2.390'.
[  181.914789][ T5548] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  182.629095][ T5550] loop4: detected capacity change from 0 to 512
[  182.746879][ T5550] EXT4-fs (loop4): Ignoring removed nobh option
[  182.831479][ T5550] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #3: comm syz.4.391: corrupted inode contents
[  182.874984][ T5550] EXT4-fs error (device loop4): ext4_dirty_inode:6040: inode #3: comm syz.4.391: mark_inode_dirty error
[  182.943754][ T5550] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #3: comm syz.4.391: corrupted inode contents
[  183.006683][ T5550] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz.4.391: mark_inode_dirty error
[  183.072376][ T5550] Quota error (device loop4): write_blk: dquota write failed
[  183.080156][ T5550] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  183.116536][ T5550] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.391: Failed to acquire dquot type 0
[  183.165350][ T5550] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.391: corrupted inode contents
[  183.203185][ T5550] EXT4-fs error (device loop4): ext4_dirty_inode:6040: inode #16: comm syz.4.391: mark_inode_dirty error
[  183.258311][ T5550] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.391: corrupted inode contents
[  183.333410][ T5550] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.391: mark_inode_dirty error
[  183.398428][ T5550] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.391: corrupted inode contents
[  183.454178][ T5550] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  183.499831][ T5550] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.391: corrupted inode contents
[  183.618370][ T5550] EXT4-fs error (device loop4): ext4_truncate:4273: inode #16: comm syz.4.391: mark_inode_dirty error
[  183.693471][ T5550] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  183.759082][ T5550] EXT4-fs (loop4): 1 truncate cleaned up
[  184.523559][ T5550] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,nobh,,errors=continue. Quota mode: writeback.
[  184.581543][ T5550] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.159338][   T26] audit: type=1326 audit(1754545864.222:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.267149][   T26] audit: type=1326 audit(1754545864.222:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.440751][   T26] audit: type=1326 audit(1754545864.222:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.493030][   T26] audit: type=1326 audit(1754545864.222:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.515584][   T26] audit: type=1326 audit(1754545864.222:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.540914][   T26] audit: type=1326 audit(1754545864.222:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.563364][   T26] audit: type=1326 audit(1754545864.222:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.586964][   T26] audit: type=1326 audit(1754545864.222:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.601064][ T4291] Bluetooth: hci0: command 0x0406 tx timeout
[  186.611426][   T26] audit: type=1326 audit(1754545864.222:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.638586][   T26] audit: type=1326 audit(1754545864.222:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5599 comm="syz.4.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  186.664475][ T4291] Bluetooth: hci3: command 0x0406 tx timeout
[  186.692114][ T4291] Bluetooth: hci1: command 0x0406 tx timeout
[  186.722087][ T4291] Bluetooth: hci4: command 0x0406 tx timeout
[  186.748556][ T4291] Bluetooth: hci2: command 0x0406 tx timeout
[  186.973669][ T5593] netlink: 48 bytes leftover after parsing attributes in process `syz.1.403'.
[  186.999936][ T5593] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  188.310187][ T5634] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  189.152035][ T5638] syz.0.419[5638] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  189.152193][ T5638] syz.0.419[5638] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  191.663191][ T5666] loop0: detected capacity change from 0 to 512
[  191.765215][ T5666] EXT4-fs (loop0): Ignoring removed oldalloc option
[  191.791589][ T5666] EXT4-fs (loop0): inline encryption not supported
[  191.833520][ T5666] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  191.889749][ T5666] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  192.523782][ T5666] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.428: bg 0: block 64: padding at end of block bitmap is not set
[  192.955976][ T5666] __quota_error: 1 callbacks suppressed
[  192.955996][ T5666] Quota error (device loop0): write_blk: dquota write failed
[  193.027354][ T5666] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  193.117210][ T5666] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.428: Failed to acquire dquot type 0
[  193.157581][ T5666] EXT4-fs (loop0): 1 truncate cleaned up
[  193.177388][ T5666] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,oldalloc,inlinecrypt,delalloc,mblk_io_submit,delalloc,noload,mb_optimize_scan=0x0000000000000001,lazytime,,errors=continue. Quota mode: writeback.
[  193.787187][ T5696] loop0: detected capacity change from 0 to 128
[  193.859249][ T5701] loop3: detected capacity change from 0 to 512
[  194.163078][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  194.178327][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  194.422923][ T5701] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  194.832780][ T5701] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.936607][ T5710] loop2: detected capacity change from 0 to 512
[  195.262296][ T5710] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  195.508614][ T5710] EXT4-fs (loop2): 1 truncate cleaned up
[  195.625490][ T5710] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback.
[  195.815321][ T5710] EXT4-fs (loop2): user quota file already specified
[  198.663563][ T5726] loop3: detected capacity change from 0 to 1024
[  198.699142][ T5728] loop0: detected capacity change from 0 to 256
[  198.741647][ T5726] EXT4-fs (loop3): Ignoring removed oldalloc option
[  198.855550][ T5726] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x0000000000000003,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,oldalloc,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  198.856991][ T5728] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  199.355652][ T5740] input: syz1 as /devices/virtual/input/input28
[  201.024041][ T5742] input: syz1 as /devices/virtual/input/input29
[  201.543553][ T5746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.452'.
[  206.817409][ T5800] loop4: detected capacity change from 0 to 256
[  206.956701][ T5806] loop0: detected capacity change from 0 to 764
[  207.013011][ T5800] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  207.068469][ T5806] rock: directory entry would overflow storage
[  207.132525][ T5806] rock: sig=0x4654, size=5, remaining=4
[  210.397455][ T5825] input: syz1 as /devices/virtual/input/input30
[  210.790095][ T5831] loop0: detected capacity change from 0 to 164
[  211.581814][ T5851] loop2: detected capacity change from 0 to 256
[  211.683336][ T5851] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  214.219861][ T5856] loop4: detected capacity change from 0 to 2048
[  214.310191][ T4903]  loop4: p1 < > p3
[  214.353399][ T4903] loop4: p3 size 134217728 extends beyond EOD, truncated
[  214.499204][ T5856]  loop4: p1 < > p3
[  214.524759][ T5856] loop4: p3 size 134217728 extends beyond EOD, truncated
[  217.495746][ T5878] input: syz1 as /devices/virtual/input/input31
[  219.123274][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  219.167416][ T4903] udevd[4903]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  219.263776][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  219.306709][ T4903] udevd[4903]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  219.653499][ T5906] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  220.058360][ T5912] loop0: detected capacity change from 0 to 128
[  220.082948][ T5914] loop1: detected capacity change from 0 to 256
[  220.624364][ T5923] input: syz1 as /devices/virtual/input/input32
[  221.515637][ T5925] loop1: detected capacity change from 0 to 256
[  221.593668][ T5928] loop3: detected capacity change from 0 to 512
[  221.658598][ T5925] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  221.744835][ T5928] EXT4-fs (loop3): orphan cleanup on readonly fs
[  221.751434][ T5928] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  221.782581][ T5928] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  221.981545][ T5928] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.508: attempt to clear invalid blocks 2 len 1
[  222.042861][ T5928] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.508: invalid indirect mapped block 1819239214 (level 0)
[  222.104686][ T5928] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.508: invalid indirect mapped block 1819239214 (level 1)
[  222.159019][ T5928] EXT4-fs (loop3): 1 truncate cleaned up
[  222.172642][ T5928] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,jqfmt=vfsv0,abort,bsddf,noquota,usrjquota=..,errors=continue. Quota mode: writeback.
[  222.301493][ T4185] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: inode out of bounds - offset=24, inode=85, rec_len=20, size=1024 fake=0
[  222.420799][ T5933] xt_hashlimit: max too large, truncated to 1048576
[  222.866128][ T4352] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.015806][ T4352] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.170764][ T4352] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.439673][ T5954] input: syz1 as /devices/virtual/input/input33
[  223.705045][ T4352] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.285725][ T5960] loop0: detected capacity change from 0 to 764
[  225.722880][ T5967] input: syz1 as /devices/virtual/input/input34
[  226.943446][ T5980] loop0: detected capacity change from 0 to 4096
[  227.042055][ T5966] chnl_net:caif_netlink_parms(): no params data found
[  227.513639][ T5980] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  227.726446][ T5980] capability: warning: `syz.0.524' uses 32-bit capabilities (legacy support in use)
[  228.179892][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #c2!!!
[  228.239483][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  228.248708][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  228.257653][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  228.266666][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  228.275588][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  228.284618][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  228.293607][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  228.302701][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  228.312435][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  228.330694][ T4235] Bluetooth: hci0: command 0x0409 tx timeout
[  228.479557][ T6013] input: syz1 as /devices/virtual/input/input35
[  229.619553][ T5966] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.658898][ T5966] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.713195][ T5966] device bridge_slave_0 entered promiscuous mode
[  229.723768][ T6026] input: syz1 as /devices/virtual/input/input36
[  230.424930][ T4250] Bluetooth: hci0: command 0x041b tx timeout
[  231.191929][ T5966] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.228301][ T5966] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.236605][ T5966] device bridge_slave_1 entered promiscuous mode
[  231.711969][ T6040] input: syz1 as /devices/virtual/input/input37
[  232.497680][ T1325] Bluetooth: hci0: command 0x040f tx timeout
[  232.599124][ T5966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.656553][ T5966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.767069][   T26] audit: type=1326 audit(1754545910.856:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  232.832578][   T26] audit: type=1326 audit(1754545910.906:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  232.933868][ T5966] team0: Port device team_slave_0 added
[  232.957187][   T26] audit: type=1326 audit(1754545911.046:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.065958][   T26] audit: type=1326 audit(1754545911.046:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.417916][ T5966] team0: Port device team_slave_1 added
[  233.670776][   T26] audit: type=1326 audit(1754545911.046:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.734609][   T26] audit: type=1326 audit(1754545911.046:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.832833][   T26] audit: type=1326 audit(1754545911.046:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.856123][   T26] audit: type=1326 audit(1754545911.046:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.879613][   T26] audit: type=1326 audit(1754545911.046:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.925889][   T26] audit: type=1326 audit(1754545911.046:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6044 comm="syz.0.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  233.975123][ T6059] loop4: detected capacity change from 0 to 256
[  234.003517][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_0
[  234.021593][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.240189][ T5966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  234.820510][ T4352] device hsr_slave_0 left promiscuous mode
[  234.855226][ T4352] device hsr_slave_1 left promiscuous mode
[  234.890509][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.897617][ T4250] Bluetooth: hci0: command 0x0419 tx timeout
[  234.915779][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_0
[  235.008477][ T6075] loop1: detected capacity change from 0 to 512
[  235.049983][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  235.101785][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_1
[  235.109791][ T6075] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  235.436700][ T6075] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  237.018850][ T6085] input: syz1 as /devices/virtual/input/input38
[  237.442893][ T4352] device bridge_slave_1 left promiscuous mode
[  237.467327][ T4352] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.495585][ T6075] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  237.505006][ T6075] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  237.547932][ T6075] EXT4-fs (loop1): 1 truncate cleaned up
[  237.553651][ T6075] EXT4-fs (loop1): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,mblk_io_submit,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback.
