last executing test programs:

17m47.886575437s ago: executing program 32 (id=441):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, 0x0)
r1 = socket(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000780)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000311ffc)=0x1, 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x0, 0x0)
write$binfmt_script(r4, &(0x7f00000006c0)={'#! ', './file0', [], 0xa, "ecfb2da4955bfd5861d978042a6ad22f6baf924d7bb1f5c47274d2a120e923d6033f5d05901d3dc2bb8087032f8259d85360490a4aa339abd0356bd229401537468c79ba0b2b5d465f3260ed5552d927b0a0c0907dcdbdf460f3b3268b828016289f11222b0135e68943de197f2e6c57289f0fbe7bc357b520795b5a42277a9ac3cab4d25bc9c74284f3de70249515065c8652008fc6bf105d12ec"}, 0xa6)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r1], 0x48)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @mcast2, 0x9}, 0x1c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, 0x0}, 0x20)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0xff80}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
setsockopt$inet_int(r1, 0x0, 0x1b, &(0x7f00000000c0)=0x1000, 0x4)
sendto$inet(r1, 0x0, 0xffe5, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
recvmsg(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x11}, 0x40002020)

17m36.667890016s ago: executing program 33 (id=449):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00')
read$FUSE(r5, &(0x7f00000025c0)={0x2020}, 0x2020)
preadv(r5, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/100, 0x64}], 0x1, 0x80000000, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x2, 0x0, 0x300)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28)
r6 = fsopen(&(0x7f00000002c0)='minix\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000400)='source', &(0x7f0000001bc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\a\x00\x00\x00\x00\x00\x00\x00\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
pselect6(0x40, &(0x7f0000000040)={0xc, 0x1, 0xfffffffffffffff3, 0x0, 0x0, 0x0, 0x400000000000, 0x400}, 0x0, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)

16m33.726033885s ago: executing program 34 (id=516):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffffffffffffffa8, &(0x7f0000000000)=0x1002)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
preadv(r7, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x179c, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)

16m4.295657492s ago: executing program 35 (id=539):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000440)={'\x00', 0x5320, 0x5, 0x0, 0x0, 0x7fffffffffffffff, <r1=>r0})
rt_tgsigqueueinfo(r0, r1, 0x13, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000380)={[{@debug}, {@delalloc}, {@journal_ioprio}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})

4m31.915767674s ago: executing program 8 (id=528):
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8, 0x0, 0x6, 0x1, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$IOMMU_HWPT_ALLOC$NONE(r2, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000040)={0x18, r3})
ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f00000001c0)={0x1, 0x4, 0x12, &(0x7f0000000080)=""/18})
syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a72b7a104c05e102c8e201020301090224000100000000090471020216fa1f0009051402100000fa0009058202"], 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x40010, r5, 0x2000)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f00000001c0)=0x7, 0x4)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r7, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
read(r0, 0x0, 0x0)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r8, &(0x7f0000000300)='asymmetric\x00', 0x0)

4m30.026127068s ago: executing program 5 (id=1065):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
timerfd_gettime(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
io_setup(0x3, &(0x7f0000000240))
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
fcntl$setpipe(r2, 0x407, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0xfea8, 0xa)

4m27.47114524s ago: executing program 5 (id=1068):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000f40)=""/4110, 0x45, 0x100e, 0x1}, 0x28)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_CMAP(r3, 0x4bfa, &(0x7f00000000c0))

4m24.851654632s ago: executing program 4 (id=1070):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0x2d}, 0x0, 0x3, 0x400, 0x0, 0xa, 0x0, 0x20, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0xfffffffffffffffe, 0x3, 0x7}, {0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x144, 0x5, [{{@in=@remote, 0x4, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0x0, 0x0, 0x56, 0x0, 0xfffffffd, 0x1}, {{@in6=@private2, 0x3, 0x32}, 0x0, @in6=@remote, 0x3503}, {{@in6=@mcast1, 0x0, 0x3c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x0, 0x1, 0x3}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d3, 0x3c}, 0x2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x33}, 0x2, @in=@multicast1, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}]}]}, 0x1fc}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000001000000000000050000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1400000004000000080000000600001000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x56, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffcc4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6(0xa, 0x3, 0x8)

4m19.697244448s ago: executing program 4 (id=1074):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8844)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000000100000d0200000000040000000000000000000000000004"], &(0x7f0000000140)=""/226, 0x3a, 0xe2, 0x1}, 0x28)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e24, 0xfe, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, 0x1c)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r7, &(0x7f00000029c0)={0x8, {"258ca392533625f4b7cc9e4a5c35c180a9246bd2a629057bc09369a1bd6305b9265bdcc27eb1161bc80902e666c5927c2a5cf0fde7023e16b5930ec29d5c714f67c1d607e2e5fe7b1a03c6750f80e2f7a01960f075dfba9975d358c69bfe99515e15c27232b962f32f4958aee0514c481fd716dc47ad0f59bf7a0c072e8eeb57493a559648e021b468ecde650eadc8135d18fb17d21ed638ab3abc0fee2b30daef594419e69747009dcf8095400e5d73ab6c2783817759f0bd88bd9613a52a20af03e1bd91386eede12fd93bab9acd7999484818db79f74d2c377b51752200d779581df9e3cc907ad5ede671acd0dcc6cf04e8df211032af081c8294f257d707784d32bbb6e3742d7941cc0b099e908663b0480847266dc63a7bacd18676b2ecd027eff6e2d181e78e68c88725c20aa9ff3825dfab997d3119657dd1499f4cef8d76b183d041d7e6340f1090ba07f48cad950cf5d5e55b7e03ebe725d2f81e59d2d1860635f0a94e0cb6f5a81b62b758d407439dcf9ee35ac5581ccf83e2fbca408a590344929a0fbca5b82d9101165036038af55bfaff815f2932683f1cf8d69f8614db914ae22816e35d9d396f5c047fd5dcd5a1a4124c80257b8467ab94a84f00b29e50fb7e36101a05cf6578efd1cf914f432d7fbc6126e60ba3b2c7a849d68a9307a0d0b7c5c8e6ea42eea261558f956868ace73a443a78911eaded81d33b69d3cdb8f8d55680fe7a5851db23051f45c0d2ab11d81484a804008e6da3cfabbdb60e4890f033d62086999d8470ce9557e005d8c3e199c2db260c39ea68de838a7c6dfbd43655bec1795e94aa5a0ac6ff3b81a2a866ea5ecd9cd3ad3d791a1950275f2bfbd9134ba236435a9379c97d3ea32c303a6b6ae17658b20c201cdeb4b0cac24ee6baab64c73f8394155e26273187400682a850a2cb67568903837e120c0b6dda59761a84259f41e9221498f000768abb4ce458fb6ea9f89bd3c1bb1a41480f8e04974296d9d35cd6b4f3b48066dcf94b60553eb11d22335e51cf390c252897234f33254e054b1a507bdb0661d1a16625770962ff84f5d96d1f7c50afd3ae4f00f4e8d713ba0dd22c0b602c4062ed554512e892de3d948efd7bfcd2090103510a1afeb9435de3af9b5ce73d17f3d5918740dd1c6a5271fbbc9d5ce927b251c3d1693db787a94cd3dc16b037e36c699d7e2d833e7141556cb56bb2d258f9bbf16416d6df2b2ad8a5723ec4ddca61586f8598c2138ef873bcba0c8049f06c3486feb222f9d3aafd7d7416ca1b16d990755bcc17d311e1988922e105ec9dd8b45882dd69dc60b25b225d7e9030141e01e05236d879066b4a723a097be7697607ac7a659af00ef016c55b532b95c25dde17ad715e5c9bb2a9563ed27e343ed969208ce67011e46a4ab46875a1053c961a839223d0924f816e8b3748527b8c76ad33b1089f1f465c222e49ca23fb268ba950f3124169fc8f3f757dc1b4b02cf2003e50c349f9ade30dfa06ed4dcc64594531d0c67c25a04f01967744a5bdc7abfb76613e05a50255955f9e1ef2eb7e8f1bfeab0bad772f18c7fac15ee9eca1b63922965383043deb99a747d871d11818cb66023c2a5b872f2b6713150e709a8070a0ff76cc9933159210412adb15a1d1710d49e04be5d5fab73668ddf54ea692468b4a9121d6958b3f2c347cebccebd8595601e8c8c8aafc86095fd798aa803c7d2ddb2b49241c3caea405b4d2f8250da337e7e6d07c6667a323e67731df468c1f2dfd681dc324da363e6c9cf9a565c61a6fa3353612dd4bc0d3b8ecf4b3124704f5dd093e54b7eec357ad4be1427b0301687f95609b8df055bd020a853d3d6e9a37548b54d742cfeb16297175341609ec4c9ea502fa16cf176c4bd52659f18df1688104ecca2aeb695112534a078f691120ed6ba1052af82e037e1a6ea2bf2ddf1bf293e3c1323debf405218a2a4e8f0b7e347ee66242d279972244ab7ad31c6ad58001f66eb86bdfc7c4fa5225647012f8e1dd9237eba5114eae9d1402c8f39442778797d28e22cd944d1915d8ba1030c5b8ced09217ebf7f598e64f43c5a6cabe6dd7c8f4f383a2f84824b5620bd9ab03c59e3fd81c8ff968b186fec3645993a1e909dfa32664e4183ab19248b9d6027bf9153c2fa4bd64581f7288967e191e9d4d0c1296c5386d1e52481c08d11428572bb68344bf0160fd6128324ab982af7ccd19866f8ba4b5b0102da0489b1b8647a9b3e8ef89eb262ae8a7a5b40e802978330eb7e664608380e1ecdb63f00b10838c51963b4b9876a19a65ced67e3c9cc3288c8ae7624c2778cda216952d687ed22e33fcdf5072b269b5b9d2b71c4fcd5c427d7894464fcc808470100fd4184e3b9cfd2696bdb902570b6ab71ad15fe67436e683958c8004af6da0889392e4f1404e24ffc6eb561c8ef23605b68ff432c6193cd20e7eb1923fce09b8685c900dcdfb98324f241febb50e569450e37c79ab7a923773eeaea03a938c9b9f95d567dd8235eeb59ede9b4df52fff38dbff624c0c1aecd1bae4ea98d50a3e746ed770208516d5bc934b42cdf6eaf29d454f41048375da9f816ea666b1332057585cba97629d96ecd62fc79c27420de7d4ba4884b0c7760ccac02993c7e14d0a7a29f0ccae6a21943225343b6cd6a0eeabf400ee8dcaa64e290ef023ec7ba749da7fa41b58892817d8b70a298253e05303c79fd25d830a3faf3c88dcda2aeee8c0099c6c0145788e635ebb1756abc9019cc581cf3f88c75082270b15aa55714683e37fd4dfd8ecad8dbb8483cadc4347c07100e3d332e53204d74a22b07d6154469a736745009f15e0f748b58379848c85c6668ecef106ebbb03e6afb0607bf8c0f6745b890dc92319fffd4ed8a78f64932918de6419087dd76b72e8660b08ba480cc51a1bddac04bcb2da827e254e031b3996def74d0ac83f35448af1ab4dfe76f05307a2c34ef72e7ad757ecb0f785b1ebfea3a04241bd51bb47014eba8ac6bed7364199ecf61bca2e1948054f78cb2499c63ed9c001e6cd9f44868488df7102d34b2ca4100e654f8a0c514c1fc661cc89fc7235def8b3bb8d681b57239b7b6f8a0f49864573942ad666708480dffd68e982cf7bb92cddeee7de9d04310fb90cad490d21d6c313e9f9c8a57a782cef831fa6a86169c04efab4345126e17170af3e442e16d01136a4b74000dc82347da313f6b6e4bd94e664ad78cd25938958a4d302028bf488c4a5bd5bf119687b4d57a76aab420ca256a41eaf6aef603a2248846a670364e0f4d3f4f9641f6bc197ae7bd2de57eeeb2bb54ef1a88c378eaa93280691762a9d2ee72aeb52e085fc307bf09ccd99da363da5cfb56ae4884f8d5b19c980d88ff8df9bec083d314df266c62023425c86bdb100b4c7ef5343c4e6a395b94b54ae7c94320f6d3b71772624c143d8cfa27faf8fd4f6f0be856d771ebd86205e10cbcbcfe3832a905d640a7036b70ebf10fd523d54546a2d52d18a592658b630399c4e5e0323234a73a41fbaae0c9cd6d7c824ed21da1db42122c2066f273aff318981980604deb6a5063475374f11a1b12110c1722c931b2bcb6af4873f80f8fb5d4cf84420c5ce79ef94261e25a3418b52450bebb0d206478baffe30d77b4a842eb9301228a17a4632a8fb9448683d99e996e4cb1d17aae180bf083221e218def703cb23fe04752211c31371f9b6d5837d165932cdda9cb35c7ebc27ef4b25da63fd503da31e8d1174ece2b774f72e9ae10ccf4b0dd46e483a073b728b3b3f20098a7963da374614a246df203973b1995e77bcca76995ee7be769d15154b7a92f076de0aab4edd6e7df2290abc2ac1a152881d8a2a85784ae82bc8476cf9a8ac07191c6c6e9d6f7dca9caff3ec968ff03a831bfe47aaa8d35316228efa3941e6e62e74772e2b69d4e8838f906b9a6fdd2a3d3c266e1f35d94081a3ff479997e724ec8c98d89d179b0ac8d3de090ffbb1273a3bdf23bec9ff88a9a1d46733c5174f652f04b3564d7e747b321ed680dcb4447cb3e5467ac85bb8a2583ad8777e0eab1f3a9c0c1ef32c16fd631b29d7c7d672dd68799bcb2908ac6968e773fc41ca0b41bb178dbff4042ea9d663919b8d317db9a16eec0e0dee4c96356721dcfb927ad5dfc44572f3da0ad2b6b6456a922d0b3440c85583c37da24cda0727caeadc378d5fe6b6c979e4e3eff18db1e2e455c92d1cadbf153265be0a4e42d43c0350993123099267b7c63d4ef1e86baf562e69b819d0335df0b341b14044ad38eb3e6dcfb52a6b831b1ffa77d86667c9dbc09575026a67ecb1d64c074015b1caaa3ba9f920c050fe7c99e4b0b75b0d07a9943a620a8f0205efe82664ee2c943a4998ff853d5e036e326e1f4357ae703e0a8d3c3c87092168786f417aeb5958d5b26635dc82b8c3fd1fce8f2ddaa74c7a29a01e6d91662f2849be970b84a39b22d324226b22883e6945189dd2888d8ab5889410172c6ce993077fb32dd9addfdb1fbcebaecbc90f66554096482b7dcf5e75e4285fa1fddbef54739a1204d7995d488930d7573ecccaa5d441b6bed4befc4e67f290c02cc1527cd562a016e1d9d7bd4752196bc0cc4d27a752a1c1c23a02d6e45c697d31dd01b0f1ce79c07d23aacf5fb9e31bf407797292fa21d179b85fd24ab629992cc4ca6ada96978cedb1e15ccb377480adb9455a2ec97512fc40726cfcc3c6834b45c94965c5acf72355b5b3b0ae56cf782c7183ba85d557dbc2242a841b1b848508ab42858441d252e7b124f1bbb0b3b5358b3c60f2d00b57f4c8b3dca37202f1d7f8d75f50332c2241e4624e555905690446c353866be98eb397d3fa5e5d4a45470869cec23fa7f0c150cdd7fa3f1bdfc337127bfbe54baf2dbc8f63389f931243d8c10de3ef8303f54e6d210362fbad1bce1c6b71fd2e2eaf6034bb679850f30af632d000c65aa8ada74decb556ab7e3903a87c67083a01f38757ced93b743e8708e29e359451b93b2dc2a4d1dbbac3843005e7b6d7da94f9ac7077cbf714dfd429f944a23b09d715104ff53eae4ec987253ecf963725f954223fc3ecaa193917b7e63943c3062ee7d016b2fc8f87b3b69562d3ace41d69c72703d51d25c56cc5190513ad639853d146ef0824cb3cfc5ca8391cc272ba66bd1b1ba2e662886733e6bc219e035dd6c33253f05492bb10078f3929ea799cb060e8076ff32fe9b775977ec8fc2fd3809cbc4eb47976891119ed172ecbde091481493d473ba654f5e63fa485df22c540bb57570f62a6513abe96cf7d1eee8b8f95c92bd5648db476f6a1c9508285562689218f5c4f0f7025c63728e75994d771d41a91e1f33509d858e6e3849c23f4e9cdbc97be241ad2bd6904d841141abdb15a3908b2f84475ccc85cc963304008b2eb38793a1d9f39cb9ea8e7f592092d9a97c2d1a1721411eee069fe158ddd893e6514ee8dea93fcbafadaf2e810271f6fab18ad1763ee5d007334b90da20b9d0184bc2e7d47b01fe63d3fd264e5f719c1edfe0ab973fe62d48949591b788ea92ee66bd460fd152bfe7930272f8e9bc7245a0e781c3ab95767082be5efdd9b27f280d81579f3aeb4bf0f505aa3f3814bef0421c5faf6fffbcae36cd4c952bd99bac7377ec8849b9825013d336c39bcc53743ad2e50e6c2f68567e0d8b3e06c44e594ffcd7299b7141f5f845461247de3b471cf6897c51dd1b0ccb7f878b4308e178cb4ddc8f46f30ef240714a013ff5c937cdf006f8031fdc1406cfa26af361d1fad0854d7ce63b573faf600", 0x1000}}, 0x1006)
sendfile(r6, r7, &(0x7f0000000100), 0x8001)

4m19.411066001s ago: executing program 5 (id=1076):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x15, 0x3, 0xfffff800)
readv(0xffffffffffffffff, &(0x7f0000001880), 0x0)
mlockall(0x2)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)