[  237.590153][ T4352] device bridge_slave_0 left promiscuous mode
[  237.632226][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.662443][ T4352] device veth1_macvtap left promiscuous mode
[  237.680730][ T4352] device veth0_macvtap left promiscuous mode
[  237.695023][ T4352] device veth1_vlan left promiscuous mode
[  237.702749][ T4352] device veth0_vlan left promiscuous mode
[  237.757999][ T6075] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #2: block 4: comm syz.1.545: lblock 0 mapped to illegal pblock 4 (length 1)
[  237.811023][ T6075] EXT4-fs (loop1): Remounting filesystem read-only
[  237.826579][ T6075] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #2: block 4: comm syz.1.545: lblock 0 mapped to illegal pblock 4 (length 1)
[  237.857141][ T6075] EXT4-fs (loop1): Remounting filesystem read-only
[  238.691002][ T4352] team0 (unregistering): Port device bridge1 removed
[  238.715804][ T6108] loop1: detected capacity change from 0 to 512
[  238.760173][ T6108] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  238.803786][ T6108] EXT4-fs (loop1): 1 orphan inode deleted
[  238.824997][ T6108] EXT4-fs (loop1): 1 truncate cleaned up
[  238.837674][ T6108] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback.
[  238.863482][ T4352] team0 (unregistering): Port device team_slave_1 removed
[  238.878311][ T6108] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.552: iget: bad extra_isize 46 (inode size 256)
[  238.901407][ T4352] team0 (unregistering): Port device team_slave_0 removed
[  238.910765][ T6108] EXT4-fs (loop1): Remounting filesystem read-only
[  238.918169][ T6108] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #12: block 7: comm syz.1.552: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  238.943855][ T6108] EXT4-fs (loop1): Remounting filesystem read-only
[  238.951088][ T4352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  238.972505][ T4352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  239.066218][ T6111] loop1: detected capacity change from 0 to 128
[  239.091330][ T4352] bond0 (unregistering): Released all slaves
[  239.127562][ T6111] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none.
[  239.146363][ T6111] ext4 filesystem being mounted at /97/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  239.177810][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_1
[  239.189326][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.217444][ T5966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.241027][ T6100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.550'.
[  239.292261][ T6100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.550'.
[  239.380168][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.550'.
[  239.429879][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.550'.
[  239.596137][ T6118] netlink: 24 bytes leftover after parsing attributes in process `syz.1.555'.
[  239.753438][ T6118] netlink: 12 bytes leftover after parsing attributes in process `syz.1.555'.
[  239.878186][ T5966] device hsr_slave_0 entered promiscuous mode
[  239.900978][ T5966] device hsr_slave_1 entered promiscuous mode
[  239.999631][ T6130] input: syz1 as /devices/virtual/input/input39
[  240.077711][ T6127] loop1: detected capacity change from 0 to 128
[  240.093237][ T5966] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  240.261623][ T5966] Cannot create hsr debugfs directory
[  240.683706][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  240.683722][   T26] audit: type=1800 audit(1754545918.770:44): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.559" name="file2" dev="loop1" ino=1048648 res=0 errno=0
[  240.785905][ T6134] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  241.167603][ T4190] bridge0: port 3(syz_tun) entered disabled state
[  241.272473][ T4190] device syz_tun left promiscuous mode
[  241.283639][ T4190] bridge0: port 3(syz_tun) entered disabled state
[  242.025776][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  242.547367][ T5966] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  242.602503][ T5966] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  242.661109][ T5966] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  242.718054][ T5966] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  243.078204][ T5966] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.129592][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  243.162778][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  243.229588][ T5966] 8021q: adding VLAN 0 to HW filter on device team0
[  243.275575][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  243.298268][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  243.347476][  T549] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.354681][  T549] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.362725][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  243.433586][ T6175] netlink: 24 bytes leftover after parsing attributes in process `syz.2.568'.
[  243.508214][ T6175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.568'.
[  243.558344][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  243.589418][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  243.606966][  T549] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.614148][  T549] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.906805][ T6181] input: syz1 as /devices/virtual/input/input40
[  244.658367][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  244.679001][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  244.689797][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  244.700225][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  244.709047][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  244.761936][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  244.792980][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  244.832398][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  244.850140][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  244.892117][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  245.008899][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  245.107086][ T5966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  245.961144][ T1325] Bluetooth: hci2: command 0x0409 tx timeout
[  246.266035][ T6171] chnl_net:caif_netlink_parms(): no params data found
[  246.562099][ T6171] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.569350][ T6171] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.676085][ T6171] device bridge_slave_0 entered promiscuous mode
[  246.735789][ T6171] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.814369][ T6171] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.891764][ T6171] device bridge_slave_1 entered promiscuous mode
[  247.172411][ T6171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.199759][ T6224] netlink: 24 bytes leftover after parsing attributes in process `syz.0.578'.
[  247.287311][ T6171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.317334][ T6229] netlink: 12 bytes leftover after parsing attributes in process `syz.0.578'.
[  247.330360][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  247.358285][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  247.394194][ T5966] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.579074][ T6171] team0: Port device team_slave_0 added
[  247.609244][ T6171] team0: Port device team_slave_1 added
[  247.698911][ T6171] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.739805][ T6171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.816836][ T6171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.851912][ T6171] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.899676][ T6171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.019980][ T1325] Bluetooth: hci2: command 0x041b tx timeout
[  248.112687][ T6171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.474921][   T26] audit: type=1326 audit(1754545926.574:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  248.513811][ T6171] device hsr_slave_0 entered promiscuous mode
[  248.557583][ T6171] device hsr_slave_1 entered promiscuous mode
[  248.588270][   T26] audit: type=1326 audit(1754545926.604:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  248.630174][ T6171] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  248.637779][ T6171] Cannot create hsr debugfs directory
[  248.687301][   T26] audit: type=1326 audit(1754545926.634:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  248.735428][ T6255] loop2: detected capacity change from 0 to 512
[  248.780596][   T26] audit: type=1326 audit(1754545926.634:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  248.834198][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  248.852728][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  248.930289][ T5966] device veth0_vlan entered promiscuous mode
[  248.961849][ T6255] EXT4-fs (loop2): Ignoring removed oldalloc option
[  249.009365][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  249.017945][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  249.080101][ T6255] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz.2.582: Parent and EA inode have the same ino 15
[  249.097990][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  249.118113][ T6255] EXT4-fs (loop2): 1 orphan inode deleted
[  249.167163][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  249.167450][ T6255] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,bsdgroups,debug_want_extra_isize=0x0000000000000022,noauto_da_alloc,quota,oldalloc,resuid=0x000000000000ee01,,errors=continue. Quota mode: writeback.
[  249.182132][ T5966] device veth1_vlan entered promiscuous mode
[  249.254400][ T6272] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  249.350923][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  249.360557][ T4186] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  249.390740][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  249.471945][ T4186] EXT4-fs warning (device loop2): __ext4_unlink:3335: inode #15: comm syz-executor: Deleting file 'file1' with no links
[  249.518919][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  249.528341][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  249.563303][ T4186] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 234881024 (level 0)
[  249.599331][ T5966] device veth0_macvtap entered promiscuous mode
[  249.683393][ T5966] device veth1_macvtap entered promiscuous mode
[  249.725067][ T6171] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  249.806811][ T6171] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  250.032783][ T6171] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  250.053657][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.174275][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.373112][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.415129][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.443037][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.516935][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.568133][ T1326] Bluetooth: hci2: command 0x040f tx timeout
[  250.570020][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.598631][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.616295][ T5966] batman_adv: batadv0: Interface activated: batadv_slave_0
[  250.627510][ T6171] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  250.799778][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  250.808038][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  250.855092][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  250.871417][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  250.912048][ T4352] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.979354][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.997123][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.028116][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.065057][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.079127][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.090029][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.100408][ T5966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.113202][ T5966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.148531][ T5966] batman_adv: batadv0: Interface activated: batadv_slave_1
[  251.183520][ T4352] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.232375][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  251.255967][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  251.279994][ T5966] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.323752][ T5966] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.360787][ T6302] loop4: detected capacity change from 0 to 512
[  251.367234][ T5966] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.386788][ T5966] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.442810][ T4352] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.518298][ T6302] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  251.646090][ T4352] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.735058][ T6307] input: syz1 as /devices/virtual/input/input41
[  251.961782][ T6302] EXT4-fs (loop4): 1 truncate cleaned up
[  251.995954][ T6302] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none.
[  252.477534][ T6302] capability: warning: `syz.4.592' uses deprecated v2 capabilities in a way that may be insecure
[  252.619063][   T26] audit: type=1800 audit(1754545930.726:49): pid=6302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.592" name="file2" dev="loop4" ino=16 res=0 errno=0
[  252.657561][ T4250] Bluetooth: hci2: command 0x0419 tx timeout
[  252.727610][ T6171] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.734640][ T6318] bond0: option ad_select: unable to set because the bond device is up
[  252.979716][ T4520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.010034][ T4520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.460710][ T6171] 8021q: adding VLAN 0 to HW filter on device team0
[  253.531788][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  253.595355][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  253.623477][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  253.796367][  T549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.821797][ T6327] (unnamed net_device) (uninitialized): ARP monitoring cannot be used with MII monitoring
[  253.836776][  T549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.143290][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  254.167490][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  254.211651][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  254.280011][ T4376] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.287340][ T4376] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.473356][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  254.504129][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  254.520331][ T4376] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.527502][ T4376] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.535760][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  254.556169][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  254.811810][ T4376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  255.385006][ T6331] bridge0: port 3(syz_tun) entered blocking state
[  255.391667][ T6331] bridge0: port 3(syz_tun) entered disabled state
[  255.399623][ T6331] bridge0: port 3(syz_tun) entered blocking state
[  255.406349][ T6331] bridge0: port 3(syz_tun) entered forwarding state
[  255.440195][ T6347] netlink: 12 bytes leftover after parsing attributes in process `syz.2.603'.
[  255.509471][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  255.530062][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  255.536487][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  255.548431][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  256.562708][ T6355] input: syz1 as /devices/virtual/input/input42
[  256.650705][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  256.670718][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  256.877916][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  256.926594][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  256.949871][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  256.973507][ T6354] bridge8: the hash_elasticity option has been deprecated and is always 16
[  257.000810][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  257.041158][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  257.077226][ T6171] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  257.206048][ T5966] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  257.262615][ T5966] FAT-fs (loop1): Filesystem has been set read-only
[  259.406775][ T6395] loop4: detected capacity change from 0 to 128
[  259.468935][ T6395] EXT4-fs (loop4): Ignoring removed nobh option
[  259.676870][ T6392] netlink: 48 bytes leftover after parsing attributes in process `syz.2.614'.
[  259.711388][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  259.719653][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  259.754898][ T6171] 8021q: adding VLAN 0 to HW filter on device batadv0
[  259.783174][ T6395] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,abort,,errors=continue. Quota mode: none.
[  259.804024][ T6395] ext4 filesystem being mounted at /129/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  259.895228][ T6395] fscrypt (loop4, inode 12): Direct key flag not allowed with different contents and filenames modes
[  260.175328][ T6403] input: syz1 as /devices/virtual/input/input43
[  260.500514][ T6415] loop0: detected capacity change from 0 to 512
[  260.580420][ T6415] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,noinit_itable,barrier=0x0000000000000040,grpjquota=,errors=remount-ro,init_itable,. Quota mode: writeback.
[  260.613809][ T6415] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.693874][ T6415] EXT4-fs error (device loop0): ext4_get_verity_descriptor_location:338: inode #15: comm syz.0.619: verity file corrupted; can't find descriptor
[  260.722344][ T6415] EXT4-fs (loop0): Remounting filesystem read-only
[  260.734114][ T6415] fs-verity (loop0, inode 15): Error -117 getting verity descriptor size
[  261.113446][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  261.145425][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  261.277699][ T6437] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  261.547951][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  261.609120][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  261.655703][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  261.758586][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  262.220515][ T6171] device veth0_vlan entered promiscuous mode
[  262.237268][ T6453] netlink: 48 bytes leftover after parsing attributes in process `syz.0.626'.
[  262.248078][ T6171] device veth1_vlan entered promiscuous mode
[  262.293149][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  262.364626][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  262.380903][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  262.390144][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  262.425006][ T6171] device veth0_macvtap entered promiscuous mode
[  262.480648][ T4352] device hsr_slave_0 left promiscuous mode
[  262.496732][ T4352] device hsr_slave_1 left promiscuous mode
[  262.535672][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.565907][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.591663][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.619089][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.644026][ T4352] device bridge_slave_1 left promiscuous mode
[  262.716708][ T4352] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.776100][ T4352] device bridge_slave_0 left promiscuous mode
[  262.791664][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.845716][ T4352] device veth1_macvtap left promiscuous mode
[  262.871071][ T4352] device veth0_macvtap left promiscuous mode
[  262.908395][ T4352] device veth1_vlan left promiscuous mode
[  262.919462][ T4352] device veth0_vlan left promiscuous mode
[  264.445361][ T4352] team0 (unregistering): Port device team_slave_1 removed
[  264.494925][ T4352] team0 (unregistering): Port device team_slave_0 removed
[  264.535412][ T4352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.592043][ T4352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  264.828470][ T4352] bond0 (unregistering): Released all slaves
[  264.976783][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  265.060444][ T6490] input: syz1 as /devices/virtual/input/input44
[  265.196633][ T6171] device veth1_macvtap entered promiscuous mode
[  265.747296][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.807412][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.841096][ T6482] fuse: Bad value for 'user_id'
[  265.851069][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.899070][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.924775][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.965227][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.000603][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  266.074265][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.395744][ T6171] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.648026][ T6499] netlink: 48 bytes leftover after parsing attributes in process `syz.2.636'.
[  266.690653][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  266.779093][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  266.882323][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  266.935745][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.957263][ T6509] loop4: detected capacity change from 0 to 1024
[  267.116944][ T6510] input: syz1 as /devices/virtual/input/input45
[  267.291491][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.649363][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.679449][ T6509] EXT4-fs (loop4): Ignoring removed nobh option
[  267.841055][ T6509] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  267.870601][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.942787][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.980554][ T6509] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,grpid,barrier=0x0000000000000001,i_version,nouid32,max_dir_size_kb=0x00000000004007b1,abort,nodelalloc,nobh,user_xattr,dioread_lock,dioread_nolock,,errors=continue. Quota mode: none.
[  268.016826][ T6171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  268.069001][ T6171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  268.257231][ T6171] batman_adv: batadv0: Interface activated: batadv_slave_1
[  268.297115][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  268.299274][ T6520] loop2: detected capacity change from 0 to 128
[  268.315949][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  268.443050][ T6171] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  268.474431][ T6171] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  268.484977][ T6522] loop0: detected capacity change from 0 to 512
[  268.506444][ T6526] loop4: detected capacity change from 0 to 128
[  268.523053][ T6171] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  268.547941][ T6171] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.593639][ T6526] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  268.695998][ T6522] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.644: Parent and EA inode have the same ino 15
[  268.720060][ T6522] EXT4-fs (loop0): Remounting filesystem read-only
[  268.760195][ T4492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.777335][ T6522] EXT4-fs (loop0): 1 orphan inode deleted
[  268.786916][ T4492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.804578][ T6522] EXT4-fs (loop0): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000adb,bsdgroups,nobarrier,init_itable,errors=remount-ro,noinit_itable,nojournal_checksum,. Quota mode: none.
[  268.902309][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  268.921682][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.977827][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.009300][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  269.124940][ T6534] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  269.496113][ T6547] program syz.0.648 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  269.548287][ T6549] loop6: detected capacity change from 0 to 512
[  269.811556][ T6549] EXT4-fs (loop6): Ignoring removed nobh option
[  269.895415][ T6549] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.567: bg 0: block 393: padding at end of block bitmap is not set
[  269.928852][ T6549] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  269.984589][ T6549] EXT4-fs (loop6): 2 truncates cleaned up
[  270.038780][ T6549] EXT4-fs (loop6): mounted filesystem without journal. Opts: nobh,,errors=continue. Quota mode: writeback.
[  270.568353][ T6573] input: syz1 as /devices/virtual/input/input46
[  271.791112][   T26] audit: type=1326 audit(1754545949.905:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  271.887780][   T26] audit: type=1326 audit(1754545949.945:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  272.013568][   T26] audit: type=1326 audit(1754545949.945:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  272.095347][   T26] audit: type=1326 audit(1754545949.955:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  272.217206][   T26] audit: type=1326 audit(1754545949.955:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  272.313242][ T6601] loop0: detected capacity change from 0 to 2048
[  272.463176][   T26] audit: type=1326 audit(1754545949.955:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  272.485534][ T6601]  loop0: p1 p3 p4
[  272.499657][   T26] audit: type=1326 audit(1754545949.955:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  272.535813][ T6601] loop0: p4 size 589824 extends beyond EOD, truncated
[  272.605482][ T6610] overlayfs: overlapping lowerdir path
[  273.259998][   T26] audit: type=1326 audit(1754545949.965:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  273.346936][   T26] audit: type=1326 audit(1754545949.965:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe55ca2cbe9 code=0x7ffc0000
[  273.856946][ T6622] input: syz1 as /devices/virtual/input/input47
[  273.893556][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  273.951101][ T4592] udevd[4592]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  274.535022][ T4903] udevd[4903]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  275.335303][ T6651] loop0: detected capacity change from 0 to 512
[  275.466618][ T6655] loop6: detected capacity change from 0 to 512
[  275.489041][ T6651] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback.
[  275.597230][ T6651] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  275.761707][ T6655] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  276.186960][ T6670] input: syz1 as /devices/virtual/input/input48
[  277.110465][ T6680] loop2: detected capacity change from 0 to 512
[  277.201046][ T6684] loop5: detected capacity change from 0 to 512
[  277.282944][ T6680] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  277.317736][ T6680] ext4 filesystem being mounted at /139/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  277.335723][ T6684] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  277.379847][   T26] audit: type=1326 audit(1754545955.498:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  277.467632][ T6684] EXT4-fs (loop5): 1 truncate cleaned up
[  277.473382][ T6684] EXT4-fs (loop5): mounted filesystem without journal. Opts: minixdf,max_dir_size_kb=0x00000000000001ff,stripe=0x0000000000000000,noblock_validity,debug_want_extra_isize=0x0000000000000008,,errors=continue. Quota mode: none.
[  277.582527][   T26] audit: type=1326 audit(1754545955.528:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  277.615343][   T26] audit: type=1326 audit(1754545955.528:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  277.768965][   T26] audit: type=1326 audit(1754545955.528:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  277.944079][   T26] audit: type=1326 audit(1754545955.528:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  278.174506][   T26] audit: type=1326 audit(1754545955.528:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  278.594489][ T6716] netlink: 48 bytes leftover after parsing attributes in process `syz.4.693'.
[  278.625257][ T6716] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  279.122898][   T26] audit: type=1326 audit(1754545955.528:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  279.147130][   T26] audit: type=1326 audit(1754545955.528:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  279.308432][   T26] audit: type=1326 audit(1754545955.528:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  279.309001][ T6724] netlink: 12 bytes leftover after parsing attributes in process `syz.0.697'.
[  279.464017][   T26] audit: type=1326 audit(1754545955.528:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2e37a3be9 code=0x7ffc0000
[  279.940008][ T6747] loop2: detected capacity change from 0 to 164
[  280.093123][ T6747] rock: directory entry would overflow storage
[  280.094402][ T6752] loop0: detected capacity change from 0 to 128
[  280.115331][ T6747] rock: sig=0x66, size=4, remaining=3
[  280.702540][ T6766] netlink: 48 bytes leftover after parsing attributes in process `syz.2.708'.
[  280.722097][ T6766] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  281.567372][ T6773] netlink: 12 bytes leftover after parsing attributes in process `syz.5.712'.
[  281.890235][ T6779] device vlan2 entered promiscuous mode
[  282.468448][ T6814] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (8)
[  282.893873][ T6817] netlink: 48 bytes leftover after parsing attributes in process `syz.6.722'.
[  282.924735][ T6817] bridge0: port 3(syz_tun) entered blocking state
[  282.931741][ T6817] bridge0: port 3(syz_tun) entered disabled state
[  282.963250][ T6817] device syz_tun entered promiscuous mode
[  282.975931][ T6817] bridge0: port 3(syz_tun) entered blocking state
[  282.982469][ T6817] bridge0: port 3(syz_tun) entered forwarding state
[  283.038546][ T6817] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  284.177859][ T6823] netlink: 12 bytes leftover after parsing attributes in process `syz.6.726'.