4m17.747695749s ago: executing program 9 (id=1078):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8844)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000000100000d0200000000040000000000000000000000000004"], &(0x7f0000000140)=""/226, 0x3a, 0xe2, 0x1}, 0x28)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e24, 0xfe, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, 0x1c)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000000)=0x6091, 0x4)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000029c0)={0x8, {"258ca392533625f4b7cc9e4a5c35c180a9246bd2a629057bc09369a1bd6305b9265bdcc27eb1161bc80902e666c5927c2a5cf0fde7023e16b5930ec29d5c714f67c1d607e2e5fe7b1a03c6750f80e2f7a01960f075dfba9975d358c69bfe99515e15c27232b962f32f4958aee0514c481fd716dc47ad0f59bf7a0c072e8eeb57493a559648e021b468ecde650eadc8135d18fb17d21ed638ab3abc0fee2b30daef594419e69747009dcf8095400e5d73ab6c2783817759f0bd88bd9613a52a20af03e1bd91386eede12fd93bab9acd7999484818db79f74d2c377b51752200d779581df9e3cc907ad5ede671acd0dcc6cf04e8df211032af081c8294f257d707784d32bbb6e3742d7941cc0b099e908663b0480847266dc63a7bacd18676b2ecd027eff6e2d181e78e68c88725c20aa9ff3825dfab997d3119657dd1499f4cef8d76b183d041d7e6340f1090ba07f48cad950cf5d5e55b7e03ebe725d2f81e59d2d1860635f0a94e0cb6f5a81b62b758d407439dcf9ee35ac5581ccf83e2fbca408a590344929a0fbca5b82d9101165036038af55bfaff815f2932683f1cf8d69f8614db914ae22816e35d9d396f5c047fd5dcd5a1a4124c80257b8467ab94a84f00b29e50fb7e36101a05cf6578efd1cf914f432d7fbc6126e60ba3b2c7a849d68a9307a0d0b7c5c8e6ea42eea261558f956868ace73a443a78911eaded81d33b69d3cdb8f8d55680fe7a5851db23051f45c0d2ab11d81484a804008e6da3cfabbdb60e4890f033d62086999d8470ce9557e005d8c3e199c2db260c39ea68de838a7c6dfbd43655bec1795e94aa5a0ac6ff3b81a2a866ea5ecd9cd3ad3d791a1950275f2bfbd9134ba236435a9379c97d3ea32c303a6b6ae17658b20c201cdeb4b0cac24ee6baab64c73f8394155e26273187400682a850a2cb67568903837e120c0b6dda59761a84259f41e9221498f000768abb4ce458fb6ea9f89bd3c1bb1a41480f8e04974296d9d35cd6b4f3b48066dcf94b60553eb11d22335e51cf390c252897234f33254e054b1a507bdb0661d1a16625770962ff84f5d96d1f7c50afd3ae4f00f4e8d713ba0dd22c0b602c4062ed554512e892de3d948efd7bfcd2090103510a1afeb9435de3af9b5ce73d17f3d5918740dd1c6a5271fbbc9d5ce927b251c3d1693db787a94cd3dc16b037e36c699d7e2d833e7141556cb56bb2d258f9bbf16416d6df2b2ad8a5723ec4ddca61586f8598c2138ef873bcba0c8049f06c3486feb222f9d3aafd7d7416ca1b16d990755bcc17d311e1988922e105ec9dd8b45882dd69dc60b25b225d7e9030141e01e05236d879066b4a723a097be7697607ac7a659af00ef016c55b532b95c25dde17ad715e5c9bb2a9563ed27e343ed969208ce67011e46a4ab46875a1053c961a839223d0924f816e8b3748527b8c76ad33b1089f1f465c222e49ca23fb268ba950f3124169fc8f3f757dc1b4b02cf2003e50c349f9ade30dfa06ed4dcc64594531d0c67c25a04f01967744a5bdc7abfb76613e05a50255955f9e1ef2eb7e8f1bfeab0bad772f18c7fac15ee9eca1b63922965383043deb99a747d871d11818cb66023c2a5b872f2b6713150e709a8070a0ff76cc9933159210412adb15a1d1710d49e04be5d5fab73668ddf54ea692468b4a9121d6958b3f2c347cebccebd8595601e8c8c8aafc86095fd798aa803c7d2ddb2b49241c3caea405b4d2f8250da337e7e6d07c6667a323e67731df468c1f2dfd681dc324da363e6c9cf9a565c61a6fa3353612dd4bc0d3b8ecf4b3124704f5dd093e54b7eec357ad4be1427b0301687f95609b8df055bd020a853d3d6e9a37548b54d742cfeb16297175341609ec4c9ea502fa16cf176c4bd52659f18df1688104ecca2aeb695112534a078f691120ed6ba1052af82e037e1a6ea2bf2ddf1bf293e3c1323debf405218a2a4e8f0b7e347ee66242d279972244ab7ad31c6ad58001f66eb86bdfc7c4fa5225647012f8e1dd9237eba5114eae9d1402c8f39442778797d28e22cd944d1915d8ba1030c5b8ced09217ebf7f598e64f43c5a6cabe6dd7c8f4f383a2f84824b5620bd9ab03c59e3fd81c8ff968b186fec3645993a1e909dfa32664e4183ab19248b9d6027bf9153c2fa4bd64581f7288967e191e9d4d0c1296c5386d1e52481c08d11428572bb68344bf0160fd6128324ab982af7ccd19866f8ba4b5b0102da0489b1b8647a9b3e8ef89eb262ae8a7a5b40e802978330eb7e664608380e1ecdb63f00b10838c51963b4b9876a19a65ced67e3c9cc3288c8ae7624c2778cda216952d687ed22e33fcdf5072b269b5b9d2b71c4fcd5c427d7894464fcc808470100fd4184e3b9cfd2696bdb902570b6ab71ad15fe67436e683958c8004af6da0889392e4f1404e24ffc6eb561c8ef23605b68ff432c6193cd20e7eb1923fce09b8685c900dcdfb98324f241febb50e569450e37c79ab7a923773eeaea03a938c9b9f95d567dd8235eeb59ede9b4df52fff38dbff624c0c1aecd1bae4ea98d50a3e746ed770208516d5bc934b42cdf6eaf29d454f41048375da9f816ea666b1332057585cba97629d96ecd62fc79c27420de7d4ba4884b0c7760ccac02993c7e14d0a7a29f0ccae6a21943225343b6cd6a0eeabf400ee8dcaa64e290ef023ec7ba749da7fa41b58892817d8b70a298253e05303c79fd25d830a3faf3c88dcda2aeee8c0099c6c0145788e635ebb1756abc9019cc581cf3f88c75082270b15aa55714683e37fd4dfd8ecad8dbb8483cadc4347c07100e3d332e53204d74a22b07d6154469a736745009f15e0f748b58379848c85c6668ecef106ebbb03e6afb0607bf8c0f6745b890dc92319fffd4ed8a78f64932918de6419087dd76b72e8660b08ba480cc51a1bddac04bcb2da827e254e031b3996def74d0ac83f35448af1ab4dfe76f05307a2c34ef72e7ad757ecb0f785b1ebfea3a04241bd51bb47014eba8ac6bed7364199ecf61bca2e1948054f78cb2499c63ed9c001e6cd9f44868488df7102d34b2ca4100e654f8a0c514c1fc661cc89fc7235def8b3bb8d681b57239b7b6f8a0f49864573942ad666708480dffd68e982cf7bb92cddeee7de9d04310fb90cad490d21d6c313e9f9c8a57a782cef831fa6a86169c04efab4345126e17170af3e442e16d01136a4b74000dc82347da313f6b6e4bd94e664ad78cd25938958a4d302028bf488c4a5bd5bf119687b4d57a76aab420ca256a41eaf6aef603a2248846a670364e0f4d3f4f9641f6bc197ae7bd2de57eeeb2bb54ef1a88c378eaa93280691762a9d2ee72aeb52e085fc307bf09ccd99da363da5cfb56ae4884f8d5b19c980d88ff8df9bec083d314df266c62023425c86bdb100b4c7ef5343c4e6a395b94b54ae7c94320f6d3b71772624c143d8cfa27faf8fd4f6f0be856d771ebd86205e10cbcbcfe3832a905d640a7036b70ebf10fd523d54546a2d52d18a592658b630399c4e5e0323234a73a41fbaae0c9cd6d7c824ed21da1db42122c2066f273aff318981980604deb6a5063475374f11a1b12110c1722c931b2bcb6af4873f80f8fb5d4cf84420c5ce79ef94261e25a3418b52450bebb0d206478baffe30d77b4a842eb9301228a17a4632a8fb9448683d99e996e4cb1d17aae180bf083221e218def703cb23fe04752211c31371f9b6d5837d165932cdda9cb35c7ebc27ef4b25da63fd503da31e8d1174ece2b774f72e9ae10ccf4b0dd46e483a073b728b3b3f20098a7963da374614a246df203973b1995e77bcca76995ee7be769d15154b7a92f076de0aab4edd6e7df2290abc2ac1a152881d8a2a85784ae82bc8476cf9a8ac07191c6c6e9d6f7dca9caff3ec968ff03a831bfe47aaa8d35316228efa3941e6e62e74772e2b69d4e8838f906b9a6fdd2a3d3c266e1f35d94081a3ff479997e724ec8c98d89d179b0ac8d3de090ffbb1273a3bdf23bec9ff88a9a1d46733c5174f652f04b3564d7e747b321ed680dcb4447cb3e5467ac85bb8a2583ad8777e0eab1f3a9c0c1ef32c16fd631b29d7c7d672dd68799bcb2908ac6968e773fc41ca0b41bb178dbff4042ea9d663919b8d317db9a16eec0e0dee4c96356721dcfb927ad5dfc44572f3da0ad2b6b6456a922d0b3440c85583c37da24cda0727caeadc378d5fe6b6c979e4e3eff18db1e2e455c92d1cadbf153265be0a4e42d43c0350993123099267b7c63d4ef1e86baf562e69b819d0335df0b341b14044ad38eb3e6dcfb52a6b831b1ffa77d86667c9dbc09575026a67ecb1d64c074015b1caaa3ba9f920c050fe7c99e4b0b75b0d07a9943a620a8f0205efe82664ee2c943a4998ff853d5e036e326e1f4357ae703e0a8d3c3c87092168786f417aeb5958d5b26635dc82b8c3fd1fce8f2ddaa74c7a29a01e6d91662f2849be970b84a39b22d324226b22883e6945189dd2888d8ab5889410172c6ce993077fb32dd9addfdb1fbcebaecbc90f66554096482b7dcf5e75e4285fa1fddbef54739a1204d7995d488930d7573ecccaa5d441b6bed4befc4e67f290c02cc1527cd562a016e1d9d7bd4752196bc0cc4d27a752a1c1c23a02d6e45c697d31dd01b0f1ce79c07d23aacf5fb9e31bf407797292fa21d179b85fd24ab629992cc4ca6ada96978cedb1e15ccb377480adb9455a2ec97512fc40726cfcc3c6834b45c94965c5acf72355b5b3b0ae56cf782c7183ba85d557dbc2242a841b1b848508ab42858441d252e7b124f1bbb0b3b5358b3c60f2d00b57f4c8b3dca37202f1d7f8d75f50332c2241e4624e555905690446c353866be98eb397d3fa5e5d4a45470869cec23fa7f0c150cdd7fa3f1bdfc337127bfbe54baf2dbc8f63389f931243d8c10de3ef8303f54e6d210362fbad1bce1c6b71fd2e2eaf6034bb679850f30af632d000c65aa8ada74decb556ab7e3903a87c67083a01f38757ced93b743e8708e29e359451b93b2dc2a4d1dbbac3843005e7b6d7da94f9ac7077cbf714dfd429f944a23b09d715104ff53eae4ec987253ecf963725f954223fc3ecaa193917b7e63943c3062ee7d016b2fc8f87b3b69562d3ace41d69c72703d51d25c56cc5190513ad639853d146ef0824cb3cfc5ca8391cc272ba66bd1b1ba2e662886733e6bc219e035dd6c33253f05492bb10078f3929ea799cb060e8076ff32fe9b775977ec8fc2fd3809cbc4eb47976891119ed172ecbde091481493d473ba654f5e63fa485df22c540bb57570f62a6513abe96cf7d1eee8b8f95c92bd5648db476f6a1c9508285562689218f5c4f0f7025c63728e75994d771d41a91e1f33509d858e6e3849c23f4e9cdbc97be241ad2bd6904d841141abdb15a3908b2f84475ccc85cc963304008b2eb38793a1d9f39cb9ea8e7f592092d9a97c2d1a1721411eee069fe158ddd893e6514ee8dea93fcbafadaf2e810271f6fab18ad1763ee5d007334b90da20b9d0184bc2e7d47b01fe63d3fd264e5f719c1edfe0ab973fe62d48949591b788ea92ee66bd460fd152bfe7930272f8e9bc7245a0e781c3ab95767082be5efdd9b27f280d81579f3aeb4bf0f505aa3f3814bef0421c5faf6fffbcae36cd4c952bd99bac7377ec8849b9825013d336c39bcc53743ad2e50e6c2f68567e0d8b3e06c44e594ffcd7299b7141f5f845461247de3b471cf6897c51dd1b0ccb7f878b4308e178cb4ddc8f46f30ef240714a013ff5c937cdf006f8031fdc1406cfa26af361d1fad0854d7ce63b573faf600", 0x1000}}, 0x1006)
sendfile(r6, 0xffffffffffffffff, &(0x7f0000000100), 0x8001)

4m17.665710541s ago: executing program 4 (id=1079):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0xc0ed0040, &(0x7f0000000240)={[{@noblock_validity}, {@abort}, {@acl}, {@resuid}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000001140)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x40)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
recvmmsg(r4, &(0x7f0000004140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=""/43, 0x2b}, 0x5}], 0x1, 0x40000003, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func={0x0, 0x0, 0x0, 0xc, 0x20}]}}, 0x0, 0x26}, 0x28)
sendmmsg$sock(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

4m15.687106099s ago: executing program 36 (id=528):
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8, 0x0, 0x6, 0x1, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$IOMMU_HWPT_ALLOC$NONE(r2, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000040)={0x18, r3})
ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f00000001c0)={0x1, 0x4, 0x12, &(0x7f0000000080)=""/18})
syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a72b7a104c05e102c8e201020301090224000100000000090471020216fa1f0009051402100000fa0009058202"], 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x40010, r5, 0x2000)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f00000001c0)=0x7, 0x4)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r7, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
read(r0, 0x0, 0x0)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r8, &(0x7f0000000300)='asymmetric\x00', 0x0)

4m15.587535771s ago: executing program 5 (id=1082):
eventfd2(0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58)
listen(r4, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e24, 0x2c717c0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x28f60d68}, 0x1c)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
close_range(r4, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)

4m14.687702877s ago: executing program 4 (id=1083):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@block_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x4714, &(0x7f0000000100)={[{@test_dummy_encryption}, {@jqfmt_vfsv0}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2f79}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x888430, &(0x7f0000000000)=ANY=[], 0x1, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')

4m11.661342976s ago: executing program 9 (id=1086):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfffd, 0x0, 0x100000, 0x0})

4m10.158663885s ago: executing program 4 (id=1087):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0x2d}, 0x0, 0x3, 0x400, 0x0, 0xa, 0x0, 0x20, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0xfffffffffffffffe, 0x3, 0x7}, {0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x144, 0x5, [{{@in=@remote, 0x4, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0x0, 0x0, 0x56, 0x0, 0xfffffffd, 0x1}, {{@in6=@private2, 0x3, 0x32}, 0x0, @in6=@remote, 0x3503}, {{@in6=@mcast1, 0x0, 0x3c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x0, 0x1, 0x3}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d3, 0x3c}, 0x2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x33}, 0x2, @in=@multicast1, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}]}]}, 0x1fc}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000001000000000000050000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1400000004000000080000000600001000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x56, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffcc4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6(0xa, 0x3, 0x8)

4m8.502100617s ago: executing program 9 (id=1088):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0x0)
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
io_pgetevents(0x0, 0xcd, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000f40)=""/4110, 0x45, 0x100e, 0x1}, 0x28)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_CMAP(r5, 0x4bfa, &(0x7f00000000c0))

4m5.726968754s ago: executing program 4 (id=1089):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0xffffffffffffffa8, &(0x7f0000000000)=0x1002)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x179c, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)

4m3.39050571s ago: executing program 5 (id=1093):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@dev={0xfe, 0x80, '\x00', 0x2d}, 0x0, 0x3, 0x400, 0x0, 0xa, 0x0, 0x20, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0xfffffffffffffffe, 0x3, 0x7}, {0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x144, 0x5, [{{@in=@remote, 0x4, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0x0, 0x0, 0x56, 0x0, 0xfffffffd, 0x1}, {{@in6=@private2, 0x3, 0x32}, 0x0, @in6=@remote, 0x3503}, {{@in6=@mcast1, 0x0, 0x3c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x0, 0x1, 0x3}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d3, 0x3c}, 0x2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x33}, 0x2, @in=@multicast1, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}]}]}, 0x1fc}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000001000000000000050000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1400000004000000080000000600001000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x56, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffcc4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
socket$inet6(0xa, 0x3, 0x8)

3m58.875909265s ago: executing program 5 (id=1096):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r2, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000200), 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@newtclass={0x24, 0x28, 0xcbad876656d74f99, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x9, 0xfff2}, {0x1, 0xfff2}, {0xfff3, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000855}, 0x48000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'macvlan1\x00'})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x2, 0xffffffff, 0x3, 0x22}, 0x7})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
modify_ldt$write(0x1, 0x0, 0x0)
r6 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
socket(0x840000000002, 0x3, 0xff)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r8 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0xc81d, 0x10, 0x4, 0x2cf}, &(0x7f0000000300), &(0x7f00000002c0))
io_uring_enter(r8, 0x47b2, 0x10f9, 0x82, 0x0, 0x48)
io_uring_enter(r8, 0x640a, 0xcaab, 0x23, &(0x7f00000001c0)={[0x4]}, 0x8)

3m57.585341057s ago: executing program 9 (id=1098):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, 0x14)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00'}, 0x10)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x1003}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)

3m54.052785224s ago: executing program 9 (id=1101):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCMSET(r3, 0x5418, &(0x7f0000000140)=0xfffffdfb)

3m50.008460051s ago: executing program 37 (id=1089):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0xffffffffffffffa8, &(0x7f0000000000)=0x1002)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x179c, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)

3m49.362509008s ago: executing program 9 (id=1104):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@block_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x4714, &(0x7f0000000100)={[{@test_dummy_encryption}, {@jqfmt_vfsv0}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2f79}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x888430, &(0x7f0000000000)=ANY=[], 0x1, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')

3m42.979040755s ago: executing program 38 (id=1096):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r2, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000200), 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@newtclass={0x24, 0x28, 0xcbad876656d74f99, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x9, 0xfff2}, {0x1, 0xfff2}, {0xfff3, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000855}, 0x48000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'macvlan1\x00'})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x2, 0xffffffff, 0x3, 0x22}, 0x7})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
modify_ldt$write(0x1, 0x0, 0x0)
r6 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
socket(0x840000000002, 0x3, 0xff)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r8 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0xc81d, 0x10, 0x4, 0x2cf}, &(0x7f0000000300), &(0x7f00000002c0))
io_uring_enter(r8, 0x47b2, 0x10f9, 0x82, 0x0, 0x48)
io_uring_enter(r8, 0x640a, 0xcaab, 0x23, &(0x7f00000001c0)={[0x4]}, 0x8)

3m34.135536879s ago: executing program 39 (id=1104):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@block_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x4714, &(0x7f0000000100)={[{@test_dummy_encryption}, {@jqfmt_vfsv0}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2f79}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x888430, &(0x7f0000000000)=ANY=[], 0x1, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')

17.969140184s ago: executing program 6 (id=1541):
r0 = semget$private(0x0, 0x4000000009, 0x42a)
semop(r0, &(0x7f00000002c0)=[{0x3, 0x9b6a}], 0x1)
semctl$GETNCNT(r0, 0x3, 0xe, 0x0)

16.615714328s ago: executing program 6 (id=1550):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000f40)=ANY=[@ANYBLOB="50000000480011012abd7000fedbdf250a006000", @ANYRES32=r0, @ANYBLOB="02000000080002000700000008000200070000000800020000000000140001"], 0x50}, 0x1, 0x0, 0x0, 0x20000040}, 0x10)

15.466630726s ago: executing program 6 (id=1553):
syz_emit_ethernet(0x3a, &(0x7f0000000400)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x2, 0x9, 0x2c, 0x68, 0x0, 0x9, 0x6, 0x0, @remote, @private=0xa010100, {[@noop, @rr={0x7, 0x3, 0x4}]}}, {{0x4e23, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x1, 0x600}}}}}}, 0x0)

14.97679808s ago: executing program 6 (id=1559):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x21, 0x0, 0x0)
gettid()
timer_create(0x0, 0x0, 0x0)
preadv2(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1, 0x0, 0x4, 0x1)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYRES16=0x0, @ANYRES8, @ANYRES8=0x0, @ANYBLOB="b71fe84fda50cf6fbefac5a5891d03a05027c0e6658ea94f09636160112a47b688552b72051bf0111daffbe0adef82589ee2fac726c31d20f98aa1f9761873cd604dab0d22b4b321f4c20044c5a8e018b51e52342814e4c33a7f4807781862b524b303c604203d95ef2faa04cfd7ddc4f2edca0adeae0088a8e16969e9000a6a9d85bf9d4ee333cf03763ad6506f66797f154f0923a63f106d908d1cf2a884e57ab63950b9883c40449a94847df80ca39e9394f8de077bfd7f0c81e773158bd33c339a0f92997d172adcde0c53c97cce8a0f42c862a0c88c9a25ccf6799b85dadc245f608d6cb5ded47e4a20ad821132952cc1884e1473794144bbd01594b306a04fc39f13202b4447f8bbccc51a6c4b555b46a2df7f0fe979ef6c31ef8c81a81c26e71f96ea1d8ed245277259bdf970db1f41c75d8384b6b23cf44e9b04527874daf6c34e4deda0da670addd7c8f5eab4410908517c88940d", @ANYRES16], 0xfe, 0x1518, &(0x7f00000022c0)="$eJzs3AuYjtX6MPB1r7UehqS3SQ7Dutf98KbBMkmSQ0IOSZIkSU4JSZMkCYkhp6QhCTlOmhyGkBymMWmcz4eckyZbmiQJySlZ38Vub7uv/W/v/7f39/e/9ty/61rXrPt93nu99zP3XPOu55lr3u96jqrXon7tZkQk/iXw5y9JQogYIcQwIcR1QohACFEptlLspeP5FCT9ay/C/r0eTrvaFbCrifufu3H/czfuf+7G/c/duP+5G/c/d+P+527cf8Zys22zi13PI/cOvv+fm/H7/3+QnPKTv9pQ/sZe/40U7n/uxv3P3bj/uRv3P3fj/udu3P//fLX+4Bj3P3fj/jOWm/31XvAF7/3/gvvRPP5nx9X++WOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxljuc9VdoIcRf5le7LsYYY4wxxhhjjP37+LxXuwLGGGOMMcYYY4z9/wdCCiW0CEQekVfEiHwiv7hGFBDXioLiOhER14tYcYMoJG4UhUURUVQUE3GiuCghjEBhBYlQlBSlRFTcJEqLm0W8KCPKinLCifIiQdwiKohbRUVxm6gkbheVxR2iiqgqqonq4k5RQ9wlaopaora4W9QRdUU9UV/cIxqIe0VDcZ9oJO4XjcUDool4UDQVD4lm4mHRXDwiWohHRUvxmGglWos2oq1o9/+U/5LoK14W/UR/kSQGiIHiFTFIDBZDxFAxTLwqhovXxAjxukgWI8Uo8YYYLd4UY8RbYqwYJ8aLt8UEMVFMEpPFFDFVpIh3xDTxrkgV74npYoaYKWaJNDFbzBHvi7linpgvPhALxIdioVgkFoslIl18JDLEUpEpPhbLxCciSywXK8RKsUqsFmvEWrFOrBcbxEaxSWwWW8RWsU18KraLHWKn2CV2iz1ir/hM7BOfi/3iC5Etvvxv5p/5v/J7gQABEiRo0JAH8kAMxEB+yA8FoAAUhIIQgQjEQiwUgkJQGApDUSgKcRAHJaAEICAQEJSEkhCFKJSG0hAP8VAWyoIDBwmQABXgVqgIFaESVILKUBmqQFWoCtWhOtSAGlATakJtqA11oA7Ug3pwD9wD90JDaAiNoBE0hsbQBJpAU2gKzaAZNIfm0AJaQEtoCa2gFbSBNtAO2kF7aA8doAN0gk7QGTpDF+gCiZAIXaErdINu0B26Qw/oAT2hJ/SC3tAbXoKX4GV4GfpDHTkABsJAGASDYAgMhaHwKgyH1+A1eB2SYSSMgjfgDXgTxsBpGAvjYDyMhxpyIkyCyUByKqRACkyDaZAKqTAdZsAMmAVpMBvmwByYC/NgHnwAC+BD+BAWwSJYAumQDhmwFDIhE5bBGciC5bACVsIqWA2rYC2sg7WwATbCBtgMm2ErbIVP4VPYATtgF+yCPbAHPoPP4HP4HJIhG7LhAByAg3AQDsEhyIEcOAyH4QgcgaNwFI7BMTgOJ+AknIBTcApOwxk4C2fhPJyHC/BC3DfN95RZnyzkJVpqmUfmkTEyRuaX+WUBWUAWlAVlREZkrIyVhWQhWVgWlkVlURkn42QJWUKiREkylCVlSRmVUVlalpbxMl6WlWWlk04myARZQVaQFWVFWUneLivLO2QVWVV2dNVldVlDdnI1ZS1ZW9aWdWRdWU/Wl/VlA9lANpQNZSPZSDaWjWUT+aBsKgfAEHhYXupMCzkSWspR0Eq2lm1kW/kmPC7byzHQQXaUneSTchyMhS6yvUuUz8iuchJ0k8/JyfC87CGnQk/5ouwle8s+8iXZV3Zw/WR/OR0GyIFyFgySg+UQOVTOhbryUsfqyddlshwpR8k35BJ4U46Rb8mxcpwcL9+WE+REOUlOllPkVJki35HT5LsyVb4np8sZcqacJdPkbDlHvi/nynlyvvxALpAfyoVykVwsl8h0+ZHMkEtlpvxYLpOfyCy5XK6QK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2+ancLnfInXKX3C33yL3yM7lPfi73yy9ktvxSHpB/kgflV/KQ/FrmyG/kYfmtPCK/k0fl9/KY/EEelyfkSfmjPCV/kqflGXlWnpPn5c/ygvxFXpReCgVKKqW0ClQelVfFqHwqv7pGFVDXqoLqOhVR16tYdYMqpG5UhVURVVQVU3GquCqhjEJlFalQlVSlVFTdpEqrm1W8KqPKqnLKqfIqQd2iKqhbVUV1m6qkbleV1R2qiqqqqqnq6k5VQ92laqpaqra6W9VRdVU9VV/doxqoe1VDdZ9qpO5XjdUDqol6UDVVD6lm6mHVXD2iWqhHVUv1mGqlWqs2qq1qpx5X7dUTqoPqqDqpJ1Vn9ZTqop5WieoZ1VU9q7qp51R39bzqoV5QPdWLqpfqrfqoX9RF5VU/1V8lqQFqoHpFDVKD1RA1VA1Tr6rh6jU1Qr2uktVINUq9oUarN9UY9ZYaq8ap8eptNUFNVJPUZDVFTVUp6h01Tb2rUtV7arqaoWaqWSpNzVZDfl1p/j+R/+7fyR9x+dW3qm3qU7Vd7VA71S61W+1Re9VetU/tU/vVfpWtstUBdUAdVAfVIXVI5agcdVgdVkfUEXVUHVXH1DF1XJ1Q59SP6pT6SZ1WZ9QZdU6dV+fVhV+/B0KDllpprQOdR+fVMTqfzq+v0QX0tbqgvk5H9PU6Vt+gC+kbdWFdRBfVxXScLq5LaKNRW0061CV1KR3VN+nS+mYdr8vosrqcdrq8TtC3/Mv5/6i+drqdbq/b6w66g+6kO+nOurPuorvoRJ2ou+quupvuprvr7rqH7qF76p66l+6l++g+uq/uq/vpfjpJJ+mB+hU9SA/WQ/RQPUy/qofr4XqEHqGTdbIepUfp0Xq0HqPH6LF6rB6vx+sJeoKepCfpKXqKTtEpepqeplN1qp6up+uZeqZO02l6jp6j5+q5er6erxfoBXqhXqgX68U6XafrDJ2hM3WmXqaX6Sy9XC/XK/VKvVqv1mv1Wr1er9cb9Ua9WW/WWXqb3qa36+16p96pd+vdeq/eq/fpfXq/3q+zdbY+oA/og/qgPqQP6Rydow/rw/qIPqKP6qP6mD6mj+vj+qQ+qU/pU/q0Pq3P6rP6vD6vL+gL+qK+eGnbF8hABjrQQZ4gTxATxAT5g/xBgaBAUDAoGESCSBAbxAaFghuDwkGRoGhQLIgLigclAhNgYAMKwqBkUCqIBjcFpYObg/igTFA2KBe4oHyQENwSVAhuDSoGtwWVgtuDysEdQZWgalAtqB7cGdQI7gpqBrWC2sHdQZ2g7l/+DhXcGzQM7gsaBfcHjYMHgibBg0HT4KGgWfBw0Dx4JGgRPBq0DB4LWgWtgzZB26DdP7t+UC+oH9wTNPjD9b0/XeQJ18/0N0lmgBloXjGDzGAzxAw1w8yrZrh5zYwwr5tkM9KMMm+Y0eZNM8a8ZcaacWa8edtMMBPNJDPZTDFTTYp5x0wz75pU856ZbmaYmWaWSTOzzRzzvplr5pn55gOzwHxoFppFZrFZYtLNRybDLDWZ5mOzzHxissxys8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMp2a72WF2ml1mt9lj9prPzD7zudlvvjDZ5ktzwPzJHDRfmUPma5NjvjGHzbfmiPnOHDXfm2PmB3PcnDAnzY/mlPnJnDZnzFlzzpw3P5sL5hdz0fhLm/tLb++oUWMezIMxGIP5MT8WwAJYEAtiBCMYi7FYCAthYSyMRbEoxmEclsASeAkhYUksiVGMYmksjfEYj2WxLDp0mIAJWAErYEWsiJWwElbGylgFq2A1rIZ34p14F96FtbAW3o13Y12si/WxPjbABtgQG2IjbISNsTE2wSbYFJtiM2yGzbE5tsAW2BJbYitshW2wDbbDdtge22MH7ICdsBN2xs7YBbtgIiZiV+yK3bAbdsfu2AN7YE/sib2wF/bBPtgX+2K/c/0wCZNwIA7EQTgIh+AQHIbDcDgOxxE4ApMxGUfhKByNo3EMjsGxOA7H49s4ASfiJJyMU3AqpmAKTsNpmIqpOB2n40yciWmYhnNwDs7FuTgf5+MCXIALcSEuxsWYjumYgRmYiZm4DJdhFmbhClyBq3AVrsE1uA7X4QbcgJtwE27BLbgNt+F23I47cSfuxt24F/fiPtyH+3E/ZmM2HsADeBAP4iE8hDmYg4fxMB7BI3gUj+IxPIbH8TiexJN4Ck/haTyNZ/Esnsef8QL+ghfRY4yVIr+9xhaw19qC9jobY/PZv42L2mI2zha3JayxhW2R38RorY23ZWxZW846W94m2Ft+F1exVW01W93eaWvYu2zN38UN7L22ob3PNrL32/r2nt/Eje0Dtol91Da1j9lmtrVtbtvaFvZR29I+ZlvZ1raNbWs726dsF/u0TbTP2K722d/FGXapXWfX2w12o91nP7dn7Tl7xH5nz9ufbT/b3w6zr9rh9jU7wr5ukxuN/G1sR9rx9m07wU60k+xkO8VO/V08086yaXa2nWPft3PtvN/F6fYju8Bm2oV2kV1sl1yOL9WUaT+2y+wnNssutyvsSrvKrrZr7Nq/1rrSbrZb7Fa7135mt9sddqfdZXfbPZfjS+ex335hs+2X9rD91h60X9lD9qjNsd9cji+d31H7vT1mf7DH7Ql70v5oT9mf7Gl75vL5Xzr3H+0v9qL1VhCQJEWaAspDeSmG8lF+uoYK0LVUkK6jCF1PsXQDFaIbqTAVoaJUjOKoOJUgQ0iWiEIqSaUoSjdRabqZ4qkMlaVy5Kg8JdAtVIFupYp0G1Wi26ky3UFVqCpVo+p0J9Wgu6gm1aLadDfVobpUj+rTPdSA7qWGdB81ovupMT1ATehBakoPUTN6mJrTI9SCHqWW9Bi1otbUhtpSO3qc2tMT1IE6Uid6kjrTU9SFnqZEeoa60rPUjZ6j7vQ89aAXqCe9SL2oN/Whl6gvvUz9qD8l0QAaSK/QIBpMQ2goDaNXaTi9RiPodUqmkTSK3qDR9CaNobdoLI2j8fQ2TaCJNIkm0xSaSin0Dk2jdymV3qPpNINm0ixKo9k0h96nuTSP5tMHtIA+pIW0iBbTEkqnjyiDllImfUzL6BPKouW0glbSKlpNa2gtraP1tIE20ibaTFtoK22jT2k77aCdtIt20x7aS5/RPvqc9tMXlE1f0gH6Ex2kr+gQfU059A0dpm/pCH1HR+l7OkY/0HE6QSfpRzpFP9FpOkNn6Rydp5/pAv1CF8mTCCGUoQp1GIR5wrxhTJgvzB9eExYIrw0LhteFkfD6MDa8ISwU3hgWDouERcNiYVxYPCwRmhBDG1IYhiXDUmE0vCksHd4cxodlwrJhudCF5cOE8JawQnhrWDG8LawU3h5WDu8Iq4RVw0fvrx7eGdYI7wprhrXC2uHdYZ2wblgvrB/eEzYI7w0bhveFjcL7w4rhA2GT8MGwafhQ2Cx8OGwePhK2CB8NW4aPha3C1mGbsG3YLnw8bB8+EXYIO4adwifDzuFTYZfw6TAxfCbsGj77D48nhQPCgeEr4Suh9/epxdEl0fToR9GM6NJoZvTj6LLoJ9Gs6PLoiujK6Kro6uia6Nrouuj66Iboxuim6ObolujWqPf18woHTjrltAtcHpfXxbh8Lr+7xhVw17qC7joXcde7WHeDK+RudIVdEVfUFXNxrrgr4YxDZx250JV0pVzU3eRKu5tdvCvjyrpyzrnyLsG1de1cO9fePeE6uI6uk3vSPemeck+5p93T7hnX1T3rurnnXHf3vOvhXnAvuBddL9fb9XEvub7uZdfP9XdJLskNdAPdIDfIDXFD8vy6B3Mj3AiX7JLdKDfKjXaj3Rg3xo11Y914N95NcBPcJDfJTXFTXIpLcdPcNJfqUt10N93NdDNdmktzc9wcN9fNdfPdfLcgfoFb6Ba6xW6xS3fpLsNluEyX6Za5ZS7LZbkVboVb5Va5NW6NW+fWuQ1ug9vkNrktbovb5ra57W672+l2ut1ut9vr9rp9bp/b7/a7bJftDrgD7qA76A65r12O+8Yddt+6I+47d9R97465H9xxd8KddD+6U+4nd9qdcWfdOXfe/ewuuF/cReddSuSdyLTIu5HUyHuR6ZEZkZmRWZG0yOzInMj7kbmReZH5kQ8iCyIfRhZGFkUWR5ZE0iMfRTIiSyOZkY8jyyKfRLIiyyMrIisjqyKrI94X3x76kr6Uj/qbfGl/s4/3ZXxZX847X94n+Ft8BX+rr+hv85X87b6yv8NX8VV9Nf+Yb+Vb+za+rW/nH/ft/RO+g+/oO/knfWf/lO/in/aJ/hnf1T/ru/nnfHf/vO/hX/A9/Yu+l+/t+/iXfF//su/n+/skP8AP9K/4QX6wH+KH+mH+VT/cv+ZH+Nd9sh/pR/k3/Gj/ph/j3/Jj/Tg/3r/tJ/iJfpKf7Kf4qT7Fv+On+Xd9qn/PT/cz/Ew/y6f52X6Of9/P9fP8fP+BX+A/9Av9Ir/YL/Hp/iOf4Zf6TP+xX+Y/8Vl+uV/hV/pVfrVf49f6dX693+A3+k1+s9/it/pt/lO/3e/wO/0uv9vv8Xv9Z36f/9zv91/4bP+lP+D/5A/6r/wh/7XP8d/4w/5bf8R/54/67/0x/4M/7k/4k/5Hf8r/5E/7M/6sP+fP+5/9Bf+Lv8j/s8YYY4wx9k9JPfTHxwf8ncfkr+OSgUKIa3cUy/nb41oIsanwn+eDZVzniBDimf49H/7LqFMnKSnp1+dmKRGUWiSEiFzJv3wZ8mu8XHQST4lE0VFU+Lv1DZa9z9MfrA/HvY/eLkT+v8mJEVfiK+vf+l+s//iT4zMqh2djf7v+hV/3m5fqjy4SIr7UlZx84kp8Zf2K/8X6Rdr/Uf1ZSuT7KkWIDn+TU0Bcia+snyCeEM+KxN88kzHGGGOMMcYY+7PBslr3f3D9efn6PE5fDi8/nFf8Nf6H1+eMMcYYY4wxxhi7+p7v3efpxxMTO3bnCU94wpO/Tq72bybGGGOMMcbYv9uVTf/VroQxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMu9/ic+TuxqnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2fAAAA///9QkNA")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
fchmodat(r0, &(0x7f0000000100)='./file0\x00', 0xffffffc5)

11.847020265s ago: executing program 6 (id=1567):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x82400)
r1 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
poll(&(0x7f00000005c0)=[{r0, 0x2000}, {r1, 0xa010}], 0x2, 0x1)

10.916482242s ago: executing program 6 (id=1577):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffff7f00000000)

10.155338431s ago: executing program 40 (id=1577):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
sendfile(0xffffffffffffffff, r0, 0x0, 0xffffff7f00000000)

9.85125872s ago: executing program 0 (id=1587):
syz_usb_connect$cdc_ecm(0x5, 0x80, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000202505a1a440000000010109026e000101006008090400001a02020000052406000005240004000d240f01000000000100fcff050924127d"], 0x0)

9.851118135s ago: executing program 2 (id=1588):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000016c0)={0x3, &(0x7f0000001680)=[{0x2}, {0x61}, {0x6}]})

9.84444422s ago: executing program 1 (id=1589):
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@jqfmt_vfsv0}, {@i_version}, {@jqfmt_vfsv0}, {@nombcache}]}, 0x1, 0x7b8, &(0x7f0000000880)="$eJzs3U1oXNUeAPD/nearafqS9/oej9cH70VabEDMZ2sruGipuhCpH626ESQ16QdNG20iNHVVFKxuXEgXUhUVBRcugpsutCBdiRtbXbVIKeIHFmNB7UJQIndmbjo1k7QhH7d2fj+4zblnZnL+d/6cc8q5OTMB1Kz29J9CxH8iYjyJaC3XJxFRXyzVRWwuPe9k3/ie9EhicnL7paT4nBN943ui4jWpFeXf2RERn1+IuK9hersjY4f39Q8NDR4sn3eN7n+qa2Ts8O179/fvHtw9eKB3w8be3g09G3t7Fuxaz7zy0YOFr7e++t5vHZc23vv7riQ2R0v5scrrWCjt0T71nlwliVi/0I3lrOp1VvGvwZdPLnIoXKdH13Q0FyJiWamXx3+jNZYVSxGNHz7+U2t8c2ym17a8+8b3SxkrALBw/h8RkwBAjUnM/wBQY7J1gBN943uyY6nWHjbVLVVLzGRiS0Q0lfKf3d8tPVIXm4s/m4r3gZt/TqIyXUlEtM2z7U8HItqj7f3Tl8+tTY9YpPuw3JjGv8o7AvLUcLP9EQRzsvqhvCMgT58dzTsC8vTFRN4RkKeHt+cdAXnadkfeEZCn45fyjoCPt0TEpmrrf4Wp9Z+osv7TmO0dmId1p9Lf8eOqyrrp6z+Fi/NshllMbIm4q2Jvx8mK/Je1LSufrSyu+dUnu/YODXZHxN8ioiPqG9Pz2XZpvND02HPV6g/tTPN/6vjRM9+uyY60/fTnlWcVLtY1Xv26gf7R/vleNyUTRyJW11XLfzLV/5MZ1n+7r7ONHedf+7Va/ZFP0vwn92S5P3353Nrp+WcxTb4Vsa5q/7+yoyeZfX9WV3E86MpGhenufP7ZB6rV/6Mxzf/dy2fv/yymtP83z57/4vg/tV9vZO5t/PDv7tPV6ld+l+b/7W2z9//q439DsqMYYLa18FD/6OjBnoiG5P7p9b1zj/lmlb0f2fuV5r9jTfX5f7bxvz6i/Pi1PbKz+Wy1+qc/SPP/UpPxPz9p/geu0f+Tq/r/3Aunhv+3olrbt55N8//iWHb/N8t/di+4JO3/64vBdJRr/P/v2q43QXnHCQAAAAAAAAAAAAAAAAAAQEkhIloiKXROlQuFzs7Sd3j/M5oLQ8Mjo7ftGn7mwEAUvyu7LeoL2Se9tFZ8HlRP+fPgs/PeP533RcTfI+Jo4/LieeeTw0MDeV88ANSYlojz57q3vpl3HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCNaMcP3/6e+bMw7OgBgIbVEnL9wy6p30vIv5nkAqAnp/P/EodePhfkfAGqG+R8Aao/5HwBqj/kfAGqP+R8Aak/l/A8AAAAAAAAAAAAAAAAAAAAAACytkbHD+/qHhgYPKigoKEwV8h6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCv448AAAD//zcKHA0=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
fallocate(r1, 0x0, 0x0, 0x1001f0)
pwrite64(r0, &(0x7f00000001c0)='\x00', 0x1, 0x8000c61)