[  284.727521][ T6840] input: syz1 as /devices/virtual/input/input49
[  285.741204][ T6858] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  286.465607][ T6877] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  287.166472][ T6881] netlink: 12 bytes leftover after parsing attributes in process `syz.6.741'.
[  287.478702][ T6892] fuse: Bad value for 'fd'
[  287.499634][ T6892] input: syz1 as /devices/virtual/input/input50
[  287.774858][ T6889] loop4: detected capacity change from 0 to 2048
[  288.194624][ T6897] loop0: detected capacity change from 0 to 512
[  288.228015][ T6889]  loop4: p1 < > p3
[  288.240947][ T6889] loop4: p3 size 134217728 extends beyond EOD, truncated
[  288.544404][ T3564]  loop4: p1 < > p3
[  288.554187][ T3564] loop4: p3 size 134217728 extends beyond EOD, truncated
[  288.795497][ T6916] loop2: detected capacity change from 0 to 256
[  288.919466][ T6918] loop0: detected capacity change from 0 to 1764
[  289.142461][ T6916] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  289.184293][ T6918] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1268758650 (2537517300 ns) > initial count (625258754 ns). Using initial count to start timer.
[  289.771285][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  289.792821][ T4592] udevd[4592]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  289.889524][ T4902] udevd[4902]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  289.937121][ T4592] udevd[4592]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  290.021286][ T5798] bridge0: port 3(syz_tun) entered disabled state
[  290.167223][ T5798] bridge0: port 3(syz_tun) entered disabled state
[  290.759073][ T6941] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  290.817959][ T6941] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  291.047786][ T6954] loop5: detected capacity change from 0 to 512
[  291.216746][ T6954] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.760: invalid indirect mapped block 10 (level 1)
[  291.378887][ T6954] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.760: invalid indirect mapped block 8 (level 1)
[  291.399694][ T6954] EXT4-fs (loop5): 1 truncate cleaned up
[  291.425483][ T6954] EXT4-fs (loop5): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback.
[  291.452665][ T6968] loop2: detected capacity change from 0 to 2048
[  291.518488][ T4903]  loop2: p1 < > p3
[  291.535832][ T4903] loop2: p3 size 134217728 extends beyond EOD, truncated
[  291.584224][ T6968]  loop2: p1 < > p3
[  291.616955][ T6968] loop2: p3 size 134217728 extends beyond EOD, truncated
[  291.704241][ T6968] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  291.882279][ T4352] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.953482][ T6957] chnl_net:caif_netlink_parms(): no params data found
[  292.074995][ T6983] loop6: detected capacity change from 0 to 512
[  292.300834][ T6983] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  292.391841][ T6983] EXT4-fs (loop6): 1 truncate cleaned up
[  292.410748][ T6983] EXT4-fs (loop6): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x000000000000006a,norecovery,nodiscard,grpid,,errors=continue. Quota mode: none.
[  292.536569][ T4903] udevd[4903]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  292.555845][ T4203] udevd[4203]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  292.719029][ T4352] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.751933][ T6993] netlink: 12 bytes leftover after parsing attributes in process `syz.4.767'.
[  292.876852][ T4352] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.899933][ T7003] loop6: detected capacity change from 0 to 256
[  293.109209][   T26] kauditd_printk_skb: 32 callbacks suppressed
[  293.109224][   T26] audit: type=1326 audit(1754545971.236:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.127450][ T7003] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  293.193432][ T6957] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.208298][ T6957] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.228297][ T6957] device bridge_slave_0 entered promiscuous mode
[  293.237268][   T26] audit: type=1326 audit(1754545971.266:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.340962][ T4352] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.351646][ T4243] Bluetooth: hci4: command 0x0409 tx timeout
[  293.365599][   T26] audit: type=1326 audit(1754545971.266:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.452858][   T26] audit: type=1326 audit(1754545971.266:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.475472][ T6957] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.495722][ T6957] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.517780][ T6957] device bridge_slave_1 entered promiscuous mode
[  293.556486][   T26] audit: type=1326 audit(1754545971.266:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.609505][   T26] audit: type=1326 audit(1754545971.276:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.687678][ T6957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.724269][   T26] audit: type=1326 audit(1754545971.276:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.762953][ T6957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  293.831606][   T26] audit: type=1326 audit(1754545971.276:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.870637][ T7027] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  293.912854][   T26] audit: type=1326 audit(1754545971.276:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  293.968943][ T6957] team0: Port device team_slave_0 added
[  293.993853][ T7029] netlink: 40 bytes leftover after parsing attributes in process `syz.2.777'.
[  294.004282][   T26] audit: type=1326 audit(1754545971.276:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.4.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f1bd009abe9 code=0x7ffc0000
[  294.068693][ T6957] team0: Port device team_slave_1 added
[  294.189643][ T6957] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.206521][ T6957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.276685][ T6957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  294.369761][ T7042] Zero length message leads to an empty skb
[  294.377517][ T6957] batman_adv: batadv0: Adding interface: batadv_slave_1
[  294.384591][ T6957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.435862][ T6957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.467353][ T7044] netlink: 12 bytes leftover after parsing attributes in process `syz.4.780'.
[  295.161961][ T6957] device hsr_slave_0 entered promiscuous mode
[  295.278794][ T6957] device hsr_slave_1 entered promiscuous mode
[  295.318273][ T6957] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  295.398741][ T6957] Cannot create hsr debugfs directory
[  295.470840][   T13] Bluetooth: hci4: command 0x041b tx timeout
[  295.723474][ T7078] sd 0:0:1:0: PR command failed: 2
[  295.742438][ T7078] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  295.799111][ T7078] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  295.812184][ T7082] netlink: 12 bytes leftover after parsing attributes in process `syz.2.790'.
[  295.967962][ T7085] loop2: detected capacity change from 0 to 256
[  296.053760][ T7085] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  296.116895][ T6957] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  296.210987][ T6957] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  296.229565][ T7100] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  296.368091][ T6957] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  296.528276][ T6957] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  296.665597][ T4352] device hsr_slave_0 left promiscuous mode
[  296.709921][ T4352] device hsr_slave_1 left promiscuous mode
[  296.816736][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.847955][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.892685][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.904960][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_1
[  297.035825][ T4352] device bridge_slave_1 left promiscuous mode
[  297.059974][ T4352] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.073137][ T7121] loop6: detected capacity change from 0 to 512
[  297.081747][ T4352] device bridge_slave_0 left promiscuous mode
[  297.088139][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.118197][ T4352] device veth1_macvtap left promiscuous mode
[  297.127153][ T4352] device veth0_macvtap left promiscuous mode
[  297.133294][ T4352] device veth1_vlan left promiscuous mode
[  297.157316][ T4352] device veth0_vlan left promiscuous mode
[  297.203146][ T7121] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  297.217808][ T7121] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.324071][ T7121] EXT4-fs error (device loop6): ext4_find_dest_de:2115: inode #2: block 4: comm syz.6.799: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1185837914, rec_len=27, size=1024 fake=1
[  297.505018][ T4243] Bluetooth: hci4: command 0x040f tx timeout
[  298.060652][ T4352] device team_slave_1 left promiscuous mode
[  298.092032][ T4352] team0 (unregistering): Port device team_slave_1 removed
[  298.121416][ T4352] device team_slave_0 left promiscuous mode
[  298.142913][ T4352] team0 (unregistering): Port device team_slave_0 removed
[  298.163904][ T4352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  298.173489][ T4352] device bond_slave_1 left promiscuous mode
[  298.189146][ T4352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  298.202370][ T4352] device bond_slave_0 left promiscuous mode
[  298.373087][ T4352] bond0 (unregistering): Released all slaves
[  298.519958][ T7109] netlink: 48 bytes leftover after parsing attributes in process `syz.4.796'.
[  298.637084][ T7130] netlink: 12 bytes leftover after parsing attributes in process `syz.2.800'.
[  298.694590][ T7144] loop4: detected capacity change from 0 to 512
[  299.038279][ T6957] 8021q: adding VLAN 0 to HW filter on device bond0
[  299.266139][ T6957] 8021q: adding VLAN 0 to HW filter on device team0
[  299.410601][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  299.479334][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  299.532818][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  299.578208][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  299.594166][    T7] Bluetooth: hci4: command 0x0419 tx timeout
[  299.744585][ T5713] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.751951][ T5713] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.820661][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  299.860974][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  299.903167][ T5713] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.910573][ T5713] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.983436][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  299.994273][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  300.032024][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  300.054934][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  300.115832][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  300.118968][ T7167] loop4: detected capacity change from 0 to 256
[  300.145916][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  300.172782][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  300.205889][ T7167] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  300.240656][ T6957] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  300.268863][ T6957] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  300.293711][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  300.322021][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  300.342579][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  300.364655][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  300.383917][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  300.440594][ T5713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  300.759870][ T7183] loop2: detected capacity change from 0 to 512
[  300.844467][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  300.902791][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  300.960938][ T6957] 8021q: adding VLAN 0 to HW filter on device batadv0
[  301.035120][ T7183] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.811: bad orphan inode 11862016
[  301.099876][ T7183] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  301.223336][ T7183] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.464133][ T7202] netlink: 12 bytes leftover after parsing attributes in process `syz.5.814'.
[  302.998350][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  303.013234][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  303.065705][ T7240] loop5: detected capacity change from 0 to 256
[  303.109968][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  303.123426][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  303.189905][ T7240] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  303.190898][ T6957] device veth0_vlan entered promiscuous mode
[  303.260708][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  303.295857][ T3090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  303.340476][ T6957] device veth1_vlan entered promiscuous mode
[  303.378070][ T7250] netlink: 12 bytes leftover after parsing attributes in process `syz.6.827'.
[  303.411679][ T7253] loop4: detected capacity change from 0 to 512
[  303.477695][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  303.487461][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  303.522412][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  303.558973][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  303.649468][ T6957] device veth0_macvtap entered promiscuous mode
[  303.663972][ T6957] device veth1_macvtap entered promiscuous mode
[  303.730298][ T7253] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  303.760397][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  303.777598][ T7253] EXT4-fs (loop4): 1 truncate cleaned up
[  303.827614][ T7253] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback.