9.734993734s ago: executing program 7 (id=1591):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000055000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000002000002ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ac1414aa00"], 0x190)
pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/135, 0x87, 0x5e)

9.457863662s ago: executing program 3 (id=1592):
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0xc, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

9.42926814s ago: executing program 2 (id=1593):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x5, 0x0)

8.367067506s ago: executing program 7 (id=1594):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x44008814)

8.340255315s ago: executing program 2 (id=1595):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ec0)={0xc0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x4}}, @CTA_TUPLE_ZONE={0x0, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x0, 0x1, 0x0, 0x1, @ipv4={{0x0, 0x1, @private=0xa010102}, {0x0, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv4={{0x0, 0x1, @empty}, {0x0, 0x2, @rand_addr=0x64010102}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @empty}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}]}]}, 0xc0}}, 0x0)

8.328787173s ago: executing program 1 (id=1596):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000080)='./file0\x00', 0x1208810, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x41, 0x5e2, &(0x7f0000001200)="$eJzs3c9rHOcZB/DvzMpryQZFSewk/QEVLoQSU1vS2nUKharFFB1MSegllxxELcfCaydISpFzKGnxH5Ie1Gt69qU++Nx7ToIeC4VeAqIXl5mdldaqLEuJpF2Rzwe/O+/ofed9n3k880o7K1CA76yFD3LmSYosXL61Xu1vbnS6mxud+/16krNJyvpfxqrqP5PWo2Q6vZLvJSma4YoXzfP+h4+//qrz5fneXtmUun9rv+MO5vOmZL4Jcv4Ix3v6rccrts+wGvRmf/BR8Ozl/nOM07eOcWwOoXjB/8VUci7JeLMO9C/c8mSjO3ojcwMCAADAMXplK1tZz+Sw4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTpPn7/0VTyn59OkX/7/+3m6+lqZ9qT4YdAAAAAAAAAAAcgR9tZSvrmezvPyvqz/wv1TsX6tfz+TSrWcpKrmQ9i1nLWlYym2RqYKD2+uLa2srsAY6c2/PIuZM5XwAAAAAAAAA4RcpD9P1zFnY+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFFQJK3epi4X+vWplGNNl3by8O9vl/366fZk2AEAAADACXhlK1tZz2R//1lRv+d/o37fP55P8yBrWc5aulnK7fpZQO9df7m50elubnTuV+X/x/3Vvw8VRj1ies8e9p55pu5xcfuIhfwmv8vlTOe9rGQ5f8hi1rKU6dysa4spMtU8vZjqx7l3vPPP7b33sljfqiOZyJ0s17Fdye/zcbq5nTJlv8/+M/6pyk7xy8YBc3S72RZJ8YPmzEbDVJ2RM9sZmWlyX2Xj1f0zccjrZPdMsym3n0FdOIacn2u2Vc7HRzrncwNX3xv7ZyK5dGuzdbf74N7dO6uXR+eUvqHdmegMZOLN71Qm2k02eqvo4VbLS/Wxk1nOb/Nxbmcp13Mj13MtP0sns7lR32v9vF48wL1WHu5e+/FPmsprSTHR246IKq+vDuR1cKWbqtsGv7KTpdeOfkUa+35TaSXF2HZMo2B3Jgavl9f3z8RfnlWvq90H91buLn5ywPnebrbV2nx2pNbmdnP19j4xef7qqNpe37Nttm670LRN7vo+V7Vd3D7uZXdqu/kZrtf7+e8TVdube7Z16ra3Btr2+ikHgJF37p1z7Yl/Tfxj4ouJRxN3J26N//rsu2d/2M6Zp2OPW38r/1r+ongnX+SPO+//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAb2714Wf3FrvdpZVTWGknOblJx09wLhWVYVeGvTJxEq6u3f/k6urDz366fH/xo6WPlh68O3dt7trsjes/v3pnubs003sddpQcl52bftiRAAAAAAAAAAAAcBgn8eukwz5HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATo+FD3LmSYrMzlyZqfY3NzrdqvTrOz3LJGPV9r9J61EynV7J1MBwxYvmef/Dx19/1fny/M5YZb9/a7/jDubzpmS+CXL+CMd7+q3HK7bPsBr0Zn9wGLb/BQAA//8dcR2C")

7.667191541s ago: executing program 7 (id=1597):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0xc906, &(0x7f0000000300)={[{@nobarrier}, {@noblock_validity}, {@mblk_io_submit}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@errors_remount}, {@acl}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@resgid={'resgid', 0x3d, 0xee00}, 0x32}]}, 0x1e, 0x4f5, &(0x7f0000000a40)="$eJzs3UFvI1cdAPD/TOJtspuSVHAolSgrWrRbwdrJhm4jDgUkBKdKwHJfQuJEUZw4ip02iSpIxQdAQgiQOHHigsQHQEL9CAipEtwRIBCCLRw4wA6asd1mg90kqu1Zxb+fNOv33oz9f//Z5HnezCgTwMS6GRF3I+JRlmV5fb7bnnaXSCLipLPduw/fXMuXJLLs/t+TYlVezze7feozb3TeEjMR8Y2vRnw7+f+4raPj7dVGo77frdfaO3u11tHxna2d1c36Zn13eXnp3sorKy+vLA4lz7mIePXLf/7R93/+lVd//dk3/vDgr7e/k3Tb41Qew9ZJvVLsi57piNgfRbASTHXzqZTdEQAALqR3nP+piHgp5mOqOJoDAAAArpLsC3PxnyQi62Omb+vjnhq0Yub89wIAAADjkRb3wCZptXsfwFykabXauYf3Y3E9bTRb7c9sNA921zv3yi5EJd3YatQXu/cKL0QlyetLRfn9+t0z9eWIeCYifjg/OxtbjXp1rdlYL/vkBwAAAEyIG2fm//+a78z/AQAAgCtmoewOAAAAACNn/g8AAABXn/k/AAAAXGlfe+21fMl6z79ef/3oYLv5+p31emu7upMk1bXm/l51s9ncLP5m3855n9doNvc+F7sHh7V2vdWutY6OH+w0D3bbD7YeewQ2AAAAMEbPfPLt3ycRcfL52WLJXSu7U8BYTF9m4z+Nrh/A+E2V3QGgNJf6/geulErZHQBKl5yzfuDNO78Zfl8AAIDRuPXx/tf/k3PPDZykY+oiMCLO/8Hkcv0fJpfr/zC5KjEVJvIw2UZ//T/LLtUhAABg6OaKJUmrEcV5gLlI02o14unisQCVZGOrUV+MiI9ExO/mK0/l9aXincm5cwYAAAAAAAAAAAAAAAAAAAAAAAAAoCPLksgAAACAKy0i/UvSff7XrfkX506fG8jbriX/ns/L1yLijZ/en4rVdnt/KW//x3vt7Z/c//Fh3n63rLMYAAAAwGm9efphdx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMP07sM313rLOOP+7UsRsdAv/nTMFK8zMR0R1/+ZFK89SURMDSH+yVsR8Wy/+EnerVjo9qJf/NkS46cRcWMI8WGSvZ2PP1/s9/uXxs3itf/v371ihPrwBo5/SW+LmWKc6zf+PH3BGM+988tap/Qoy7Iz8d+KeG66//jTG3+TAfFfuGD8b33z+HjQuuxnEbf6fv8kj8WqtXf2aq2j4ztbO6ub9c367vLy0r2VV1ZeXlmsbWw16t1/Tw3JN98r/eATv3o0KH6e//UB8RfOyf/FC+b/33cOH360U6z0i3/7hf4/f88OiJ92v/s+3S3n62/1yied8mnP/+K3z39Q/uud/Kcv+/9/+4L5v/T17/3xgpsCAGPQOjreXm006vsTW5j5sHsjPywqPYtRF2Zj+J+cdvd6eXl990nZvU9goaQBCQAAGJn3D/rL7gkAAAAAAAAAAAAAAAAAAABMrnH8ObGzMU/KSRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AP9LwAA//9Cj8ur")

7.652239837s ago: executing program 2 (id=1598):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000000)={0xffffffffffffffff, 0x1b94, 0x0, 0xfffffffffffffffd})

7.501563885s ago: executing program 3 (id=1599):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r0, &(0x7f0000000080)='\x00\x00', 0xfdef, 0x8080, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000000)=0x8, 0x4)
sendmmsg$inet(r0, &(0x7f0000001e00)=[{{0x0, 0x0, &(0x7f0000000340)}}], 0x1, 0x40040)
recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x40012021)

7.271177463s ago: executing program 1 (id=1600):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x408b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000014c0)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x398, 0x2a0, 0xffffffff, 0xe0, 0x188, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'pim6reg\x00', {0xff}}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490)

7.270986217s ago: executing program 0 (id=1601):
r0 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000900)="2600000022004701050007008980e8ff02006d20002b1f00c0e9f7094a51f10101033500b088", 0x26)
recvfrom$inet6(r0, 0x0, 0x0, 0x40010140, 0x0, 0x0)

7.217676077s ago: executing program 2 (id=1602):
sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2)

6.82047297s ago: executing program 3 (id=1603):
r0 = gettid()
process_vm_readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/82, 0x52}], 0x1, &(0x7f0000000200)=[{&(0x7f00000031c0)=""/4096, 0x1000}], 0x1, 0x0)

6.73923273s ago: executing program 0 (id=1604):
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000040)={'ip6gre0\x00', 0x0, 0x4, 0x2, 0x7, 0x6428, 0x70, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x7800, 0xfffffff7, 0xffffffff}})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x2)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x14, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}]}}}}}}}}, 0x0)

5.936978898s ago: executing program 2 (id=1605):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000055000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000002000002ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ac1414aa00"], 0x190)
pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/135, 0x87, 0x5e)

5.87057173s ago: executing program 1 (id=1606):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f0000001480)=[{&(0x7f0000000140)=""/146, 0x92}], 0x1)

5.795111791s ago: executing program 7 (id=1607):
syz_usb_connect(0x0, 0x9c, &(0x7f0000000440)=ANY=[@ANYBLOB="120150022df49f408616dd00c4370102030109028a00030261100e090401be013e04f200021109050600000208fc060904"], &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0})

5.617198171s ago: executing program 3 (id=1608):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000001c0)={0x40000004})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = socket$inet6(0x10, 0x3, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f00000000c0)={0x4000000b})
r7 = dup3(r6, r5, 0x80000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f0000000000)={0x30000010})
syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.449006108s ago: executing program 0 (id=1609):
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
timerfd_create(0x0, 0x800)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)={0x8000200d})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000180)={0x40002000})

5.363066066s ago: executing program 1 (id=1610):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r0, &(0x7f00000002c0)="b0c650b7c71804200122f8fb5dd5c5538e9769dfceb2a4a8014f21958799ad2fb12d5039e56bde138fd2fafb60b7b5e6e2a60d073aa9a539e6d1da5276f5bd08d5ad3dfcbe7372fececf5fb8cae8d71d0cb19900edd0cdd5493d4a31218612cbfb7a65c79c40bfa482187fffffffeb5fd617811de787dc0100af765ec0197af136a6868634bab7c0c6e4ffcaed7e07d017ea91b848705e1e903d001c00000000000000000000d93e3d74108c7157fc026ecf16b634ab7e4ebe4d55127305f5401b08f1a5e54e2f79485173", 0xcb, 0x40040dc, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88", 0x65, 0x40040, 0x0, 0x0)

3.736756953s ago: executing program 3 (id=1611):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYRES64, @ANYRES16], 0x1, 0x374, &(0x7f0000000f80)="$eJzs3c9rI2UYwPEnbX5MWrbJQRQF6YNe9DK01bMaZBfEgEt3I+4Kwux2oiFjUmZCJCK2N6/izX9AcNnjgocF9R/oxdt68eLJXgRBFxFH5leapJMfjSmb7n4/0OZJ3veZed/84nkDeXP83pcfN+ueWbc6smKoZEREHoqUZUUSmegiLykO5eX1Px48f+3Gzbcr1erlXdUrleuv7Kjqxub3n3xWjLvdL8hR+YNjMX49evro2eN/r3/U8LThaavdUUtvtX/pWLccW/caXtNUverYlmdro+XZbtTejtrrTnt/v6dWa+/S2r5re55arZ427Z522tpxe2p9aDVaapqmXlpLG+5jzJgjp3Znd9eqzHnC23PmYdH+9n1/QrPrVqxVEbN4qqV251zHBQAAltJI/f91UiOUZaVfUGbitUA+jIeXAUH9n8Rh/R8sFk7q/7sv/NhZf/feRlz/38+n1f+v/hzlD9X/wdkXXv9/O3L9dEV04R2cpfP/qv+xHDaHX5G/nazYY0H9H7wa+iv63Pt3t8KA+h8AAAAAAAAAAAAAAAAAAAAAgIvgoe+XfN8vJZfJ38lXCOLrybVJXzTGhTPu8S/EOwr0nw94LF27cVOM8It72Q0R54turVuLLuP2pOOWlOSf8PkQizacOAwbNVCWH5yDbi0XJ6yG/ysiKo7Ysi0lKQ/lh/GVt6qXtzUS5YfnP+jWMtm1IL8ujTB/R0ryVHr+Tmp+Xl56cSDflJL8dFva4she/D6W5H++rfrmO9WR/GLYL83r5/uQAAAAAACwcKaqES+fy8Pr32j9bpqqae3BWl4G1+enPx/or6+3Utfn2dJz2Uc7dwAAAAAAnhRe/tOm5Ti26/XGBkWZ1qcQH22kKStTjhwE2Rn6DAUPwiA3qc/qwAxnPXI+/gWNWYfhej2ZecxJ8GdBUu/MZAvXoSYj/V6dMUjmP0Nn46wPgeutnH3ututtBuPRuaYzECQfG43rI1fnPfK4INk5d1rnZ7765q/5TpGJd+0dbHrtnjFlpmGQGbnlcMqT9nffD17UE8eTS3+3+G6eH5kBAAAAsCSSor/oJbe8MSVj/fwHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAADAE2ah26SNCR71HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBl8V8AAAD//1f39NU=")
r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r4 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
fallocate(r3, 0x0, 0x0, 0x1000f4)
io_setup(0x7d, &(0x7f0000000600)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000)="96", 0xfffffe10, 0x0, 0x0, 0x0, r4}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r3, 0x0, 0x0, 0xffffffffffffffff}])

3.319379222s ago: executing program 0 (id=1612):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x1, 0x80000001}, 0x0, &(0x7f0000000180)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x529}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

3.242337058s ago: executing program 1 (id=1613):
syz_usb_connect(0x1, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)

1.970152822s ago: executing program 7 (id=1614):
syz_mount_image$squashfs(&(0x7f0000000080), &(0x7f0000000480)='./file1\x00', 0x80, &(0x7f0000000240)=ANY=[], 0xfb, 0x1a5, &(0x7f0000000600)="$eJzs0D9rU1EYx/Hvc+7JnwpVo+JQwQYsxhuqyb1VB6fgFCEXHFwEg4Y0NsVETW8GW1roIgWpdvAN6FRHFXQSUXQuDoKDXpdu0gzFQRwkkpsTwdfQ81l+9/nBPefwNMNOmAL+7C7XKRFz2M8nBA1MyrBTapivzfzD5MYwuGjmdZPPTE6Ei0u3aq1WYyF7IUvmvwL4GXf/qvAFRxU9oYR82V2u1+RGQL9EW80GZCrkH+JU6biPmNDjHLmOQz+3ziVFR3IVOFDotu8WwsWl0/Pt2lxjrnHb92fOF88Wi+f8ws35VqP4CnEfiOIJK7gBqYAxd4VElftbeh/TgrhNFTmS75GssrHlnDox3UO5O/QR3uV6pL7pZlZd4STpa4PHlzksPMUJmKowptDEF5WRy+qlePqz/pVQpFcd50z9Tmt27aqS38nNkuykxdsmkfPw8x4zg9WkDvGetYipiHLEZsT2dyblzeCW0V716gfguZmOcRyS3Kt1uwteEj6KDh4fBPwMjDM4TsXvysBb848Jvo4+LMuyLMuyLMuyrD3gbwAAAP//xflkvA==")
execve(&(0x7f0000000640)='./file0/file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x80)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000380)=0x38800000, 0x4)
sendmmsg(r3, &(0x7f0000001c00), 0x40000000000017a, 0x40840)

1.936027545s ago: executing program 0 (id=1615):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x16, 0x54, 0x1e5, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x2, {@ip4=@remote}}}]}, 0x38}, 0x1, 0xffe}, 0x0)

296.161214ms ago: executing program 7 (id=1616):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
shmctl$IPC_RMID(0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x238, 0x11, 0x148, 0x238, 0x0, 0x2d8, 0x2a8, 0x2a8, 0x2d8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x8800, 0x1f0, 0x238, 0x0, {}, [@common=@inet=@socket2={{0x28}}, @common=@inet=@hashlimit3={{0x158}, {'bridge0\x00', {0x6, 0x6, 0x40, 0x6, 0x0, 0x3, 0x5, 0x8, 0x0, 0x20}, {0x5}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xfffffffe}}}, {{@ip={@multicast2, @remote, 0x0, 0x0, 'vlan0\x00', 'macvlan1\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0)

0s ago: executing program 3 (id=1617):
r0 = syz_open_procfs(0x0, &(0x7f0000000840)='map_files\x00')
lseek(r0, 0xa, 0x0)
getdents(r0, 0x0, 0x51)

kernel console output (not intermixed with test programs):

][ T5913] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1259.746869][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1259.759987][ T5913] usb 5-1: Product: syz
[ 1259.771945][ T5913] usb 5-1: Manufacturer: syz
[ 1259.781192][ T5913] usb 5-1: SerialNumber: syz
[ 1259.797905][ T5913] usb 5-1: config 0 descriptor??
[ 1259.815240][    C1] usb 5-1: NFC: Urb failure (status -71)
[ 1259.822679][ T5913] usb 5-1: NFC: Unable to get FW version
[ 1259.829807][ T5913] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -90
[ 1260.099246][T11837] Bluetooth: hci1: command tx timeout
[ 1260.489906][T12717] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1260.528855][T12907] chnl_net:caif_netlink_parms(): no params data found
[ 1261.023786][T12907] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1261.051320][T11837] Bluetooth: hci0: command tx timeout
[ 1261.065938][T12907] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1261.083172][T12907] bridge_slave_0: entered allmulticast mode
[ 1261.131285][T12907] bridge_slave_0: entered promiscuous mode
[ 1261.142182][T12907] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1261.163239][T12907] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1261.180596][T12907] bridge_slave_1: entered allmulticast mode
[ 1261.188675][T12907] bridge_slave_1: entered promiscuous mode
[ 1261.572437][T12907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1261.609193][T12907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1261.846505][T12907] team0: Port device team_slave_0 added
[ 1261.865168][T12907] team0: Port device team_slave_1 added
[ 1262.050865][T12838] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1262.131835][ T5913] usb 5-1: USB disconnect, device number 12
[ 1262.175818][T11837] Bluetooth: hci1: command tx timeout
[ 1262.371282][T12907] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1262.378276][T12907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1262.530241][T12907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1262.552391][T12838] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1262.585024][T12838] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1263.335562][T11837] Bluetooth: hci0: command tx timeout
[ 1263.583199][T12907] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1263.590191][T12907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1263.617344][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1263.648272][T12907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1263.676200][T12838] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1264.003388][T12918] chnl_net:caif_netlink_parms(): no params data found
[ 1264.235306][T12967] loop5: detected capacity change from 0 to 1024
[ 1264.250530][ T5833] Bluetooth: hci1: command tx timeout
[ 1264.282054][T12967] EXT4-fs: Ignoring removed orlov option
[ 1264.317199][T12907] hsr_slave_0: entered promiscuous mode
[ 1264.361230][T12967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1264.367565][T12907] hsr_slave_1: entered promiscuous mode
[ 1264.414387][T12907] debugfs: 'hsr0' already exists in 'hsr'
[ 1264.420158][T12907] Cannot create hsr debugfs directory
[ 1265.400392][ T5833] Bluetooth: hci0: command tx timeout
[ 1265.471374][ T5829] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1266.058777][T12717] veth0_vlan: entered promiscuous mode
[ 1266.430940][ T5833] Bluetooth: hci1: command tx timeout
[ 1266.940043][T12918] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1266.990932][T12918] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1266.998525][T12918] bridge_slave_0: entered allmulticast mode
[ 1267.239818][T12918] bridge_slave_0: entered promiscuous mode
[ 1267.249134][T12918] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1267.258964][T12918] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1267.280747][T12918] bridge_slave_1: entered allmulticast mode
[ 1267.292284][T12918] bridge_slave_1: entered promiscuous mode
[ 1267.384217][T12991] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1038'.
[ 1267.722655][T12991] syz.4.1038 (12991): drop_caches: 2
[ 1267.862937][T12717] veth1_vlan: entered promiscuous mode
[ 1267.944275][T12918] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1268.029878][T12016] bridge_slave_1: left allmulticast mode
[ 1268.041209][T12016] bridge_slave_1: left promiscuous mode
[ 1268.052779][T12016] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1268.163072][T12016] bridge_slave_0: left allmulticast mode
[ 1268.168737][T12016] bridge_slave_0: left promiscuous mode
[ 1268.185463][T12016] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1269.528633][T12016] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1269.571235][T12016] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1269.591712][T12016] bond0 (unregistering): Released all slaves
[ 1269.684019][T12918] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1270.096012][T12016] hsr_slave_0: left promiscuous mode
[ 1270.123227][T12016] hsr_slave_1: left promiscuous mode
[ 1270.135877][T12016] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1270.832030][T13007] loop5: detected capacity change from 0 to 256
[ 1270.841340][T12016] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1270.938214][T13007] FAT-fs (loop5): Directory bread(block 64) failed
[ 1270.972510][T13007] FAT-fs (loop5): Directory bread(block 65) failed
[ 1270.989993][T13007] FAT-fs (loop5): Directory bread(block 66) failed
[ 1271.021732][T13007] FAT-fs (loop5): Directory bread(block 67) failed
[ 1271.030627][T13007] FAT-fs (loop5): Directory bread(block 68) failed
[ 1271.076750][T13007] FAT-fs (loop5): Directory bread(block 69) failed
[ 1271.133976][T13007] FAT-fs (loop5): Directory bread(block 70) failed
[ 1271.162172][T13007] FAT-fs (loop5): Directory bread(block 71) failed
[ 1271.169238][T13007] FAT-fs (loop5): Directory bread(block 72) failed
[ 1271.187352][T13007] FAT-fs (loop5): Directory bread(block 73) failed
[ 1271.505244][T13009] netlink: 'syz.4.1042': attribute type 13 has an invalid length.
[ 1272.208882][T12016] team0 (unregistering): Port device team_slave_1 removed
[ 1272.400854][T12016] team0 (unregistering): Port device team_slave_0 removed
[ 1273.393299][T12918] team0: Port device team_slave_0 added
[ 1273.409436][T12918] team0: Port device team_slave_1 added
[ 1275.098113][T12918] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1275.119855][T12918] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1275.209721][T12918] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1275.283885][T12918] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1275.309019][T12918] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1275.360323][T12918] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1275.395391][T12717] veth0_macvtap: entered promiscuous mode
[ 1275.425672][T12838] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1275.522881][T12717] veth1_macvtap: entered promiscuous mode
[ 1275.663372][T12918] hsr_slave_0: entered promiscuous mode
[ 1275.680412][T12918] hsr_slave_1: entered promiscuous mode
[ 1275.686829][T12918] debugfs: 'hsr0' already exists in 'hsr'
[ 1275.720394][T12918] Cannot create hsr debugfs directory
[ 1275.788904][T12838] 8021q: adding VLAN 0 to HW filter on device team0
[ 1275.980019][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1275.987252][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1276.408414][T12717] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1276.489886][T12717] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1276.697141][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1276.704339][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1276.720052][T13034] loop5: detected capacity change from 0 to 1024
[ 1276.729446][T13034] EXT4-fs: Ignoring removed orlov option
[ 1276.776468][T13034] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1277.044211][   T49] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1277.120428][   T49] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1277.129667][   T49] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1278.043336][T12907] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1278.111568][   T49] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1278.157950][ T5829] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1278.171101][T12907] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1278.193836][T12907] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1278.259319][T12907] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1279.696298][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1279.792360][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1281.215660][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1281.257140][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1281.373259][T13081] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1049'.
[ 1281.568953][T13081] syz.5.1049 (13081): drop_caches: 2
[ 1281.719780][T12838] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1281.906443][T12907] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1282.304096][T12918] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1282.493093][T12907] 8021q: adding VLAN 0 to HW filter on device team0
[ 1282.500947][T12918] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1282.621275][T12918] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1282.706835][T12918] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1282.968729][T13099] netlink: 12 bytes leftover after parsing attributes in process `syz.9.553'.
[ 1283.301624][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1283.308753][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1283.389411][T13113] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1050'.
[ 1283.442378][T11675] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1283.449503][T11675] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1284.457236][T12918] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1284.803132][T12838] veth0_vlan: entered promiscuous mode
[ 1285.078377][T13128] loop5: detected capacity change from 0 to 512
[ 1286.911823][T12918] 8021q: adding VLAN 0 to HW filter on device team0
[ 1287.985106][T13128] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[ 1287.986640][T13128] EXT4-fs: failed to create workqueue
[ 1288.002491][T13128] EXT4-fs (loop5): mount failed
[ 1288.064643][T12838] veth1_vlan: entered promiscuous mode
[ 1288.434062][T11675] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1288.441233][T11675] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1288.533546][T11675] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1288.540948][T11675] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1288.604318][T13133] loop5: detected capacity change from 0 to 1024
[ 1288.664936][T13133] EXT4-fs: Ignoring removed orlov option
[ 1288.729423][T13133] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1288.796899][T12918] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1289.057426][T12907] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1289.154531][T12838] veth0_macvtap: entered promiscuous mode
[ 1289.234624][T12838] veth1_macvtap: entered promiscuous mode
[ 1290.847904][ T5829] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1290.981677][T12838] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1291.054980][T12838] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1291.137752][   T36] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.200740][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.217176][ T3592] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1291.335521][ T3592] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1294.990707][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1295.150080][T13171] netlink: 'syz.5.1057': attribute type 13 has an invalid length.
[ 1295.210461][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1297.317758][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1297.360992][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1297.554240][T12918] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1297.687094][T12907] veth0_vlan: entered promiscuous mode
[ 1297.812658][T12907] veth1_vlan: entered promiscuous mode
[ 1298.108460][T12907] veth0_macvtap: entered promiscuous mode
[ 1298.182619][T12907] veth1_macvtap: entered promiscuous mode
[ 1299.580524][T12907] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1299.668682][T12907] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1299.771360][T11675] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1299.814854][T11675] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1300.120130][ T8540] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1301.480117][ T3516] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.012315][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1302.091318][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1302.385672][ T3516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1302.435101][ T3516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1302.465398][T12918] veth0_vlan: entered promiscuous mode
[ 1302.580622][T12918] veth1_vlan: entered promiscuous mode
[ 1302.962012][T12918] veth0_macvtap: entered promiscuous mode
[ 1303.078614][T12918] veth1_macvtap: entered promiscuous mode
[ 1303.284082][T13239] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1303.326401][T12918] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1303.401309][T12918] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1303.495677][ T3516] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.566632][ T3516] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.620903][ T8950] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[ 1303.626238][ T3516] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.653707][ T3516] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.248550][ T8950] usb 9-1: config 0 has an invalid interface number: 113 but max is 0
[ 1304.350605][ T8950] usb 9-1: config 0 has no interface number 0
[ 1304.356774][ T8950] usb 9-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[ 1304.356826][ T8950] usb 9-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1304.356868][ T8950] usb 9-1: config 0 interface 113 has no altsetting 0
[ 1304.443627][ T8950] usb 9-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1304.483231][ T8950] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1304.562248][ T8950] usb 9-1: Product: syz
[ 1304.588747][T13245] loop6: detected capacity change from 0 to 512
[ 1304.682004][ T8950] usb 9-1: Manufacturer: syz
[ 1304.718121][T13245] EXT4-fs (loop6): external journal device major/minor numbers have changed
[ 1304.820445][ T8950] usb 9-1: SerialNumber: syz
[ 1304.902209][ T8950] usb 9-1: config 0 descriptor??
[ 1305.195814][    C0] usb 9-1: NFC: Urb failure (status -71)
[ 1305.211353][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1305.219077][ T8950] usb 9-1: NFC: Unable to get FW version
[ 1305.300757][ T8950] pn533_usb 9-1:0.113: probe with driver pn533_usb failed with error -90
[ 1305.310363][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1306.113469][T13245] EXT4-fs (loop6): failed to open journal device unknown-block(0,8) -6
[ 1306.135076][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1306.178108][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1306.520820][T13256] overlayfs: failed to resolve './file1': -2
[ 1309.871241][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1309.877588][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1319.567180][ T5833] Bluetooth: hci1: link tx timeout
[ 1319.573718][ T5833] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1322.820920][ T5833] Bluetooth: hci1: command 0x0406 tx timeout
[ 1322.867805][T13335] loop7: detected capacity change from 0 to 1024
[ 1323.035846][T13335] EXT4-fs: Ignoring removed orlov option
[ 1323.787722][T13335] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1329.001640][ T5833] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1329.040502][ T5833] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1329.060392][ T5833] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1329.068564][ T5833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1329.076346][ T5833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1331.221778][ T5833] Bluetooth: hci6: command tx timeout
[ 1331.432821][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1332.579321][T13394] loop5: detected capacity change from 0 to 512
[ 1333.290790][ T5833] Bluetooth: hci6: command tx timeout
[ 1335.374677][ T5833] Bluetooth: hci6: command tx timeout
[ 1335.491228][T13394] EXT4-fs: error -4 creating inode table initialization thread
[ 1335.501728][T13394] EXT4-fs (loop5): mount failed
[ 1337.480400][ T5833] Bluetooth: hci6: command tx timeout
[ 1338.266834][ T8990] usb 9-1: USB disconnect, device number 2
[ 1341.190638][T13438] loop7: detected capacity change from 0 to 512
[ 1344.051020][T13438] EXT4-fs: error -4 creating inode table initialization thread
[ 1344.059024][T13438] EXT4-fs (loop7): mount failed
[ 1347.302024][T13452] loop9: detected capacity change from 0 to 1024
[ 1347.421816][T13452] EXT4-fs: Ignoring removed orlov option
[ 1347.434639][ T8540] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1347.835361][T13452] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1347.880327][T11837] Bluetooth: hci3: command 0x0406 tx timeout
[ 1348.096367][T13464] loop7: detected capacity change from 0 to 1024
[ 1348.191587][T13464] EXT4-fs: Ignoring removed orlov option
[ 1348.200819][ T8540] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1348.513008][T13464] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1348.595241][T11837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1348.605237][T11837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1348.662059][T13362] chnl_net:caif_netlink_parms(): no params data found
[ 1348.720999][T11837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1348.741318][T11837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1348.749181][T11837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1350.036946][ T8540] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1350.049678][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1351.072536][ T5833] Bluetooth: hci0: command tx timeout
[ 1351.897697][ T8540] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1353.133238][ T5833] Bluetooth: hci0: command tx timeout
[ 1355.562045][ T5833] Bluetooth: hci0: command tx timeout
[ 1357.740456][ T5833] Bluetooth: hci0: command tx timeout
[ 1357.803233][T13362] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1357.810875][T13362] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1357.819581][T13362] bridge_slave_0: entered allmulticast mode
[ 1357.999878][T13362] bridge_slave_0: entered promiscuous mode
[ 1358.807746][T13362] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1358.821683][T13362] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1358.828894][T13362] bridge_slave_1: entered allmulticast mode
[ 1358.836940][T13362] bridge_slave_1: entered promiscuous mode
[ 1359.524637][T11837] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1359.567106][T11837] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1359.583619][T11837] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1359.593855][T11837] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1359.602139][T11837] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1359.656251][T13529] tipc: Started in network mode
[ 1359.745618][T13529] tipc: Node identity 6220cbadf715, cluster identity 4711
[ 1359.807881][T13529] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1359.860928][T13362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1359.908318][T13527] tipc: Resetting bearer <eth:syzkaller0>
[ 1359.945532][T13362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1360.141963][T13531] syzkaller0: entered promiscuous mode
[ 1360.147570][T13531] syzkaller0: entered allmulticast mode
[ 1360.370765][T13521] tipc: Resetting bearer <eth:syzkaller0>
[ 1360.499362][T13521] tipc: Disabling bearer <eth:syzkaller0>
[ 1360.902000][T13362] team0: Port device team_slave_0 added
[ 1361.192388][T13362] team0: Port device team_slave_1 added
[ 1361.312726][T13465] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1361.690654][ T5833] Bluetooth: hci7: command tx timeout
[ 1361.856815][T13362] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1361.906302][T13362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1362.070442][T13362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1362.158447][ T8540] bridge_slave_1: left allmulticast mode
[ 1362.197955][ T8540] bridge_slave_1: left promiscuous mode
[ 1362.310582][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1362.428708][ T8540] bridge_slave_0: left allmulticast mode
[ 1362.460408][ T8540] bridge_slave_0: left promiscuous mode
[ 1362.466480][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1362.777039][T13563] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1362.951248][T13563] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1362.967384][T13563] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1362.984266][T11837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1362.992495][T11837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1363.770403][ T5833] Bluetooth: hci7: command tx timeout
[ 1364.333429][T13575] 9pnet_fd: Insufficient options for proto=fd
[ 1364.761162][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1364.841148][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1364.875198][ T8540] bond0 (unregistering): Released all slaves
[ 1365.106026][T13362] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1365.125799][T13362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1365.155227][ T5833] Bluetooth: hci2: command tx timeout
[ 1365.220003][T13362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1365.879606][ T5833] Bluetooth: hci7: command tx timeout
[ 1366.730607][T13362] hsr_slave_0: entered promiscuous mode
[ 1366.749295][T13362] hsr_slave_1: entered promiscuous mode
[ 1366.782883][T13362] debugfs: 'hsr0' already exists in 'hsr'
[ 1366.807514][T13362] Cannot create hsr debugfs directory
[ 1367.220553][T11837] Bluetooth: hci2: command tx timeout
[ 1367.940361][T11837] Bluetooth: hci7: command tx timeout
[ 1368.342141][T11837] Bluetooth: hci5: command 0x0406 tx timeout
[ 1369.330777][ T5833] Bluetooth: hci2: command tx timeout
[ 1370.229834][T13468] chnl_net:caif_netlink_parms(): no params data found
[ 1370.347840][ T8540] hsr_slave_0: left promiscuous mode
[ 1370.359986][ T8540] hsr_slave_1: left promiscuous mode
[ 1371.112057][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1371.150791][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1371.309797][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1371.317821][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1371.341504][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1371.348924][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1371.378152][ T5837] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[ 1371.399014][ T5833] Bluetooth: hci2: command tx timeout
[ 1371.491294][ T8540] veth1_macvtap: left promiscuous mode
[ 1371.497006][ T8540] veth0_macvtap: left promiscuous mode
[ 1371.503326][ T8540] veth1_vlan: left promiscuous mode
[ 1371.509206][ T8540] veth0_vlan: left promiscuous mode
[ 1371.556679][ T5837] usb 7-1: config 0 has an invalid interface number: 113 but max is 0
[ 1371.570806][ T5837] usb 7-1: config 0 has no interface number 0
[ 1371.589069][ T5837] usb 7-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[ 1371.610493][ T5837] usb 7-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1371.720514][ T5837] usb 7-1: config 0 interface 113 has no altsetting 0
[ 1371.762171][ T5837] usb 7-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1371.783684][ T5837] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1371.797995][ T5837] usb 7-1: Product: syz
[ 1371.811706][ T5837] usb 7-1: Manufacturer: syz
[ 1371.820026][ T5837] usb 7-1: SerialNumber: syz
[ 1371.863913][ T5837] usb 7-1: config 0 descriptor??
[ 1371.881375][    C0] usb 7-1: NFC: Urb failure (status -71)
[ 1371.887456][ T5837] usb 7-1: NFC: Unable to get FW version
[ 1371.894029][ T5837] pn533_usb 7-1:0.113: probe with driver pn533_usb failed with error -90
[ 1373.211474][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1373.297215][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1374.352498][ T5837] usb 7-1: USB disconnect, device number 2
[ 1375.699992][T13653] loop7: detected capacity change from 0 to 256
[ 1375.736402][T13653] FAT-fs (loop7): Directory bread(block 64) failed
[ 1375.743969][T13653] FAT-fs (loop7): Directory bread(block 65) failed
[ 1375.750942][T13653] FAT-fs (loop7): Directory bread(block 66) failed
[ 1375.773198][T13653] FAT-fs (loop7): Directory bread(block 67) failed
[ 1375.779977][T13653] FAT-fs (loop7): Directory bread(block 68) failed
[ 1375.948296][T13653] FAT-fs (loop7): Directory bread(block 69) failed
[ 1375.960664][T13653] FAT-fs (loop7): Directory bread(block 70) failed
[ 1375.967734][T13653] FAT-fs (loop7): Directory bread(block 71) failed
[ 1376.461030][T13653] FAT-fs (loop7): Directory bread(block 72) failed
[ 1376.467635][T13653] FAT-fs (loop7): Directory bread(block 73) failed
[ 1378.685946][T13468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1379.480178][T13468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1379.487722][T13468] bridge_slave_0: entered allmulticast mode