[  303.838684][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  303.868340][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  303.882129][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  303.921479][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  303.938045][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  303.948614][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  303.967663][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.003988][ T6957] batman_adv: batadv0: Interface activated: batadv_slave_0
[  304.026090][ T7253] EXT4-fs (loop4): user quota file already specified
[  304.045955][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  304.061860][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  304.080611][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  304.101008][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  304.144967][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  304.176325][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.201191][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  304.229208][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.249759][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  304.270936][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.296252][ T6957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  304.328389][ T6957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.360620][ T6957] batman_adv: batadv0: Interface activated: batadv_slave_1
[  304.454657][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  304.675148][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  304.811376][ T6957] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  304.820145][ T6957] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.175547][ T6957] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  305.558750][ T6957] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  305.984373][ T3090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.027293][ T3090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.027740][ T7291] loop6: detected capacity change from 0 to 764
[  306.088718][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  306.199714][ T7291] rock: directory entry would overflow storage
[  306.253836][  T549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.268889][ T7291] rock: sig=0x4654, size=5, remaining=4
[  306.337173][  T549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.407383][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  307.476491][ T7317] loop6: detected capacity change from 0 to 256
[  307.858676][ T7317] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  308.639907][ T7336] netlink: 188 bytes leftover after parsing attributes in process `syz.7.851'.
[  309.164986][ T7352] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  311.662196][ T7387] netlink: 'syz.2.866': attribute type 10 has an invalid length.
[  311.697166][ T7387] netlink: 40 bytes leftover after parsing attributes in process `syz.2.866'.
[  311.727394][ T7387] device vlan1 entered promiscuous mode
[  311.758269][ T7387] bridge0: port 4(vlan1) entered blocking state
[  311.765081][ T7387] bridge0: port 4(vlan1) entered disabled state
[  311.795283][ T7387] bridge0: port 4(vlan1) entered blocking state
[  311.801731][ T7387] bridge0: port 4(vlan1) entered forwarding state
[  311.861680][ T7391] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.865'.
[  311.895650][ T7385] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.865'.
[  312.200480][ T7402] loop2: detected capacity change from 0 to 256
[  312.308887][ T7402] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  312.968593][ T7419] netlink: 'syz.4.875': attribute type 29 has an invalid length.
[  312.976724][ T7419] netlink: 'syz.4.875': attribute type 29 has an invalid length.
[  315.013525][ T7460] can: request_module (can-proto-0) failed.
[  315.950625][ T7475] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  316.327117][ T7488] loop5: detected capacity change from 0 to 512
[  316.404999][ T7488] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  316.672529][ T7488] EXT4-fs (loop5): 1 truncate cleaned up
[  316.678550][ T7488] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none.
[  316.923615][   T26] kauditd_printk_skb: 22 callbacks suppressed
[  316.923632][   T26] audit: type=1800 audit(1754545995.048:133): pid=7488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.895" name="file2" dev="loop5" ino=16 res=0 errno=0
[  316.952839][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  316.952935][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  317.128356][ T7515] loop7: detected capacity change from 0 to 512
[  317.261966][ T7515] EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
[  317.355810][ T7515] EXT4-fs (loop7): Ignoring removed mblk_io_submit option
[  318.185687][ T7515] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2
[  318.198057][ T7515] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -2
[  318.211387][ T7515] EXT4-fs (loop7): 1 truncate cleaned up
[  318.219702][ T7515] EXT4-fs (loop7): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,mblk_io_submit,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback.
[  318.307004][ T7515] EXT4-fs error (device loop7): ext4_map_blocks:629: inode #2: block 4: comm syz.7.903: lblock 0 mapped to illegal pblock 4 (length 1)
[  318.370612][ T7515] EXT4-fs (loop7): Remounting filesystem read-only
[  318.401597][ T7533] EXT4-fs error (device loop7): ext4_map_blocks:629: inode #2: block 4: comm syz.7.903: lblock 0 mapped to illegal pblock 4 (length 1)
[  318.487285][ T7533] EXT4-fs (loop7): Remounting filesystem read-only
[  320.454540][ T7579] ªªªªªª: renamed from vlan0
[  320.918456][ T7596] input: syz1 as /devices/virtual/input/input51
[  322.923180][ T7611] syz.5.935[7611] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  322.923290][ T7611] syz.5.935[7611] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  325.331868][ T7637] input: syz1 as /devices/virtual/input/input52
[  326.028405][ T7647] device syzkaller0 entered promiscuous mode
[  326.300625][ T7655] device veth0_vlan left promiscuous mode
[  326.320678][ T7655] device veth0_vlan entered promiscuous mode
[  326.588360][ T7665] device syzkaller0 entered promiscuous mode
[  327.107138][ T7677] input: syz1 as /devices/virtual/input/input53
[  329.571800][ T7725] device pim6reg1 entered promiscuous mode
[  330.108627][    C1] ------------[ cut here ]------------
[  330.110414][    C1] 
[  330.110422][    C1] ======================================================
[  330.110429][    C1] WARNING: possible circular locking dependency detected
[  330.110445][    C1] 5.15.189-syzkaller #0 Not tainted
[  330.110455][    C1] ------------------------------------------------------
[  330.110461][    C1] syz.4.989/7750 is trying to acquire lock:
[  330.110470][    C1] ffffffff8c110da0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x2c/0x60
[  330.110521][    C1] 
[  330.110521][    C1] but task is already holding lock:
[  330.110526][    C1] ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270
[  330.110567][    C1] 
[  330.110567][    C1] which lock already depends on the new lock.
[  330.110567][    C1] 
[  330.110573][    C1] 
[  330.110573][    C1] the existing dependency chain (in reverse order) is:
[  330.110578][    C1] 
[  330.110578][    C1] -> #5 (&base->lock){-.-.}-{2:2}:
[  330.110601][    C1]        _raw_spin_lock_irqsave+0xa4/0xf0
[  330.110624][    C1]        lock_timer_base+0x123/0x270
[  330.110642][    C1]        __mod_timer+0x117/0xd20
[  330.110659][    C1]        queue_delayed_work_on+0x126/0x1e0
[  330.110676][    C1]        enqueue_task+0x26d/0x2b0
[  330.110695][    C1]        wake_up_new_task+0x442/0x9a0
[  330.110713][    C1]        kernel_clone+0x421/0x930
[  330.110730][    C1]        kernel_thread+0xc8/0x120
[  330.110746][    C1]        rest_init+0x21/0x330
[  330.110768][    C1]        start_kernel+0x486/0x530
[  330.110786][    C1]        secondary_startup_64_no_verify+0xb1/0xbb
[  330.110807][    C1] 
[  330.110807][    C1] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  330.110828][    C1]        _raw_spin_lock_nested+0x2e/0x40
[  330.110848][    C1]        raw_spin_rq_lock_nested+0x26/0x140
[  330.110866][    C1]        task_fork_fair+0x5c/0x350
[  330.110881][    C1]        sched_cgroup_fork+0x2c6/0x320
[  330.110900][    C1]        copy_process+0x22d1/0x3e00
[  330.110916][    C1]        kernel_clone+0x219/0x930
[  330.110931][    C1]        kernel_thread+0xc8/0x120
[  330.110947][    C1]        rest_init+0x21/0x330
[  330.110963][    C1]        start_kernel+0x486/0x530
[  330.110979][    C1]        secondary_startup_64_no_verify+0xb1/0xbb
[  330.110998][    C1] 
[  330.110998][    C1] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  330.111020][    C1]        _raw_spin_lock_irqsave+0xa4/0xf0
[  330.111040][    C1]        try_to_wake_up+0x5c/0x1050
[  330.111058][    C1]        __wake_up_common+0x2a4/0x4e0
[  330.111077][    C1]        __wake_up+0x108/0x180
[  330.111094][    C1]        pty_close+0x265/0x440
[  330.111113][    C1]        tty_release+0x400/0x16c0
[  330.111132][    C1]        __fput+0x234/0x930
[  330.111148][    C1]        task_work_run+0x125/0x1a0
[  330.111166][    C1]        exit_to_user_mode_loop+0x10f/0x130
[  330.111188][    C1]        exit_to_user_mode_prepare+0xb1/0x140
[  330.111208][    C1]        syscall_exit_to_user_mode+0x16/0x40
[  330.111226][    C1]        do_syscall_64+0x58/0xa0
[  330.111245][    C1]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  330.111267][    C1] 
[  330.111267][    C1] -> #2 (&tty->write_wait){-...}-{2:2}:
[  330.111290][    C1]        _raw_spin_lock_irqsave+0xa4/0xf0
[  330.111310][    C1]        __wake_up+0xed/0x180
[  330.111326][    C1]        tty_port_default_wakeup+0xa5/0xf0
[  330.111344][    C1]        serial8250_tx_chars+0x629/0x830
[  330.111363][    C1]        serial8250_handle_irq+0x519/0x610
[  330.111381][    C1]        serial8250_default_handle_irq+0xb4/0x1a0
[  330.111402][    C1]        serial8250_interrupt+0x9b/0x1c0
[  330.111419][    C1]        __handle_irq_event_percpu+0x291/0x9b0
[  330.111438][    C1]        handle_irq_event+0xa5/0x220
[  330.111455][    C1]        handle_edge_irq+0x243/0xb20
[  330.111473][    C1]        __common_interrupt+0xd7/0x1e0
[  330.111490][    C1]        common_interrupt+0xb0/0xd0
[  330.111505][    C1]        asm_common_interrupt+0x22/0x40
[  330.111519][    C1]        default_idle+0xb/0x10
[  330.111534][    C1]        default_idle_call+0x81/0xc0
[  330.111548][    C1]        do_idle+0x21b/0x5b0
[  330.111562][    C1]        cpu_startup_entry+0x14/0x20
[  330.111578][    C1]        start_kernel+0x486/0x530
[  330.111595][    C1]        secondary_startup_64_no_verify+0xb1/0xbb
[  330.111614][    C1] 
[  330.111614][    C1] -> #1 (&port_lock_key){-...}-{2:2}:
[  330.111636][    C1]        _raw_spin_lock_irqsave+0xa4/0xf0
[  330.111656][    C1]        serial8250_console_write+0x170/0xf80
[  330.111675][    C1]        console_unlock+0xc86/0x1200
[  330.111695][    C1]        vprintk_emit+0xc0/0x150
[  330.111713][    C1]        _printk+0xcc/0x110
[  330.111731][    C1]        register_console+0x682/0x960
[  330.111747][    C1]        univ8250_console_init+0x41/0x50
[  330.111780][    C1]        console_init+0x177/0x5d0
[  330.111793][    C1]        start_kernel+0x2f9/0x530
[  330.111807][    C1]        secondary_startup_64_no_verify+0xb1/0xbb
[  330.111826][    C1] 
[  330.111826][    C1] -> #0 (console_owner){-.-.}-{0:0}:
[  330.111847][    C1]        __lock_acquire+0x2c33/0x7c60
[  330.111867][    C1]        lock_acquire+0x197/0x3f0
[  330.111882][    C1]        console_lock_spinning_enable+0x51/0x60
[  330.111897][    C1]        console_unlock+0x9f8/0x1200
[  330.111916][    C1]        vprintk_emit+0xc0/0x150
[  330.111933][    C1]        _printk+0xcc/0x110
[  330.111948][    C1]        report_bug+0x1e5/0x2e0
[  330.111965][    C1]        handle_bug+0x3a/0x70
[  330.111978][    C1]        exc_invalid_op+0x16/0x40
[  330.111991][    C1]        asm_exc_invalid_op+0x16/0x20
[  330.112006][    C1]        copy_from_user_nofault+0x160/0x1c0
[  330.112025][    C1]        bpf_probe_read_compat+0xdd/0x170
[  330.112043][    C1]        bpf_prog_63d51858d7cca270+0x3d/0x254
[  330.112058][    C1]        bpf_trace_run3+0x17e/0x320
[  330.112076][    C1]        enqueue_timer+0x394/0x520
[  330.112093][    C1]        __mod_timer+0x8e1/0xd20
[  330.112109][    C1]        dsp_cmx_send+0x1ab4/0x1b30
[  330.112127][    C1]        call_timer_fn+0x16c/0x530
[  330.112145][    C1]        __run_timers+0x525/0x7c0
[  330.112163][    C1]        run_timer_softirq+0x63/0xf0
[  330.112180][    C1]        handle_softirqs+0x328/0x820
[  330.112197][    C1]        __irq_exit_rcu+0x12f/0x220
[  330.112213][    C1]        irq_exit_rcu+0x5/0x20
[  330.112227][    C1]        sysvec_apic_timer_interrupt+0xa0/0xc0
[  330.112244][    C1]        asm_sysvec_apic_timer_interrupt+0x16/0x20
[  330.112261][    C1]        unwind_next_frame+0x953/0x1d90
[  330.112280][    C1]        arch_stack_walk+0x10c/0x140
[  330.112299][    C1]        stack_trace_save+0x98/0xe0
[  330.112314][    C1]        save_stack+0xf3/0x1e0
[  330.112332][    C1]        __set_page_owner+0x41/0x2d0
[  330.112350][    C1]        get_page_from_freelist+0x1b77/0x1c60
[  330.112371][    C1]        __alloc_pages+0x1e1/0x470
[  330.112389][    C1]        bpf_ringbuf_alloc+0x92/0x510
[  330.112406][    C1]        ringbuf_map_alloc+0x1e4/0x310
[  330.112424][    C1]        map_create+0x485/0x2170
[  330.112442][    C1]        __sys_bpf+0x2a4/0x670
[  330.112458][    C1]        __x64_sys_bpf+0x78/0x90
[  330.112474][    C1]        do_syscall_64+0x4c/0xa0
[  330.112492][    C1]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  330.112514][    C1] 
[  330.112514][    C1] other info that might help us debug this:
[  330.112514][    C1] 
[  330.112519][    C1] Chain exists of:
[  330.112519][    C1]   console_owner --> &rq->__lock --> &base->lock
[  330.112519][    C1] 
[  330.112547][    C1]  Possible unsafe locking scenario:
[  330.112547][    C1] 
[  330.112551][    C1]        CPU0                    CPU1
[  330.112555][    C1]        ----                    ----
[  330.112559][    C1]   lock(&base->lock);
[  330.112570][    C1]                                lock(&rq->__lock);
[  330.112581][    C1]                                lock(&base->lock);
[  330.112592][    C1]   lock(console_owner);
[  330.112603][    C1] 
[  330.112603][    C1]  *** DEADLOCK ***
[  330.112603][    C1] 
[  330.112606][    C1] 5 locks held by syz.4.989/7750:
[  330.112618][    C1]  #0: ffffc90000dd0be0 ((&dsp_spl_tl)){+.-.}-{0:0}, at: call_timer_fn+0xbb/0x530
[  330.112662][    C1]  #1: ffffffff8cfdadf8 (dsp_lock){..-.}-{2:2}, at: dsp_cmx_send+0x22/0x1b30
[  330.112703][    C1]  #2: ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270
[  330.112746][    C1]  #3: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  330.112796][    C1]  #4: ffffffff8c110e80 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0xa7/0x150
[  330.112841][    C1] 
[  330.112841][    C1] stack backtrace:
[  330.112847][    C1] CPU: 1 PID: 7750 Comm: syz.4.989 Not tainted 5.15.189-syzkaller #0
[  330.112866][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  330.112890][    C1] Call Trace:
[  330.112896][    C1]  <IRQ>
[  330.112904][    C1]  dump_stack_lvl+0x168/0x230
[  330.112926][    C1]  ? load_image+0x3b0/0x3b0
[  330.112946][    C1]  ? show_regs_print_info+0x20/0x20
[  330.112971][    C1]  ? print_circular_bug+0x12b/0x1a0
[  330.112991][    C1]  check_noncircular+0x274/0x310
[  330.113010][    C1]  ? add_chain_block+0x940/0x940
[  330.113027][    C1]  ? lockdep_lock+0xdc/0x1e0
[  330.113052][    C1]  ? mark_lock+0x94/0x320
[  330.113075][    C1]  __lock_acquire+0x2c33/0x7c60
[  330.113110][    C1]  ? verify_lock_unused+0x140/0x140
[  330.113140][    C1]  ? sprintf+0xd6/0x120
[  330.113163][    C1]  lock_acquire+0x197/0x3f0
[  330.113183][    C1]  ? console_lock_spinning_enable+0x2c/0x60
[  330.113202][    C1]  ? prb_read_valid+0x60/0x60
[  330.113223][    C1]  ? read_lock_is_recursive+0x10/0x10
[  330.113243][    C1]  ? do_raw_spin_lock+0x11d/0x280
[  330.113263][    C1]  ? __rwlock_init+0x140/0x140
[  330.113282][    C1]  ? do_raw_spin_unlock+0x11d/0x230
[  330.113302][    C1]  console_lock_spinning_enable+0x51/0x60
[  330.113319][    C1]  ? console_lock_spinning_enable+0x2c/0x60
[  330.113337][    C1]  console_unlock+0x9f8/0x1200
[  330.113363][    C1]  ? console_trylock_spinning+0x350/0x350
[  330.113388][    C1]  ? __down_trylock_console_sem+0x184/0x1e0
[  330.113405][    C1]  ? vprintk_emit+0xa7/0x150
[  330.113426][    C1]  ? printk_parse_prefix+0x330/0x330
[  330.113448][    C1]  ? vprintk_emit+0xa7/0x150
[  330.113474][    C1]  ? console_trylock+0x70/0x70
[  330.113491][    C1]  ? mark_lock+0x94/0x320
[  330.113518][    C1]  ? vprintk_emit+0x150/0x150
[  330.113538][    C1]  ? __lock_acquire+0x12d9/0x7c60
[  330.113561][    C1]  ? __lock_acquire+0x13ad/0x7c60
[  330.113587][    C1]  vprintk_emit+0xc0/0x150
[  330.113610][    C1]  _printk+0xcc/0x110
[  330.113632][    C1]  ? load_image+0x3b0/0x3b0
[  330.113655][    C1]  ? find_bug+0xa1/0x350
[  330.113673][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  330.113693][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  330.113715][    C1]  report_bug+0x1e5/0x2e0
[  330.113739][    C1]  handle_bug+0x3a/0x70
[  330.113755][    C1]  exc_invalid_op+0x16/0x40
[  330.113778][    C1]  asm_exc_invalid_op+0x16/0x20
[  330.113800][    C1] RIP: 0010:copy_from_user_nofault+0x160/0x1c0
[  330.113823][    C1] Code: 24 45 31 f6 31 ff 89 de e8 ed f7 d8 ff 85 db 48 c7 c0 f2 ff ff ff 49 0f 44 c6 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 70 f4 d8 ff <0f> 0b e9 1c ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ea fe
[  330.113840][    C1] RSP: 0018:ffffc90000dd0858 EFLAGS: 00010046
[  330.113857][    C1] RAX: ffffffff819ecfb0 RBX: 0000000000000008 RCX: ffff888059c55940
[  330.113871][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  330.113883][    C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100b38ab29
[  330.113897][    C1] R10: ffffed100b38ab29 R11: 1ffff1100b38ab28 R12: ffff888059c570c8
[  330.113911][    C1] R13: 00007ffffffff000 R14: ffffc90000dd08c8 R15: 0000000020000000
[  330.113930][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  330.113953][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  330.113975][    C1]  bpf_probe_read_compat+0xdd/0x170
[  330.113997][    C1]  bpf_prog_63d51858d7cca270+0x3d/0x254
[  330.114013][    C1]  bpf_trace_run3+0x17e/0x320
[  330.114035][    C1]  ? bpf_trace_run2+0x2d0/0x2d0
[  330.114054][    C1]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  330.114078][    C1]  ? __lock_acquire+0x7c60/0x7c60
[  330.114101][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  330.114122][    C1]  enqueue_timer+0x394/0x520
[  330.114145][    C1]  __mod_timer+0x8e1/0xd20
[  330.114170][    C1]  dsp_cmx_send+0x1ab4/0x1b30
[  330.114192][    C1]  ? detach_timer+0x33/0x2b0
[  330.114211][    C1]  ? read_lock_is_recursive+0x10/0x10
[  330.114239][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  330.114259][    C1]  call_timer_fn+0x16c/0x530
[  330.114278][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  330.114296][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  330.114318][    C1]  ? __run_timers+0x7c0/0x7c0