[ 1379.496512][T13468] bridge_slave_0: entered promiscuous mode
[ 1379.826674][T13468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1379.874394][T13468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1380.614072][T13468] bridge_slave_1: entered allmulticast mode
[ 1380.660830][T13468] bridge_slave_1: entered promiscuous mode
[ 1380.940060][T11837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1380.948909][T11837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1380.956823][T11837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1380.971002][T11837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1380.982714][T11837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1381.095023][T13530] chnl_net:caif_netlink_parms(): no params data found
[ 1381.980466][T13689] loop7: detected capacity change from 0 to 512
[ 1382.273373][T13689] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.1134: inode has both inline data and extents flags
[ 1382.291056][T13689] EXT4-fs error (device loop7): ext4_orphan_get:1395: comm syz.7.1134: couldn't read orphan inode 15 (err -117)
[ 1382.326799][T13689] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1383.140868][T11837] Bluetooth: hci3: command tx timeout
[ 1385.025273][T13706] loop6: detected capacity change from 0 to 1024
[ 1385.044624][T13706] EXT4-fs: Ignoring removed orlov option
[ 1385.097518][T13706] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1385.134025][T13468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1385.179028][T13468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1385.450615][T11837] Bluetooth: hci3: command tx timeout
[ 1385.478438][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1386.429743][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1386.692847][T13468] team0: Port device team_slave_0 added
[ 1386.804426][T13561] chnl_net:caif_netlink_parms(): no params data found
[ 1386.834374][T13468] team0: Port device team_slave_1 added
[ 1387.588545][T11837] Bluetooth: hci3: command tx timeout
[ 1388.047546][T13530] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1388.060472][T13730] loop6: detected capacity change from 0 to 256
[ 1388.072106][T13530] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1388.079385][T13530] bridge_slave_0: entered allmulticast mode
[ 1388.142178][T13530] bridge_slave_0: entered promiscuous mode
[ 1388.432780][T13734] 9pnet_fd: Insufficient options for proto=fd
[ 1388.786468][T13730] FAT-fs (loop6): Directory bread(block 64) failed
[ 1388.810788][T13730] FAT-fs (loop6): Directory bread(block 65) failed
[ 1388.817466][T13730] FAT-fs (loop6): Directory bread(block 66) failed
[ 1388.824241][T13730] FAT-fs (loop6): Directory bread(block 67) failed
[ 1388.830914][T13730] FAT-fs (loop6): Directory bread(block 68) failed
[ 1388.837439][T13730] FAT-fs (loop6): Directory bread(block 69) failed
[ 1388.844087][T13730] FAT-fs (loop6): Directory bread(block 70) failed
[ 1388.850696][T13730] FAT-fs (loop6): Directory bread(block 71) failed
[ 1388.857332][T13730] FAT-fs (loop6): Directory bread(block 72) failed
[ 1388.865597][T13730] FAT-fs (loop6): Directory bread(block 73) failed
[ 1389.181457][T13680] chnl_net:caif_netlink_parms(): no params data found
[ 1390.152838][ T5833] Bluetooth: hci3: command tx timeout
[ 1390.267140][T13530] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1390.282739][T13530] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1390.307911][T13530] bridge_slave_1: entered allmulticast mode
[ 1390.334928][T13530] bridge_slave_1: entered promiscuous mode
[ 1390.497103][T13468] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1390.520521][T13468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1390.560718][T13468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1390.573774][T13468] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1390.580861][T13468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1390.618465][T13468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1390.766438][ T8540] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1391.884208][T13530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1391.993492][T13468] hsr_slave_0: entered promiscuous mode
[ 1392.020339][T13468] hsr_slave_1: entered promiscuous mode
[ 1392.026786][T13468] debugfs: 'hsr0' already exists in 'hsr'
[ 1392.061351][T13468] Cannot create hsr debugfs directory
[ 1392.192421][ T8540] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1392.281283][T13530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1392.442995][T13561] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1392.455297][T13561] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1393.134949][T13561] bridge_slave_0: entered allmulticast mode
[ 1393.159107][T13561] bridge_slave_0: entered promiscuous mode
[ 1393.387754][T13530] team0: Port device team_slave_0 added
[ 1393.398278][T13530] team0: Port device team_slave_1 added
[ 1393.445481][T13530] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1393.461387][T13530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1393.492462][T13530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1393.519237][ T8540] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1393.661714][ T8540] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1394.656493][T13561] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1394.679589][T13561] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1394.691746][T13561] bridge_slave_1: entered allmulticast mode
[ 1394.702271][T13561] bridge_slave_1: entered promiscuous mode
[ 1394.980562][T13680] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1394.990406][T13680] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1394.999037][T13680] bridge_slave_0: entered allmulticast mode
[ 1395.019444][T13680] bridge_slave_0: entered promiscuous mode
[ 1395.029873][T13530] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1395.037014][T13530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1395.065006][T13530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1395.199317][T13561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1395.275452][T13680] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1395.282851][T13680] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1395.290366][T13680] bridge_slave_1: entered allmulticast mode
[ 1395.302570][T13680] bridge_slave_1: entered promiscuous mode
[ 1395.401858][T13561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1395.459060][T13680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1395.758544][T13561] team0: Port device team_slave_0 added
[ 1395.956027][T13680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1396.094793][T13530] hsr_slave_0: entered promiscuous mode
[ 1396.112605][T13530] hsr_slave_1: entered promiscuous mode
[ 1396.171034][T13530] debugfs: 'hsr0' already exists in 'hsr'
[ 1396.200617][T13530] Cannot create hsr debugfs directory
[ 1396.513343][T13561] team0: Port device team_slave_1 added
[ 1397.036569][T13680] team0: Port device team_slave_0 added
[ 1397.570547][T13805] loop7: detected capacity change from 0 to 512
[ 1398.367962][T13805] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.1149: inode has both inline data and extents flags
[ 1398.383067][T13805] EXT4-fs error (device loop7): ext4_orphan_get:1395: comm syz.7.1149: couldn't read orphan inode 15 (err -117)
[ 1398.399113][T13805] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1400.096574][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1400.110779][T13561] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1400.117721][T13561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1400.149423][T13561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1400.421192][T13680] team0: Port device team_slave_1 added
[ 1400.455415][T13812] loop7: detected capacity change from 0 to 256
[ 1400.613060][T13680] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1400.620038][T13680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1400.702455][T13812] FAT-fs (loop7): Directory bread(block 64) failed
[ 1400.721022][T13812] FAT-fs (loop7): Directory bread(block 65) failed
[ 1400.727601][T13812] FAT-fs (loop7): Directory bread(block 66) failed
[ 1400.752039][T13812] FAT-fs (loop7): Directory bread(block 67) failed
[ 1400.758607][T13812] FAT-fs (loop7): Directory bread(block 68) failed
[ 1400.780707][T13680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1400.795255][T13812] FAT-fs (loop7): Directory bread(block 69) failed
[ 1400.805478][T13812] FAT-fs (loop7): Directory bread(block 70) failed
[ 1400.831928][T13561] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1400.838929][T13561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1400.844960][T13812] FAT-fs (loop7): Directory bread(block 71) failed
[ 1400.877372][T13812] FAT-fs (loop7): Directory bread(block 72) failed
[ 1400.884487][T13812] FAT-fs (loop7): Directory bread(block 73) failed
[ 1400.907759][T13561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1401.075415][T13680] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1401.170121][T13680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1401.196646][T13680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1402.297766][ T8540] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1402.969566][T13561] hsr_slave_0: entered promiscuous mode
[ 1403.002405][T13561] hsr_slave_1: entered promiscuous mode
[ 1403.023306][T13561] debugfs: 'hsr0' already exists in 'hsr'
[ 1403.029186][T13561] Cannot create hsr debugfs directory
[ 1403.073107][ T8540] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1403.809016][T13680] hsr_slave_0: entered promiscuous mode
[ 1403.828803][T13680] hsr_slave_1: entered promiscuous mode
[ 1403.851295][T13680] debugfs: 'hsr0' already exists in 'hsr'
[ 1403.857549][T13680] Cannot create hsr debugfs directory
[ 1405.058394][ T8540] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1406.453306][ T8540] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1407.540725][T11837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1407.563293][T11837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1407.571210][T11837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1407.582118][T11837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1407.589955][T11837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1407.822338][T13848] loop6: detected capacity change from 0 to 1024
[ 1407.841300][T13848] EXT4-fs: Ignoring removed orlov option
[ 1407.982847][T13848] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1409.424079][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1409.583369][ T8540] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1409.780571][T11837] Bluetooth: hci4: command tx timeout
[ 1410.845187][ T8540] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1411.037092][ T8540] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1412.036951][T11837] Bluetooth: hci4: command tx timeout
[ 1412.367391][ T8540] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1414.061583][T13844] chnl_net:caif_netlink_parms(): no params data found
[ 1414.091318][T11837] Bluetooth: hci4: command tx timeout
[ 1414.629852][T13882] 9pnet_fd: Insufficient options for proto=fd
[ 1415.082556][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1415.096704][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1415.105252][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1415.117135][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1415.124976][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1415.849684][ T8540] bridge_slave_1: left allmulticast mode
[ 1416.170492][T11837] Bluetooth: hci4: command tx timeout
[ 1416.571617][ T8540] bridge_slave_1: left promiscuous mode
[ 1416.577445][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1416.644732][ T8540] bridge_slave_0: left allmulticast mode
[ 1416.653871][ T8540] bridge_slave_0: left promiscuous mode
[ 1416.659645][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1416.745275][ T8540] bridge_slave_1: left allmulticast mode
[ 1416.820749][ T8540] bridge_slave_1: left promiscuous mode
[ 1416.853737][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1416.883363][ T8540] bridge_slave_0: left allmulticast mode
[ 1416.889043][ T8540] bridge_slave_0: left promiscuous mode
[ 1416.910523][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1416.944054][ T8540] bridge_slave_1: left allmulticast mode
[ 1416.949716][ T8540] bridge_slave_1: left promiscuous mode
[ 1416.970629][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1416.992638][ T8540] bridge_slave_0: left allmulticast mode
[ 1416.998291][ T8540] bridge_slave_0: left promiscuous mode
[ 1417.011834][T13894] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1417.027936][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1417.228640][T11837] Bluetooth: hci0: command tx timeout
[ 1417.660299][  T974] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[ 1417.872471][  T974] usb 7-1: config 0 has an invalid interface number: 113 but max is 0
[ 1417.880770][  T974] usb 7-1: config 0 has no interface number 0
[ 1417.887176][  T974] usb 7-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[ 1418.009038][  T974] usb 7-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1418.034505][  T974] usb 7-1: config 0 interface 113 has no altsetting 0
[ 1418.055415][  T974] usb 7-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1418.070123][  T974] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1418.137870][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1418.155609][  T974] usb 7-1: Product: syz
[ 1418.363975][  T974] usb 7-1: Manufacturer: syz
[ 1418.369523][  T974] usb 7-1: SerialNumber: syz
[ 1418.401630][  T974] usb 7-1: config 0 descriptor??
[ 1418.410769][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1418.422280][ T8540] bond0 (unregistering): Released all slaves
[ 1419.300336][T11837] Bluetooth: hci0: command tx timeout
[ 1419.353863][    C1] usb 7-1: NFC: Urb failure (status -71)
[ 1419.397806][  T974] usb 7-1: NFC: Unable to get FW version
[ 1419.407016][  T974] pn533_usb 7-1:0.113: probe with driver pn533_usb failed with error -90
[ 1421.276202][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1421.289267][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1421.301780][ T8540] bond0 (unregistering): Released all slaves
[ 1421.370848][T11837] Bluetooth: hci0: command tx timeout
[ 1421.978311][ T5833] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1421.989806][ T5833] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1421.997471][ T5833] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1422.007186][ T5833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1422.017184][ T5833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1422.070625][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1422.100387][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1422.142682][ T8540] bond0 (unregistering): Released all slaves
[ 1422.632747][ T5933] usb 7-1: USB disconnect, device number 3
[ 1422.781188][T13844] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1422.790542][T13844] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1422.812391][T13844] bridge_slave_0: entered allmulticast mode
[ 1422.833346][T13844] bridge_slave_0: entered promiscuous mode
[ 1422.853027][T13844] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1422.861752][T13844] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1422.869088][T13844] bridge_slave_1: entered allmulticast mode
[ 1422.877703][T13844] bridge_slave_1: entered promiscuous mode
[ 1422.895197][T13921] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1169'.
[ 1423.307134][T13921] syz.6.1169 (13921): drop_caches: 2
[ 1423.318357][T13844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1423.450551][T11837] Bluetooth: hci0: command tx timeout
[ 1424.109216][T11837] Bluetooth: hci6: command tx timeout
[ 1424.119917][T13844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1424.901829][T13844] team0: Port device team_slave_0 added
[ 1425.149491][T13844] team0: Port device team_slave_1 added
[ 1426.170389][T11837] Bluetooth: hci6: command tx timeout
[ 1427.558155][T13844] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1427.565384][T13844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1427.594977][T13844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1427.697640][T13844] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1427.705268][T13844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1427.705961][T13947] loop6: detected capacity change from 0 to 4096
[ 1427.731269][T13844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1427.761994][T13947] EXT4-fs (loop6): Test dummy encryption mode enabled
[ 1427.786353][T13947] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[ 1427.797898][T13947] System zones: 0-5
[ 1427.815385][T13947] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1427.840340][T13883] chnl_net:caif_netlink_parms(): no params data found
[ 1427.978822][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1428.250475][T11837] Bluetooth: hci6: command tx timeout
[ 1428.256570][T13955] loop7: detected capacity change from 0 to 1024
[ 1428.274420][T13955] EXT4-fs: Ignoring removed orlov option
[ 1428.321369][T13955] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1429.268809][T13680] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1429.382486][ T8540] hsr_slave_0: left promiscuous mode
[ 1429.388814][ T8540] hsr_slave_1: left promiscuous mode
[ 1430.232614][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1430.240049][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1430.272003][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1430.284910][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1430.294172][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1430.319514][ T8540] hsr_slave_0: left promiscuous mode
[ 1430.326554][ T8540] hsr_slave_1: left promiscuous mode
[ 1430.336837][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1430.344755][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1430.347435][T11837] Bluetooth: hci6: command tx timeout
[ 1430.383427][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1430.395882][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1430.464155][ T8540] hsr_slave_0: left promiscuous mode
[ 1430.475000][T13968] loop6: detected capacity change from 0 to 1024
[ 1430.502448][ T8540] hsr_slave_1: left promiscuous mode
[ 1430.522800][T13968] EXT4-fs: Ignoring removed orlov option
[ 1430.537145][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1430.564323][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1430.564603][T13968] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1430.584951][ T8540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1430.611671][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1430.718694][ T8540] veth1_macvtap: left promiscuous mode
[ 1430.718805][ T8540] veth0_macvtap: left promiscuous mode
[ 1430.719084][ T8540] veth1_vlan: left promiscuous mode
[ 1430.719246][ T8540] veth0_vlan: left promiscuous mode
[ 1430.721851][ T8540] veth1_macvtap: left promiscuous mode
[ 1430.721948][ T8540] veth0_macvtap: left promiscuous mode
[ 1430.722177][ T8540] veth1_vlan: left promiscuous mode
[ 1430.722330][ T8540] veth0_vlan: left promiscuous mode
[ 1430.728347][ T8540] veth1_macvtap: left promiscuous mode
[ 1430.728444][ T8540] veth0_macvtap: left promiscuous mode
[ 1430.728664][ T8540] veth1_vlan: left promiscuous mode
[ 1430.728821][ T8540] veth0_vlan: left promiscuous mode
[ 1431.798035][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1433.045403][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1433.060363][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1434.601365][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1434.616898][T13991] loop6: detected capacity change from 0 to 1024
[ 1434.641399][T13988] loop7: detected capacity change from 0 to 512
[ 1434.666189][T13991] EXT4-fs: Ignoring removed orlov option
[ 1434.737444][T13988] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.1184: inode has both inline data and extents flags
[ 1434.751430][T13988] EXT4-fs error (device loop7): ext4_orphan_get:1395: comm syz.7.1184: couldn't read orphan inode 15 (err -117)
[ 1434.766660][T13988] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1434.797504][T13991] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1434.859047][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1436.343168][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1437.618659][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1437.752757][T14006] loop7: detected capacity change from 0 to 1024
[ 1437.763076][T14006] EXT4-fs: Ignoring removed orlov option
[ 1437.815721][T14006] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1439.157072][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1439.365197][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1439.410876][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1440.609520][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1440.758782][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1440.888091][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1440.900901][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1440.910078][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1440.929406][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1440.944013][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1440.949594][T14031] loop7: detected capacity change from 0 to 1024
[ 1440.978605][T14031] EXT4-fs: Ignoring removed orlov option
[ 1441.026112][T14031] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1442.055844][T13844] hsr_slave_0: entered promiscuous mode
[ 1442.083784][T13844] hsr_slave_1: entered promiscuous mode
[ 1442.176629][T13680] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1442.200551][T13914] chnl_net:caif_netlink_parms(): no params data found
[ 1442.223660][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1442.270831][T14007] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1442.294410][T14014] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1187'.
[ 1443.056291][ T5833] Bluetooth: hci2: command tx timeout
[ 1443.905806][T13883] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1443.923569][T13883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1443.940956][T13883] bridge_slave_0: entered allmulticast mode
[ 1443.957317][T13883] bridge_slave_0: entered promiscuous mode
[ 1444.369800][T14053] loop6: detected capacity change from 0 to 512
[ 1444.586436][T14053] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.1193: inode has both inline data and extents flags
[ 1444.603116][T14053] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.1193: couldn't read orphan inode 15 (err -117)
[ 1444.650389][T14053] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1445.104648][ T5833] Bluetooth: hci1: command 0x0406 tx timeout
[ 1445.140411][ T5833] Bluetooth: hci2: command tx timeout
[ 1445.171096][T13883] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1446.147320][T13883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1446.158700][T13883] bridge_slave_1: entered allmulticast mode
[ 1446.202620][T13883] bridge_slave_1: entered promiscuous mode
[ 1447.029263][T14060] loop7: detected capacity change from 0 to 512
[ 1447.093783][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1447.182363][T14060] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.1194: inode has both inline data and extents flags
[ 1447.196852][T14060] EXT4-fs error (device loop7): ext4_orphan_get:1395: comm syz.7.1194: couldn't read orphan inode 15 (err -117)
[ 1447.211462][T11837] Bluetooth: hci2: command tx timeout
[ 1447.212863][T14060] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1449.451992][T11837] Bluetooth: hci2: command tx timeout
[ 1449.550896][T13914] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1449.558113][T13914] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1449.565602][T13914] bridge_slave_0: entered allmulticast mode
[ 1449.612125][T13914] bridge_slave_0: entered promiscuous mode
[ 1449.637405][T13914] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1449.645204][T13914] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1449.652679][T13914] bridge_slave_1: entered allmulticast mode
[ 1449.657484][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1449.662569][T13914] bridge_slave_1: entered promiscuous mode
[ 1450.094487][T13883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1451.099266][T13883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1451.296641][T13914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1451.672833][T13914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1452.845339][T13883] team0: Port device team_slave_0 added
[ 1452.854437][T13883] team0: Port device team_slave_1 added
[ 1453.105101][T13914] team0: Port device team_slave_0 added
[ 1453.127551][T13883] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1453.141345][T13883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1453.168641][T13883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1453.185063][T13914] team0: Port device team_slave_1 added
[ 1453.263794][T13883] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1453.272701][T13883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1453.299881][T13883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1453.431520][T13914] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1453.438508][T13914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1453.490080][T13914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1453.558842][T13914] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1453.586457][T13914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1453.627625][T13914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1454.217238][T13883] hsr_slave_0: entered promiscuous mode
[ 1455.076304][T13883] hsr_slave_1: entered promiscuous mode
[ 1455.082960][T13883] debugfs: 'hsr0' already exists in 'hsr'
[ 1455.088700][T13883] Cannot create hsr debugfs directory
[ 1457.631940][T13914] hsr_slave_0: entered promiscuous mode
[ 1457.639011][T13914] hsr_slave_1: entered promiscuous mode
[ 1457.673069][T13914] debugfs: 'hsr0' already exists in 'hsr'
[ 1457.683345][T13914] Cannot create hsr debugfs directory
[ 1457.729304][T13844] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1458.784652][T14028] chnl_net:caif_netlink_parms(): no params data found
[ 1459.801015][T13844] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1460.749561][T13844] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1460.775850][T13844] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1460.929468][T14127] loop7: detected capacity change from 0 to 4096
[ 1460.939141][T14127] EXT4-fs (loop7): Test dummy encryption mode enabled
[ 1460.952660][T14127] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[ 1460.961505][T14127] System zones: 0-5
[ 1460.969930][T14127] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1461.269065][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1461.378495][T14028] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1461.390487][T14028] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1461.399051][T14028] bridge_slave_0: entered allmulticast mode
[ 1461.485425][T14028] bridge_slave_0: entered promiscuous mode
[ 1461.592601][T14028] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1461.599859][T14028] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1461.614297][T14028] bridge_slave_1: entered allmulticast mode
[ 1461.623397][T14028] bridge_slave_1: entered promiscuous mode
[ 1461.874235][T14028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1462.211503][T13883] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1462.385341][T14028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1462.469985][T13883] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1462.542867][T13883] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1462.899480][T13883] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1462.973308][T14146] loop6: detected capacity change from 0 to 1024
[ 1463.028283][T14146] EXT4-fs: Ignoring removed orlov option
[ 1463.088905][T14146] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1463.124116][T14028] team0: Port device team_slave_0 added
[ 1463.146341][T14028] team0: Port device team_slave_1 added
[ 1464.422623][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1464.765607][T14028] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1464.780987][T14028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1464.812715][T14028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1464.925917][T14028] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1464.940475][T14028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1464.976899][T14028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1465.050995][T14162] netlink: 'syz.7.1213': attribute type 13 has an invalid length.
[ 1466.623711][T14170] loop6: detected capacity change from 0 to 256
[ 1466.766707][T14170] FAT-fs (loop6): Directory bread(block 64) failed
[ 1466.788955][T13914] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1466.800751][T14170] FAT-fs (loop6): Directory bread(block 65) failed
[ 1466.807379][T14170] FAT-fs (loop6): Directory bread(block 66) failed
[ 1466.861055][T14170] FAT-fs (loop6): Directory bread(block 67) failed
[ 1466.867811][T14170] FAT-fs (loop6): Directory bread(block 68) failed
[ 1466.886516][T14170] FAT-fs (loop6): Directory bread(block 69) failed
[ 1466.895439][T14170] FAT-fs (loop6): Directory bread(block 70) failed
[ 1466.906993][T14170] FAT-fs (loop6): Directory bread(block 71) failed
[ 1466.934733][T14170] FAT-fs (loop6): Directory bread(block 72) failed
[ 1466.971328][T14170] FAT-fs (loop6): Directory bread(block 73) failed
[ 1467.387986][T13914] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1468.365604][T13914] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1469.475442][T14028] hsr_slave_0: entered promiscuous mode
[ 1469.496982][T14028] hsr_slave_1: entered promiscuous mode
[ 1469.547790][T14028] debugfs: 'hsr0' already exists in 'hsr'
[ 1469.582063][T14028] Cannot create hsr debugfs directory
[ 1469.771868][T13914] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1469.816957][T14179] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1470.078920][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1470.097195][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1470.106777][T14189] loop7: detected capacity change from 0 to 256
[ 1470.107651][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1470.131150][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1470.150465][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1470.208406][T14189] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[ 1470.259615][T14189] exFAT-fs (loop7): valid_size(562949953421322) is greater than size(10)
[ 1470.289512][   T30] audit: type=1800 audit(1763896449.941:2): pid=14189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1219" name="file1" dev="loop7" ino=1048792 res=0 errno=0
[ 1470.397882][ T8540] bridge_slave_1: left allmulticast mode
[ 1470.404442][ T8540] bridge_slave_1: left promiscuous mode
[ 1470.414986][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1470.440080][ T8540] bridge_slave_0: left allmulticast mode
[ 1470.448944][ T8540] bridge_slave_0: left promiscuous mode
[ 1470.456410][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1470.479920][ T8540] bridge_slave_1: left allmulticast mode
[ 1470.485907][ T8540] bridge_slave_1: left promiscuous mode
[ 1470.493265][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1470.503144][ T8540] bridge_slave_0: left allmulticast mode
[ 1470.509171][ T8540] bridge_slave_0: left promiscuous mode
[ 1470.515578][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1470.527678][ T8540] bridge_slave_1: left allmulticast mode
[ 1470.533521][ T8540] bridge_slave_1: left promiscuous mode
[ 1470.539403][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1470.550378][ T8540] bridge_slave_0: left allmulticast mode
[ 1470.556057][ T8540] bridge_slave_0: left promiscuous mode
[ 1470.564434][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1470.579829][ T8540] bridge_slave_1: left allmulticast mode
[ 1470.586407][ T8540] bridge_slave_1: left promiscuous mode
[ 1470.592672][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1470.602768][ T8540] bridge_slave_0: left allmulticast mode
[ 1470.608592][ T8540] bridge_slave_0: left promiscuous mode
[ 1470.615012][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1470.627745][ T8540] bridge_slave_1: left allmulticast mode
[ 1470.633580][ T8540] bridge_slave_1: left promiscuous mode
[ 1470.639321][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1470.649312][ T8540] bridge_slave_0: left allmulticast mode
[ 1470.656026][ T8540] bridge_slave_0: left promiscuous mode
[ 1470.664825][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1470.790074][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1470.802177][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1470.814911][ T8540] bond0 (unregistering): Released all slaves
[ 1470.964221][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1470.977608][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1470.995316][ T8540] bond0 (unregistering): Released all slaves
[ 1471.120979][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1471.133570][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1471.144592][ T8540] bond0 (unregistering): Released all slaves
[ 1471.257806][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1471.269443][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1471.280284][ T8540] bond0 (unregistering): Released all slaves
[ 1471.397334][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1471.408806][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1471.419237][ T8540] bond0 (unregistering): Released all slaves
[ 1471.441814][T14191] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1220'.
[ 1471.919629][ T8540] hsr_slave_0: left promiscuous mode
[ 1471.926943][ T8540] hsr_slave_1: left promiscuous mode
[ 1471.934471][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1471.943891][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1471.972969][ T8540] hsr_slave_0: left promiscuous mode
[ 1471.979516][ T8540] hsr_slave_1: left promiscuous mode
[ 1471.992965][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1472.001754][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1472.019861][ T8540] hsr_slave_0: left promiscuous mode
[ 1472.027268][ T8540] hsr_slave_1: left promiscuous mode
[ 1472.035884][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1472.045845][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1472.061193][ T8540] hsr_slave_0: left promiscuous mode
[ 1472.067668][ T8540] hsr_slave_1: left promiscuous mode
[ 1472.081562][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1472.111879][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1472.148793][ T8540] hsr_slave_0: left promiscuous mode
[ 1472.155346][ T8540] hsr_slave_1: left promiscuous mode
[ 1472.167430][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1472.192355][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1472.250400][T11837] Bluetooth: hci3: command tx timeout
[ 1472.538000][T14214] loop6: detected capacity change from 0 to 1024
[ 1472.891886][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1472.923715][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1473.052226][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1473.062680][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1473.070658][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1473.079691][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1473.088153][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1473.329526][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1473.358637][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1473.660814][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1473.689516][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1473.981574][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1474.014787][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1474.306349][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1474.329835][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1474.330506][T11837] Bluetooth: hci3: command tx timeout
[ 1474.517837][T14214] netlink: 'syz.6.1230': attribute type 12 has an invalid length.
[ 1474.530696][T14214] netlink: 'syz.6.1230': attribute type 29 has an invalid length.
[ 1474.538518][T14214] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1230'.
[ 1475.131307][T11837] Bluetooth: hci4: command tx timeout
[ 1475.415989][T13914] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1475.961324][T13914] 8021q: adding VLAN 0 to HW filter on device team0
[ 1476.410355][T11837] Bluetooth: hci3: command tx timeout
[ 1476.619851][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.627093][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1476.679450][ T3592] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1476.687046][ T3592] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1477.004635][T14187] chnl_net:caif_netlink_parms(): no params data found
[ 1477.215063][T11837] Bluetooth: hci4: command tx timeout
[ 1477.663621][T14028] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1477.701004][T14219] chnl_net:caif_netlink_parms(): no params data found
[ 1477.732054][T14187] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1477.747692][T14187] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1477.761712][T14187] bridge_slave_0: entered allmulticast mode
[ 1477.777077][T14187] bridge_slave_0: entered promiscuous mode
[ 1477.809100][T14187] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1477.839088][T14187] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1477.864347][T14187] bridge_slave_1: entered allmulticast mode
[ 1477.893965][T14187] bridge_slave_1: entered promiscuous mode
[ 1477.916586][T14028] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1478.034418][T14280] loop6: detected capacity change from 0 to 512
[ 1478.061039][T14280] EXT4-fs (loop6): blocks per group (255) and clusters per group (8192) inconsistent
[ 1478.097081][T14028] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1478.145417][T14028] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1478.497086][T11837] Bluetooth: hci3: command tx timeout
[ 1479.290431][T11837] Bluetooth: hci4: command tx timeout
[ 1479.359574][T14187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1479.479355][T14304] xt_socket: unknown flags 0x4c
[ 1480.076247][T14187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1480.219299][T13914] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1480.466603][T14187] team0: Port device team_slave_0 added
[ 1480.780673][T14187] team0: Port device team_slave_1 added
[ 1481.403339][ T5833] Bluetooth: hci4: command tx timeout
[ 1481.582330][T14219] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1481.589593][T14219] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1481.607802][T14219] bridge_slave_0: entered allmulticast mode
[ 1481.635209][T14219] bridge_slave_0: entered promiscuous mode
[ 1481.789143][T14187] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1481.864385][T14187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1481.920300][T14187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1481.957018][T14187] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1482.000237][T14187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1482.140939][T14187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1482.229718][T14219] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1482.283741][T14219] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.306056][T14219] bridge_slave_1: entered allmulticast mode
[ 1482.342940][T14219] bridge_slave_1: entered promiscuous mode
[ 1483.296250][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1483.307496][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1483.315790][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1483.324523][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1483.342998][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1483.978839][T14219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1484.052268][T14364] netlink: 'syz.6.1268': attribute type 16 has an invalid length.
[ 1484.060272][T14364] netlink: 'syz.6.1268': attribute type 17 has an invalid length.
[ 1484.613699][T14219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1484.660869][T14364] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1484.805610][T14187] hsr_slave_0: entered promiscuous mode
[ 1484.828498][T14187] hsr_slave_1: entered promiscuous mode
[ 1484.835220][T14187] debugfs: 'hsr0' already exists in 'hsr'
[ 1484.844137][T14187] Cannot create hsr debugfs directory
[ 1485.143060][T14219] team0: Port device team_slave_0 added
[ 1485.162755][T14219] team0: Port device team_slave_1 added
[ 1485.210612][  T974] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1485.334536][T14219] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1485.351803][T14219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1485.391727][T14219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1485.393202][  T974] usb 7-1: config 0 has an invalid interface number: 116 but max is 0
[ 1485.430571][  T974] usb 7-1: config 0 has no interface number 0
[ 1485.436726][  T974] usb 7-1: New USB device found, idVendor=0bda, idProduct=8050, bcdDevice=83.c4
[ 1485.462706][  T974] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1485.503315][  T974] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1485.518032][  T974] r8152-cfgselector 7-1: config 0 descriptor??
[ 1485.528588][  T974] hub 7-1:0.116: bad descriptor, ignoring hub
[ 1485.536855][T14219] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1485.539292][  T974] hub 7-1:0.116: probe with driver hub failed with error -5
[ 1485.548763][T14219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1485.586201][T14219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1485.598194][T14383] tc_dump_action: action bad kind
[ 1485.622841][ T5833] Bluetooth: hci0: command tx timeout
[ 1485.739645][T14028] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1485.852785][  T974] r8152-cfgselector 7-1: USB disconnect, device number 4
[ 1486.179133][T14219] hsr_slave_0: entered promiscuous mode
[ 1486.199797][T14219] hsr_slave_1: entered promiscuous mode
[ 1486.209619][T14219] debugfs: 'hsr0' already exists in 'hsr'
[ 1486.233715][T14219] Cannot create hsr debugfs directory
[ 1486.383695][T14028] 8021q: adding VLAN 0 to HW filter on device team0
[ 1486.745078][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1486.752397][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1486.788047][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1486.795409][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1486.907625][T14418] netlink: 'syz.6.1282': attribute type 11 has an invalid length.
[ 1487.077464][T14424] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1487.281166][T14432] netlink: 27 bytes leftover after parsing attributes in process `syz.6.1284'.
[ 1487.638492][T14351] chnl_net:caif_netlink_parms(): no params data found
[ 1487.690948][ T5833] Bluetooth: hci0: command tx timeout
[ 1488.013102][T14453] loop6: detected capacity change from 0 to 164
[ 1488.047880][ T8540] bridge_slave_1: left allmulticast mode
[ 1488.068635][ T8540] bridge_slave_1: left promiscuous mode
[ 1488.086242][T14453] rock: corrupted directory entry. extent=41, offset=65536, size=8
[ 1488.094702][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1488.108146][ T8540] bridge_slave_0: left allmulticast mode
[ 1488.124343][ T8540] bridge_slave_0: left promiscuous mode
[ 1488.130113][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1488.174939][ T8540] bridge_slave_1: left allmulticast mode
[ 1488.180644][ T8540] bridge_slave_1: left promiscuous mode
[ 1488.186862][ T8540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1488.214378][ T8540] bridge_slave_0: left allmulticast mode
[ 1488.220036][ T8540] bridge_slave_0: left promiscuous mode
[ 1488.234921][ T8540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1488.397596][T14462] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1291'.
[ 1488.936090][T14478] loop7: detected capacity change from 0 to 512
[ 1489.033135][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1489.055663][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1489.088427][T14478] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.1295: inode has both inline data and extents flags
[ 1489.116304][ T8540] bond0 (unregistering): Released all slaves
[ 1489.117009][T14478] EXT4-fs error (device loop7): ext4_orphan_get:1395: comm syz.7.1295: couldn't read orphan inode 15 (err -117)
[ 1489.276916][T14484] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1489.743006][T14478] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1489.771248][ T5833] Bluetooth: hci0: command tx timeout
[ 1490.269528][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1490.307625][ T8540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1490.350874][ T8540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1490.387455][ T8540] bond0 (unregistering): Released all slaves
[ 1490.438584][T14497] loop7: detected capacity change from 0 to 8
[ 1490.565167][T14497] process 'syz.7.1299' launched './file0/file0' with NULL argv: empty string added
[ 1490.636283][T14351] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1490.654996][T14351] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1490.949525][T14351] bridge_slave_0: entered allmulticast mode
[ 1490.959480][T14351] bridge_slave_0: entered promiscuous mode
[ 1491.006374][ T8540] hsr_slave_0: left promiscuous mode
[ 1491.500299][ T8540] hsr_slave_1: left promiscuous mode
[ 1491.850610][ T5833] Bluetooth: hci0: command tx timeout
[ 1491.876523][T14510] capability: warning: `syz.6.1300' uses 32-bit capabilities (legacy support in use)
[ 1491.949226][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1492.009646][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1492.099318][ T8540] hsr_slave_0: left promiscuous mode
[ 1492.121043][ T8540] hsr_slave_1: left promiscuous mode
[ 1492.139377][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1492.156685][ T8540] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1492.167220][T14517] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[ 1493.304584][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1493.738151][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1494.231206][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1494.237558][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1494.869728][ T8540] team0 (unregistering): Port device team_slave_1 removed
[ 1494.915207][ T8540] team0 (unregistering): Port device team_slave_0 removed
[ 1495.563888][T14351] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1495.573141][T14351] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1495.582865][T14351] bridge_slave_1: entered allmulticast mode
[ 1495.591501][T14351] bridge_slave_1: entered promiscuous mode
[ 1496.117214][T14351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1496.327356][T14351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1496.574113][T14187] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1496.856839][T14187] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1497.943337][T14187] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1497.975749][T14187] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1498.062482][T14574] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1498.131595][T14351] team0: Port device team_slave_0 added
[ 1498.157344][T14351] team0: Port device team_slave_1 added
[ 1498.449873][T14028] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1498.503770][T14351] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1498.519515][T14351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1498.590225][T14351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1498.690340][T14351] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1498.697347][T14351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1498.755768][T14351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1499.027924][T14597] loop6: detected capacity change from 0 to 512
[ 1499.082680][T14597] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1499.142104][T14597] EXT4-fs (loop6): revision level too high, forcing read-only mode
[ 1499.173432][T14597] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=842c01c, mo2=0002]
[ 1499.191796][T14351] hsr_slave_0: entered promiscuous mode
[ 1499.201973][T14351] hsr_slave_1: entered promiscuous mode
[ 1499.230681][T14597] EXT4-fs (loop6): couldn't mount RDWR because of unsupported optional features (80)
[ 1499.261475][T14597] EXT4-fs (loop6): Skipping orphan cleanup due to unknown ROCOMPAT features
[ 1499.283387][T14597] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1499.411987][T12838] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1499.476264][T14028] veth0_vlan: entered promiscuous mode
[ 1499.647436][T14028] veth1_vlan: entered promiscuous mode
[ 1500.005491][T14219] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1500.182645][T14219] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1500.238154][T14219] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1500.305366][T14621] loop7: detected capacity change from 0 to 2048
[ 1500.340426][T14621] udf: Bad value for 'session'
[ 1500.392741][T14219] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1500.524954][T14187] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1500.754773][T14187] 8021q: adding VLAN 0 to HW filter on device team0
[ 1500.991689][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1500.998958][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1501.075428][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1501.083351][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1501.416791][   T49] bridge_slave_1: left allmulticast mode
[ 1501.440260][   T49] bridge_slave_1: left promiscuous mode
[ 1501.456480][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1501.547662][   T49] bridge_slave_0: left allmulticast mode
[ 1501.581026][   T49] bridge_slave_0: left promiscuous mode
[ 1501.587229][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.828101][T11837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1501.839473][T11837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1501.848133][T11837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1501.863604][T11837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1501.873034][T11837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1502.158014][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1502.172280][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1502.184211][   T49] bond0 (unregistering): Released all slaves