[  330.114341][    C1]  ? rcu_is_watching+0x11/0xa0
[  330.114358][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  330.114379][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  330.114397][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  330.114417][    C1]  __run_timers+0x525/0x7c0
[  330.114444][    C1]  ? detach_timer+0x2b0/0x2b0
[  330.114462][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  330.114488][    C1]  ? sched_clock_cpu+0x15/0x3c0
[  330.114506][    C1]  ? ktime_get_real_ts64+0x420/0x420
[  330.114531][    C1]  run_timer_softirq+0x63/0xf0
[  330.114552][    C1]  handle_softirqs+0x328/0x820
[  330.114572][    C1]  ? __irq_exit_rcu+0x12f/0x220
[  330.114592][    C1]  ? do_softirq+0x200/0x200
[  330.114612][    C1]  ? irqtime_account_irq+0xb2/0x1b0
[  330.114633][    C1]  __irq_exit_rcu+0x12f/0x220
[  330.114650][    C1]  ? irq_exit_rcu+0x20/0x20
[  330.114673][    C1]  irq_exit_rcu+0x5/0x20
[  330.114688][    C1]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  330.114708][    C1]  </IRQ>
[  330.114713][    C1]  <TASK>
[  330.114720][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  330.114739][    C1] RIP: 0010:unwind_next_frame+0x953/0x1d90
[  330.114766][    C1] Code: 87 00 48 8b 44 24 08 4c 8d 78 f8 4c 8b 6b 10 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 48 0f b6 04 01 84 c0 0f 85 b7 0f 00 00 <83> 3b 00 0f 95 c0 4d 39 fe 0f 96 c1 20 c1 4d 39 fd 0f 97 c0 20 c8
[  330.114781][    C1] RSP: 0018:ffffc900021d7608 EFLAGS: 00000246
[  330.114796][    C1] RAX: 0000000000000000 RBX: ffffc900021d76c8 RCX: 1ffff9200043aed9
[  330.114809][    C1] RDX: 1ffffffff1bda3f4 RSI: ffffffff8ded1fa2 RDI: ffffc900021d76d8
[  330.114824][    C1] RBP: ffffc900021d7710 R08: 0000000000000001 R09: 0000000000000000
[  330.114835][    C1] R10: fffff5200043aee5 R11: 1ffff9200043aee3 R12: 1ffffffff1bda3f4
[  330.114849][    C1] R13: ffffc900021d8000 R14: ffffc900021d0000 R15: ffffc900021d7bb8
[  330.114872][    C1]  ? unwind_next_frame+0xac/0x1d90
[  330.114896][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  330.114919][    C1]  ? stack_trace_save+0xe0/0xe0
[  330.114935][    C1]  arch_stack_walk+0x10c/0x140
[  330.114957][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  330.114981][    C1]  stack_trace_save+0x98/0xe0
[  330.114998][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  330.115014][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  330.115038][    C1]  ? lock_chain_count+0x20/0x20
[  330.115060][    C1]  save_stack+0xf3/0x1e0
[  330.115082][    C1]  ? __reset_page_owner+0x180/0x180
[  330.115101][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  330.115131][    C1]  ? lock_chain_count+0x20/0x20
[  330.115150][    C1]  ? preempt_count_add+0x8d/0x190
[  330.115172][    C1]  __set_page_owner+0x41/0x2d0
[  330.115192][    C1]  ? post_alloc_hook+0x106/0x220
[  330.115212][    C1]  get_page_from_freelist+0x1b77/0x1c60
[  330.115243][    C1]  ? __might_sleep+0xf0/0xf0
[  330.115260][    C1]  ? __sys_bpf+0x2a4/0x670
[  330.115278][    C1]  ? do_syscall_64+0x4c/0xa0
[  330.115298][    C1]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  330.115323][    C1]  ? __alloc_pages+0x470/0x470
[  330.115344][    C1]  ? prepare_alloc_pages+0x368/0x5f0
[  330.115367][    C1]  __alloc_pages+0x1e1/0x470
[  330.115386][    C1]  ? zone_statistics+0x170/0x170
[  330.115414][    C1]  bpf_ringbuf_alloc+0x92/0x510
[  330.115434][    C1]  ? bpf_map_init_from_attr+0x146/0x300
[  330.115454][    C1]  ringbuf_map_alloc+0x1e4/0x310
[  330.115475][    C1]  map_create+0x485/0x2170
[  330.115498][    C1]  __sys_bpf+0x2a4/0x670
[  330.115518][    C1]  ? bpf_link_show_fdinfo+0x340/0x340
[  330.115544][    C1]  ? vtime_user_exit+0x2dc/0x400
[  330.115565][    C1]  __x64_sys_bpf+0x78/0x90
[  330.115584][    C1]  do_syscall_64+0x4c/0xa0
[  330.115604][    C1]  ? clear_bhb_loop+0x30/0x80
[  330.115620][    C1]  ? clear_bhb_loop+0x30/0x80
[  330.115638][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  330.115661][    C1] RIP: 0033:0x7f1bd009abe9
[  330.115678][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.115694][    C1] RSP: 002b:00007f1bce302038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  330.115714][    C1] RAX: ffffffffffffffda RBX: 00007f1bd02c1fa0 RCX: 00007f1bd009abe9
[  330.115729][    C1] RDX: 0000000000000048 RSI: 00002000000000c0 RDI: 0000000000000000
[  330.115741][    C1] RBP: 00007f1bd011de19 R08: 0000000000000000 R09: 0000000000000000
[  330.115752][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  330.115771][    C1] R13: 00007f1bd02c2038 R14: 00007f1bd02c1fa0 R15: 00007fff2dba7fd8
[  330.115793][    C1]  </TASK>
[  331.745957][    C1] WARNING: CPU: 1 PID: 7750 at mm/maccess.c:226 copy_from_user_nofault+0x160/0x1c0
[  331.755352][    C1] Modules linked in:
[  331.759597][    C1] CPU: 1 PID: 7750 Comm: syz.4.989 Not tainted 5.15.189-syzkaller #0
[  331.767669][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  331.777905][    C1] RIP: 0010:copy_from_user_nofault+0x160/0x1c0
[  331.784074][    C1] Code: 24 45 31 f6 31 ff 89 de e8 ed f7 d8 ff 85 db 48 c7 c0 f2 ff ff ff 49 0f 44 c6 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 70 f4 d8 ff <0f> 0b e9 1c ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ea fe
[  331.803687][    C1] RSP: 0018:ffffc90000dd0858 EFLAGS: 00010046
[  331.809847][    C1] RAX: ffffffff819ecfb0 RBX: 0000000000000008 RCX: ffff888059c55940
[  331.817825][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  331.825885][    C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100b38ab29
[  331.833874][    C1] R10: ffffed100b38ab29 R11: 1ffff1100b38ab28 R12: ffff888059c570c8
[  331.841854][    C1] R13: 00007ffffffff000 R14: ffffc90000dd08c8 R15: 0000000020000000
[  331.849835][    C1] FS:  00007f1bce3026c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  331.858997][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  331.865590][    C1] CR2: 000000110c4222dd CR3: 0000000062796000 CR4: 00000000003506e0
[  331.873595][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  331.881687][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  331.889876][    C1] Call Trace:
[  331.893161][    C1]  <IRQ>
[  331.896024][    C1]  bpf_probe_read_compat+0xdd/0x170
[  331.901244][    C1]  bpf_prog_63d51858d7cca270+0x3d/0x254
[  331.906825][    C1]  bpf_trace_run3+0x17e/0x320
[  331.911511][    C1]  ? bpf_trace_run2+0x2d0/0x2d0
[  331.916538][    C1]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  331.922439][    C1]  ? __lock_acquire+0x7c60/0x7c60
[  331.927589][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  331.932900][    C1]  enqueue_timer+0x394/0x520
[  331.937526][    C1]  __mod_timer+0x8e1/0xd20
[  331.942118][    C1]  dsp_cmx_send+0x1ab4/0x1b30
[  331.946818][    C1]  ? detach_timer+0x33/0x2b0
[  331.951412][    C1]  ? read_lock_is_recursive+0x10/0x10
[  331.956797][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  331.962039][    C1]  call_timer_fn+0x16c/0x530
[  331.966657][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  331.971860][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  331.977849][    C1]  ? __run_timers+0x7c0/0x7c0
[  331.982530][    C1]  ? rcu_is_watching+0x11/0xa0
[  331.987297][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  331.992541][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  331.997742][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  332.003093][    C1]  __run_timers+0x525/0x7c0
[  332.007716][    C1]  ? detach_timer+0x2b0/0x2b0
[  332.012423][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  332.018427][    C1]  ? sched_clock_cpu+0x15/0x3c0
[  332.023279][    C1]  ? ktime_get_real_ts64+0x420/0x420
[  332.028748][    C1]  run_timer_softirq+0x63/0xf0
[  332.033528][    C1]  handle_softirqs+0x328/0x820
[  332.038299][    C1]  ? __irq_exit_rcu+0x12f/0x220
[  332.043167][    C1]  ? do_softirq+0x200/0x200
[  332.047671][    C1]  ? irqtime_account_irq+0xb2/0x1b0
[  332.052881][    C1]  __irq_exit_rcu+0x12f/0x220
[  332.057564][    C1]  ? irq_exit_rcu+0x20/0x20
[  332.062274][    C1]  irq_exit_rcu+0x5/0x20
[  332.066521][    C1]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  332.072158][    C1]  </IRQ>
[  332.075087][    C1]  <TASK>
[  332.078020][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  332.084004][    C1] RIP: 0010:unwind_next_frame+0x953/0x1d90
[  332.089925][    C1] Code: 87 00 48 8b 44 24 08 4c 8d 78 f8 4c 8b 6b 10 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 48 0f b6 04 01 84 c0 0f 85 b7 0f 00 00 <83> 3b 00 0f 95 c0 4d 39 fe 0f 96 c1 20 c1 4d 39 fd 0f 97 c0 20 c8
[  332.109630][    C1] RSP: 0018:ffffc900021d7608 EFLAGS: 00000246
[  332.115703][    C1] RAX: 0000000000000000 RBX: ffffc900021d76c8 RCX: 1ffff9200043aed9
[  332.123686][    C1] RDX: 1ffffffff1bda3f4 RSI: ffffffff8ded1fa2 RDI: ffffc900021d76d8
[  332.131757][    C1] RBP: ffffc900021d7710 R08: 0000000000000001 R09: 0000000000000000
[  332.139736][    C1] R10: fffff5200043aee5 R11: 1ffff9200043aee3 R12: 1ffffffff1bda3f4
[  332.147707][    C1] R13: ffffc900021d8000 R14: ffffc900021d0000 R15: ffffc900021d7bb8
[  332.155694][    C1]  ? unwind_next_frame+0xac/0x1d90
[  332.160818][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  332.166669][    C1]  ? stack_trace_save+0xe0/0xe0
[  332.171705][    C1]  arch_stack_walk+0x10c/0x140
[  332.176582][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  332.182315][    C1]  stack_trace_save+0x98/0xe0
[  332.186994][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  332.192104][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  332.198092][    C1]  ? lock_chain_count+0x20/0x20
[  332.203542][    C1]  save_stack+0xf3/0x1e0
[  332.207793][    C1]  ? __reset_page_owner+0x180/0x180
[  332.213004][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  332.218738][    C1]  ? lock_chain_count+0x20/0x20
[  332.223629][    C1]  ? preempt_count_add+0x8d/0x190
[  332.228660][    C1]  __set_page_owner+0x41/0x2d0
[  332.233563][    C1]  ? post_alloc_hook+0x106/0x220
[  332.238511][    C1]  get_page_from_freelist+0x1b77/0x1c60
[  332.244070][    C1]  ? __might_sleep+0xf0/0xf0
[  332.248680][    C1]  ? __sys_bpf+0x2a4/0x670
[  332.253101][    C1]  ? do_syscall_64+0x4c/0xa0
[  332.257703][    C1]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  332.263788][    C1]  ? __alloc_pages+0x470/0x470
[  332.268576][    C1]  ? prepare_alloc_pages+0x368/0x5f0
[  332.273890][    C1]  __alloc_pages+0x1e1/0x470
[  332.278533][    C1]  ? zone_statistics+0x170/0x170
[  332.283487][    C1]  bpf_ringbuf_alloc+0x92/0x510
[  332.288364][    C1]  ? bpf_map_init_from_attr+0x146/0x300
[  332.293918][    C1]  ringbuf_map_alloc+0x1e4/0x310
[  332.298952][    C1]  map_create+0x485/0x2170
[  332.303472][    C1]  __sys_bpf+0x2a4/0x670
[  332.307812][    C1]  ? bpf_link_show_fdinfo+0x340/0x340
[  332.313196][    C1]  ? vtime_user_exit+0x2dc/0x400
[  332.318150][    C1]  __x64_sys_bpf+0x78/0x90
[  332.322569][    C1]  do_syscall_64+0x4c/0xa0
[  332.326988][    C1]  ? clear_bhb_loop+0x30/0x80
[  332.331663][    C1]  ? clear_bhb_loop+0x30/0x80
[  332.336343][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  332.342249][    C1] RIP: 0033:0x7f1bd009abe9
[  332.346670][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.366279][    C1] RSP: 002b:00007f1bce302038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  332.374699][    C1] RAX: ffffffffffffffda RBX: 00007f1bd02c1fa0 RCX: 00007f1bd009abe9
[  332.382674][    C1] RDX: 0000000000000048 RSI: 00002000000000c0 RDI: 0000000000000000
[  332.390657][    C1] RBP: 00007f1bd011de19 R08: 0000000000000000 R09: 0000000000000000
[  332.398647][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  332.406740][    C1] R13: 00007f1bd02c2038 R14: 00007f1bd02c1fa0 R15: 00007fff2dba7fd8
[  332.414737][    C1]  </TASK>
[  332.417774][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  332.425170][    C1] CPU: 1 PID: 7750 Comm: syz.4.989 Not tainted 5.15.189-syzkaller #0
[  332.433256][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  332.443408][    C1] Call Trace:
[  332.446732][    C1]  <IRQ>
[  332.449588][    C1]  dump_stack_lvl+0x168/0x230
[  332.454378][    C1]  ? show_regs_print_info+0x20/0x20
[  332.459687][    C1]  ? load_image+0x3b0/0x3b0
[  332.464212][    C1]  panic+0x2c9/0x7f0
[  332.468121][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  332.472636][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  332.478187][    C1]  __warn+0x248/0x2b0
[  332.482279][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  332.487828][    C1]  report_bug+0x1b7/0x2e0
[  332.492451][    C1]  handle_bug+0x3a/0x70
[  332.496726][    C1]  exc_invalid_op+0x16/0x40
[  332.501248][    C1]  asm_exc_invalid_op+0x16/0x20
[  332.506113][    C1] RIP: 0010:copy_from_user_nofault+0x160/0x1c0
[  332.512283][    C1] Code: 24 45 31 f6 31 ff 89 de e8 ed f7 d8 ff 85 db 48 c7 c0 f2 ff ff ff 49 0f 44 c6 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 70 f4 d8 ff <0f> 0b e9 1c ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ea fe
[  332.531938][    C1] RSP: 0018:ffffc90000dd0858 EFLAGS: 00010046
[  332.538029][    C1] RAX: ffffffff819ecfb0 RBX: 0000000000000008 RCX: ffff888059c55940
[  332.546025][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  332.554010][    C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100b38ab29
[  332.562027][    C1] R10: ffffed100b38ab29 R11: 1ffff1100b38ab28 R12: ffff888059c570c8
[  332.570015][    C1] R13: 00007ffffffff000 R14: ffffc90000dd08c8 R15: 0000000020000000
[  332.578014][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  332.583580][    C1]  ? copy_from_user_nofault+0x160/0x1c0
[  332.589131][    C1]  bpf_probe_read_compat+0xdd/0x170
[  332.594336][    C1]  bpf_prog_63d51858d7cca270+0x3d/0x254
[  332.599885][    C1]  bpf_trace_run3+0x17e/0x320
[  332.604581][    C1]  ? bpf_trace_run2+0x2d0/0x2d0
[  332.609439][    C1]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  332.615346][    C1]  ? __lock_acquire+0x7c60/0x7c60
[  332.620374][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  332.625488][    C1]  enqueue_timer+0x394/0x520
[  332.630185][    C1]  __mod_timer+0x8e1/0xd20
[  332.634624][    C1]  dsp_cmx_send+0x1ab4/0x1b30
[  332.639319][    C1]  ? detach_timer+0x33/0x2b0
[  332.643931][    C1]  ? read_lock_is_recursive+0x10/0x10
[  332.649322][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  332.654532][    C1]  call_timer_fn+0x16c/0x530
[  332.659136][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  332.664248][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  332.670249][    C1]  ? __run_timers+0x7c0/0x7c0
[  332.674941][    C1]  ? rcu_is_watching+0x11/0xa0
[  332.679770][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  332.684975][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  332.690179][    C1]  ? dsp_cmx_receive+0x13c0/0x13c0
[  332.695298][    C1]  __run_timers+0x525/0x7c0
[  332.699818][    C1]  ? detach_timer+0x2b0/0x2b0
[  332.704498][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  332.710501][    C1]  ? sched_clock_cpu+0x15/0x3c0
[  332.715446][    C1]  ? ktime_get_real_ts64+0x420/0x420
[  332.720739][    C1]  run_timer_softirq+0x63/0xf0
[  332.725511][    C1]  handle_softirqs+0x328/0x820
[  332.730286][    C1]  ? __irq_exit_rcu+0x12f/0x220
[  332.735153][    C1]  ? do_softirq+0x200/0x200
[  332.739674][    C1]  ? irqtime_account_irq+0xb2/0x1b0
[  332.744880][    C1]  __irq_exit_rcu+0x12f/0x220
[  332.749602][    C1]  ? irq_exit_rcu+0x20/0x20
[  332.754121][    C1]  irq_exit_rcu+0x5/0x20
[  332.758639][    C1]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  332.764304][    C1]  </IRQ>
[  332.767245][    C1]  <TASK>
[  332.770182][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  332.781378][    C1] RIP: 0010:unwind_next_frame+0x953/0x1d90
[  332.787197][    C1] Code: 87 00 48 8b 44 24 08 4c 8d 78 f8 4c 8b 6b 10 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 48 0f b6 04 01 84 c0 0f 85 b7 0f 00 00 <83> 3b 00 0f 95 c0 4d 39 fe 0f 96 c1 20 c1 4d 39 fd 0f 97 c0 20 c8
[  332.806810][    C1] RSP: 0018:ffffc900021d7608 EFLAGS: 00000246
[  332.812885][    C1] RAX: 0000000000000000 RBX: ffffc900021d76c8 RCX: 1ffff9200043aed9
[  332.820864][    C1] RDX: 1ffffffff1bda3f4 RSI: ffffffff8ded1fa2 RDI: ffffc900021d76d8
[  332.828848][    C1] RBP: ffffc900021d7710 R08: 0000000000000001 R09: 0000000000000000
[  332.836845][    C1] R10: fffff5200043aee5 R11: 1ffff9200043aee3 R12: 1ffffffff1bda3f4
[  332.844922][    C1] R13: ffffc900021d8000 R14: ffffc900021d0000 R15: ffffc900021d7bb8
[  332.852927][    C1]  ? unwind_next_frame+0xac/0x1d90
[  332.858059][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  332.863787][    C1]  ? stack_trace_save+0xe0/0xe0
[  332.868644][    C1]  arch_stack_walk+0x10c/0x140
[  332.873420][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  332.879146][    C1]  stack_trace_save+0x98/0xe0
[  332.883844][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  332.888979][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  332.894978][    C1]  ? lock_chain_count+0x20/0x20
[  332.899841][    C1]  save_stack+0xf3/0x1e0
[  332.904183][    C1]  ? __reset_page_owner+0x180/0x180
[  332.909386][    C1]  ? get_page_from_freelist+0x1b77/0x1c60
[  332.915121][    C1]  ? lock_chain_count+0x20/0x20
[  332.920007][    C1]  ? preempt_count_add+0x8d/0x190
[  332.925043][    C1]  __set_page_owner+0x41/0x2d0
[  332.929813][    C1]  ? post_alloc_hook+0x106/0x220
[  332.934935][    C1]  get_page_from_freelist+0x1b77/0x1c60
[  332.940498][    C1]  ? __might_sleep+0xf0/0xf0
[  332.945124][    C1]  ? __sys_bpf+0x2a4/0x670
[  332.949666][    C1]  ? do_syscall_64+0x4c/0xa0
[  332.954375][    C1]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  332.960488][    C1]  ? __alloc_pages+0x470/0x470
[  332.965272][    C1]  ? prepare_alloc_pages+0x368/0x5f0
[  332.970571][    C1]  __alloc_pages+0x1e1/0x470
[  332.975179][    C1]  ? zone_statistics+0x170/0x170
[  332.980143][    C1]  bpf_ringbuf_alloc+0x92/0x510
[  332.985141][    C1]  ? bpf_map_init_from_attr+0x146/0x300
[  332.990715][    C1]  ringbuf_map_alloc+0x1e4/0x310
[  332.995688][    C1]  map_create+0x485/0x2170
[  333.000135][    C1]  __sys_bpf+0x2a4/0x670
[  333.004400][    C1]  ? bpf_link_show_fdinfo+0x340/0x340
[  333.009788][    C1]  ? vtime_user_exit+0x2dc/0x400
[  333.014742][    C1]  __x64_sys_bpf+0x78/0x90
[  333.019169][    C1]  do_syscall_64+0x4c/0xa0
[  333.023590][    C1]  ? clear_bhb_loop+0x30/0x80
[  333.028275][    C1]  ? clear_bhb_loop+0x30/0x80
[  333.032963][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  333.038882][    C1] RIP: 0033:0x7f1bd009abe9
[  333.043305][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.062914][    C1] RSP: 002b:00007f1bce302038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  333.071349][    C1] RAX: ffffffffffffffda RBX: 00007f1bd02c1fa0 RCX: 00007f1bd009abe9
[  333.079329][    C1] RDX: 0000000000000048 RSI: 00002000000000c0 RDI: 0000000000000000
[  333.087303][    C1] RBP: 00007f1bd011de19 R08: 0000000000000000 R09: 0000000000000000
[  333.095286][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  333.103261][    C1] R13: 00007f1bd02c2038 R14: 00007f1bd02c1fa0 R15: 00007fff2dba7fd8
[  333.111375][    C1]  </TASK>
[  333.114693][    C1] Kernel Offset: disabled
[  333.119050][    C1] Rebooting in 86400 seconds..