[ 1502.442888][T14669] loop7: detected capacity change from 0 to 512
[ 1502.508098][T14669] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002]
[ 1502.547378][T14669] System zones: 1-12
[ 1502.563332][   T49] hsr_slave_0: left promiscuous mode
[ 1502.591591][   T49] hsr_slave_1: left promiscuous mode
[ 1502.597848][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1502.600816][T14669] EXT4-fs error (device loop7): dx_probe:791: inode #2: comm syz.7.1329: Directory hole found for htree index block 0
[ 1502.637653][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1502.707080][T14669] EXT4-fs (loop7): Remounting filesystem read-only
[ 1502.743627][T14669] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -117
[ 1502.761017][T14669] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -117
[ 1502.778306][T14669] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1502.865862][T14669] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000.
[ 1502.982998][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1503.348319][T14688] netlink: 56 bytes leftover after parsing attributes in process `syz.7.1335'.
[ 1503.530075][   T49] team0 (unregistering): Port device team_slave_1 removed
[ 1503.595490][   T49] team0 (unregistering): Port device team_slave_0 removed
[ 1503.938598][ T5833] Bluetooth: hci2: command tx timeout
[ 1504.177946][T14704] loop7: detected capacity change from 0 to 512
[ 1504.197841][T14704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1504.243636][T14704] EXT4-fs (loop7): orphan cleanup on readonly fs
[ 1504.276994][T14704] Quota error (device loop7): do_check_range: Getting block 196613 out of range 1-5
[ 1504.300558][T14704] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 0
[ 1504.310863][T14704] EXT4-fs error (device loop7): ext4_acquire_dquot:6943: comm syz.7.1343: Failed to acquire dquot type 1
[ 1504.354646][T14704] EXT4-fs (loop7): 1 truncate cleaned up
[ 1504.375689][T14704] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1504.572888][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1504.735010][T14710] netlink: 'syz.6.1345': attribute type 1 has an invalid length.
[ 1505.122233][T14719] loop7: detected capacity change from 0 to 512
[ 1505.179864][T14719] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1505.271026][T14719] EXT4-fs: Ignoring removed bh option
[ 1505.336735][T14719] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 1505.352964][T14219] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1505.413080][T14719] EXT4-fs error (device loop7): mb_free_blocks:2014: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[ 1505.461632][T14719] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #11: comm syz.7.1348: corrupted inode contents
[ 1505.512466][T14719] EXT4-fs error (device loop7): ext4_dirty_inode:6517: inode #11: comm syz.7.1348: mark_inode_dirty error
[ 1505.604122][T14719] EXT4-fs error (device loop7): ext4_free_branches:1020: inode #11: comm syz.7.1348: invalid indirect mapped block 1 (level 1)
[ 1505.713715][T14719] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #11: comm syz.7.1348: corrupted inode contents
[ 1505.778650][T14719] EXT4-fs error (device loop7) in ext4_orphan_del:301: Corrupt filesystem
[ 1505.802452][T14719] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #11: comm syz.7.1348: corrupted inode contents
[ 1505.816703][T14219] 8021q: adding VLAN 0 to HW filter on device team0
[ 1505.830636][T14719] EXT4-fs error (device loop7): ext4_truncate:4637: inode #11: comm syz.7.1348: mark_inode_dirty error
[ 1505.847507][T14719] EXT4-fs error (device loop7) in ext4_process_orphan:343: Corrupt filesystem
[ 1505.871377][T14719] EXT4-fs (loop7): 1 truncate cleaned up
[ 1505.879189][T14719] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1505.907443][T14351] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1505.927452][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1505.934645][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1505.961724][T14351] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1505.992003][T14351] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1506.010475][ T5833] Bluetooth: hci2: command tx timeout
[ 1506.060267][T14351] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1506.085245][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1506.121065][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1506.128238][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1506.234865][T14187] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1506.283635][T14655] chnl_net:caif_netlink_parms(): no params data found
[ 1507.066667][T14767] loop6: detected capacity change from 0 to 8192
[ 1507.248558][T14187] veth0_vlan: entered promiscuous mode
[ 1507.305516][T14187] veth1_vlan: entered promiscuous mode
[ 1507.335495][T14655] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1507.373516][T14655] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1507.392831][T14655] bridge_slave_0: entered allmulticast mode
[ 1507.414522][T14655] bridge_slave_0: entered promiscuous mode
[ 1507.450911][T14655] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1507.471186][T14655] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1507.482296][T14655] bridge_slave_1: entered allmulticast mode
[ 1507.503163][T14655] bridge_slave_1: entered promiscuous mode
[ 1507.548991][T14786] loop6: detected capacity change from 0 to 128
[ 1507.588227][T14786] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1507.660999][T14786] ext4 filesystem being mounted at /144/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1508.256859][ T5833] Bluetooth: hci2: command tx timeout
[ 1509.135529][T14655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1509.167881][T12838] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1509.193161][T14655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1509.459088][T14655] team0: Port device team_slave_0 added
[ 1509.484654][T14655] team0: Port device team_slave_1 added
[ 1509.682988][T14655] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1509.689980][T14655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1509.791692][T14655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1509.834802][T14655] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1509.869692][T14655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1509.908751][T14655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1510.029544][T14351] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1510.303491][T14219] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1510.476461][   T49] bridge_slave_1: left allmulticast mode
[ 1510.491100][ T5833] Bluetooth: hci2: command tx timeout
[ 1510.544993][   T49] bridge_slave_1: left promiscuous mode
[ 1510.572761][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1511.265714][   T49] bridge_slave_0: left allmulticast mode
[ 1511.273779][   T49] bridge_slave_0: left promiscuous mode
[ 1511.280077][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1511.320366][T14831] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1369'.
[ 1511.925207][T14835] loop7: detected capacity change from 0 to 128
[ 1512.999994][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1513.015145][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1513.026956][   T49] bond0 (unregistering): Released all slaves
[ 1513.050020][T14187] veth0_macvtap: entered promiscuous mode
[ 1513.165056][T14655] hsr_slave_0: entered promiscuous mode
[ 1513.172229][T14655] hsr_slave_1: entered promiscuous mode
[ 1513.190613][T14655] debugfs: 'hsr0' already exists in 'hsr'
[ 1513.196366][T14655] Cannot create hsr debugfs directory
[ 1513.296271][   T49] hsr_slave_0: left promiscuous mode
[ 1513.319619][   T49] hsr_slave_1: left promiscuous mode
[ 1513.333597][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1513.343552][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1513.367656][   T49] veth1_vlan: left promiscuous mode
[ 1513.375180][   T49] veth0_vlan: left promiscuous mode
[ 1514.091430][ T8951] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1514.172240][   T49] team0 (unregistering): Port device team_slave_1 removed
[ 1514.236226][   T49] team0 (unregistering): Port device team_slave_0 removed
[ 1514.250369][ T8951] usb 7-1: Using ep0 maxpacket: 16
[ 1514.258070][ T8951] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1514.275511][ T8951] usb 7-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1514.311656][ T8951] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1514.324861][ T8951] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[ 1514.340200][ T8951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1514.363318][ T8951] usb 7-1: Product: syz
[ 1514.367528][ T8951] usb 7-1: Manufacturer: syz
[ 1514.377884][ T8951] usb 7-1: SerialNumber: syz
[ 1514.407533][ T8951] usb 7-1: config 0 descriptor??
[ 1514.644748][ T8951] usb 7-1: Can not set alternate setting to 1, error: -71
[ 1514.657377][ T8951] synaptics_usb 7-1:0.0: probe with driver synaptics_usb failed with error -71
[ 1514.683574][ T8951] usb 7-1: USB disconnect, device number 5
[ 1514.896223][T14187] veth1_macvtap: entered promiscuous mode
[ 1514.936360][T14351] 8021q: adding VLAN 0 to HW filter on device team0
[ 1515.097085][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1515.104532][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1515.173458][T14187] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1515.195139][T14187] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1515.210679][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1515.218366][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1515.387309][T14219] veth0_vlan: entered promiscuous mode
[ 1515.399851][   T68] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1515.412339][T14852] loop7: detected capacity change from 0 to 256
[ 1515.487439][T14219] veth1_vlan: entered promiscuous mode
[ 1515.510854][   T30] audit: type=1800 audit(1763896495.165:3): pid=14852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1375" name="file1" dev="loop7" ino=1048794 res=0 errno=0
[ 1515.538078][   T68] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1515.581597][   T68] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1515.675325][   T68] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1515.952322][ T5913] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1516.118852][ T5913] usb 7-1: Using ep0 maxpacket: 32
[ 1516.132469][ T5913] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1516.164946][ T5913] usb 7-1: config 0 has no interfaces?
[ 1516.185437][ T5913] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1516.200417][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1516.229638][ T5913] usb 7-1: config 0 descriptor??
[ 1516.236588][T14219] veth0_macvtap: entered promiscuous mode
[ 1516.271326][ T3502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1516.296751][ T3502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1516.360087][T14219] veth1_macvtap: entered promiscuous mode
[ 1516.401963][ T7110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1516.419604][ T7110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1516.525834][ T5837] usb 7-1: USB disconnect, device number 6
[ 1516.604376][T14219] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1516.694951][T14219] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1516.788532][ T7110] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1516.808449][ T7110] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1517.157312][ T7110] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1518.156324][T14883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1518.194183][T14883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1518.361982][   T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1518.388523][T14655] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1518.440353][T14655] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1518.499470][T14655] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1518.575779][T14655] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1518.675796][T14351] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1518.891686][ T3533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1518.899549][ T3533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1519.098224][T14351] veth0_vlan: entered promiscuous mode
[ 1519.143729][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1519.178551][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1519.189204][T14351] veth1_vlan: entered promiscuous mode
[ 1519.339085][T14929] loop3: detected capacity change from 0 to 128
[ 1519.424929][T14929] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1519.499103][T14929] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1519.548301][T14655] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1519.574354][T14655] 8021q: adding VLAN 0 to HW filter on device team0
[ 1519.696091][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1519.703332][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1520.800900][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1520.808112][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1521.025200][T14351] veth0_macvtap: entered promiscuous mode
[ 1521.174840][T14351] veth1_macvtap: entered promiscuous mode
[ 1521.217355][T14187] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1521.416525][T14351] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1521.431571][T14953] loop7: detected capacity change from 0 to 512
[ 1521.508345][T14953] EXT4-fs (loop7): fragment/cluster size (131072) != block size (4096)
[ 1521.553824][T14351] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1521.640538][ T7110] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1521.649370][ T7110] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1521.736941][ T7110] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1521.756321][ T7110] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1522.072044][T14964] netlink: 268 bytes leftover after parsing attributes in process `syz.7.1396'.
[ 1522.332959][ T3533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1522.388242][ T3533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1522.612153][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1522.666327][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1522.733638][T14655] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1522.891723][T14829] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1523.022252][T14655] veth0_vlan: entered promiscuous mode
[ 1523.100123][T14655] veth1_vlan: entered promiscuous mode
[ 1523.310402][T14829] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1523.330233][T14829] usb 4-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[ 1524.120813][T14829] usb 4-1: Product: syz
[ 1524.125047][T14829] usb 4-1: Manufacturer: syz
[ 1524.140551][T14829] usb 4-1: SerialNumber: syz
[ 1524.193306][T14829] usb 4-1: config 0 descriptor??
[ 1524.242560][T14829] ch341 4-1:0.0: ch341-uart converter detected
[ 1524.529778][T14989] netlink: 'syz.1.1116': attribute type 13 has an invalid length.
[ 1525.241221][T14829] usb 4-1: ch341-uart converter now attached to ttyUSB0
[ 1525.355475][ T5933] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1525.465306][T14836] usb 4-1: USB disconnect, device number 7
[ 1525.542020][ T5933] usb 8-1: Using ep0 maxpacket: 8
[ 1525.555360][T14836] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[ 1525.581489][ T5933] usb 8-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[ 1525.599357][ T5933] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1525.609673][T14836] ch341 4-1:0.0: device disconnected
[ 1525.627356][ T5933] usb 8-1: config 0 descriptor??
[ 1525.850711][ T5933] usb 8-1: string descriptor 0 read error: -71
[ 1525.856990][ T5933] uvcvideo 8-1:0.0: Found multiple Units with ID 1
[ 1525.899026][ T5933] uvcvideo 8-1:0.0: Found UVC 0.00 device <unnamed> (2833:0201)
[ 1525.914564][ T5933] uvcvideo 8-1:0.0: No valid video chain found.
[ 1525.941907][ T5933] usb 8-1: USB disconnect, device number 2
[ 1526.057244][T14655] veth0_macvtap: entered promiscuous mode
[ 1526.105780][T14655] veth1_macvtap: entered promiscuous mode
[ 1526.265974][T14655] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1526.406896][T14655] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1526.492094][ T1087] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.517396][ T1087] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.548919][ T1087] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1526.597901][ T1087] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1527.032043][T15026] loop2: detected capacity change from 0 to 16
[ 1527.892116][T15026] erofs (device loop2): mounted with root inode @ nid 36.
[ 1530.919133][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1531.004448][T15043] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1415'.
[ 1531.544279][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1531.763154][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1531.774831][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1533.519025][T15070] loop6: detected capacity change from 0 to 128
[ 1535.887475][T15093] loop0: detected capacity change from 0 to 512
[ 1535.951562][T15093] EXT4-fs: Ignoring removed orlov option
[ 1536.063394][T15093] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 1536.259179][T15093] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[ 1536.394072][T15093] EXT4-fs error (device loop0): ext4_iget_extra_inode:5074: inode #15: comm syz.0.1430: corrupted in-inode xattr: e_value size too large
[ 1536.453157][T15093] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz.0.1430: couldn't read orphan inode 15 (err -117)
[ 1536.569262][T15093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1536.888687][T15126] loop7: detected capacity change from 0 to 128
[ 1536.970238][   T30] audit: type=1800 audit(1763896516.625:4): pid=15126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1444" name="bus" dev="loop7" ino=1048815 res=0 errno=0
[ 1537.087540][T15132] loop6: detected capacity change from 0 to 256
[ 1537.143158][T15132] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1537.189738][T15134] syz.7.1444: attempt to access beyond end of device
[ 1537.189738][T15134] loop7: rw=2049, sector=601, nr_sectors = 440 limit=128
[ 1537.217160][T15138] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1448'.
[ 1537.230353][T15132] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[ 1537.243300][T15093] EXT4-fs error (device loop0): ext4_check_dx_root:2202: inode #2: comm syz.0.1430: Corrupt dir, invalid name_len for '..', running e2fsck is recommended
[ 1537.309402][T15132] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[ 1537.370460][T15132] exFAT-fs (loop6): failed to load alloc-bitmap
[ 1537.414478][T15132] exFAT-fs (loop6): failed to recognize exfat type
[ 1538.556597][T15153] xt_TCPMSS: Only works on TCP SYN packets
[ 1538.566967][T14655] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1538.935429][T14836] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[ 1539.292546][T14836] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[ 1539.308536][T14836] usb 2-1: config 1 has no interface number 0
[ 1539.335105][T14836] usb 2-1: config 1 interface 105 has no altsetting 0
[ 1539.533859][T15169] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1540.088562][T14836] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[ 1540.108478][T14836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.130207][T14836] usb 2-1: Product: syz
[ 1540.134388][T14836] usb 2-1: Manufacturer: syz
[ 1540.138983][T14836] usb 2-1: SerialNumber: syz
[ 1540.458517][T14836] aqc111 2-1:1.105: probe with driver aqc111 failed with error -22
[ 1540.525252][T14836] usb 2-1: USB disconnect, device number 5
[ 1540.749773][T15187] netlink: 'syz.7.1465': attribute type 2 has an invalid length.
[ 1540.780511][T15187] netlink: 'syz.7.1465': attribute type 2 has an invalid length.
[ 1540.800357][T15187] netlink: 'syz.7.1465': attribute type 1 has an invalid length.
[ 1540.832891][T15187] netlink: 136 bytes leftover after parsing attributes in process `syz.7.1465'.
[ 1541.532656][T15211] loop3: detected capacity change from 0 to 1024
[ 1541.560082][T15211] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1541.674311][T15211] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 1541.753816][T15211] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1541.831682][T15211] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.1472: inode has both inline data and extents flags
[ 1541.950871][T15224] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.1472: inode has both inline data and extents flags
[ 1542.243789][T14187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 1542.538006][T15235] loop7: detected capacity change from 0 to 2048
[ 1542.723615][T15235] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1542.886882][   T30] audit: type=1804 audit(1763896522.545:5): pid=15235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.1483" name="/newroot/164/file0/file1" dev="loop7" ino=1367 res=1 errno=0
[ 1543.152630][T15250] loop3: detected capacity change from 0 to 512
[ 1543.207108][T15250] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1543.254999][T15254] loop6: detected capacity change from 0 to 256
[ 1543.299419][T15254] exfat: Deprecated parameter 'utf8'
[ 1543.340480][T15254] exfat: Deprecated parameter 'namecase'
[ 1543.346242][T15254] exfat: Deprecated parameter 'utf8'
[ 1543.364831][T15250] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1543.497109][T15250] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1543.553213][T15254] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[ 1543.621778][   T30] audit: type=1800 audit(1763896523.295:6): pid=15250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1487" name="file1" dev="loop3" ino=15 res=0 errno=0
[ 1543.685079][T15254] exFAT-fs (loop6): start_clu is invalid cluster(0x0)
[ 1544.080868][T14187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1545.573335][T15275] loop7: detected capacity change from 0 to 512
[ 1545.658619][T15275] FAT-fs (loop7): Directory bread(block 199916) failed
[ 1545.687878][T15275] FAT-fs (loop7): Directory bread(block 199917) failed
[ 1545.734354][T15275] FAT-fs (loop7): Directory bread(block 199918) failed
[ 1545.779247][T15275] FAT-fs (loop7): Directory bread(block 199919) failed
[ 1545.811423][T15275] FAT-fs (loop7): Directory bread(block 199920) failed
[ 1545.866676][T15275] FAT-fs (loop7): Directory bread(block 199921) failed
[ 1545.901402][T15275] FAT-fs (loop7): Directory bread(block 199922) failed
[ 1545.935061][T15275] FAT-fs (loop7): Directory bread(block 199923) failed
[ 1546.227247][T15275] FAT-fs (loop7): FAT read failed (blocknr 128)
[ 1549.703918][T15333] loop7: detected capacity change from 0 to 512
[ 1549.830382][T15336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1516'.
[ 1549.894108][T15343] loop1: detected capacity change from 0 to 512
[ 1549.902921][T15333] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1549.917801][T15343] FAT-fs (loop1): Directory bread(block 199916) failed
[ 1549.929243][T15343] FAT-fs (loop1): Directory bread(block 199917) failed
[ 1549.929930][T15336] bridge1: entered promiscuous mode
[ 1549.944247][T15343] FAT-fs (loop1): Directory bread(block 199918) failed
[ 1549.944298][T15343] FAT-fs (loop1): Directory bread(block 199919) failed
[ 1549.944344][T15343] FAT-fs (loop1): Directory bread(block 199920) failed
[ 1549.944389][T15343] FAT-fs (loop1): Directory bread(block 199921) failed
[ 1549.974666][T15343] FAT-fs (loop1): Directory bread(block 199922) failed
[ 1549.985184][T15343] FAT-fs (loop1): Directory bread(block 199923) failed
[ 1550.010318][T15336] bridge1: entered allmulticast mode
[ 1550.016790][T15333] ext4 filesystem being mounted at /168/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1550.281641][T15343] FAT-fs (loop1): FAT read failed (blocknr 128)
[ 1550.533718][T12918] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1550.643347][T15356] loop3: detected capacity change from 0 to 8
[ 1552.407091][T15368] loop1: detected capacity change from 0 to 164
[ 1552.501622][T15368] ISOFS: Logical zone size(0) < hardware blocksize(1024)
[ 1553.923259][T15373] binder: BINDER_SET_CONTEXT_MGR already set
[ 1553.932465][T15373] binder: 15369:15373 ioctl 4018620d 200000004a80 returned -16
[ 1555.355056][T15392] loop3: detected capacity change from 0 to 1024
[ 1555.453403][T15392] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1555.616302][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1555.623216][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1556.840642][ T5837] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1557.081684][ T5837] usb 1-1: Using ep0 maxpacket: 16
[ 1557.140100][ T5837] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1557.196577][ T5837] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1557.254213][ T5837] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1557.418894][ T5837] usb 1-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.40
[ 1557.484454][ T5837] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1557.557662][ T5837] usb 1-1: Product: syz
[ 1557.579477][ T5837] usb 1-1: SerialNumber: syz
[ 1557.947593][ T5837] usbhid 1-1:1.0: can't add hid device: -71
[ 1557.977758][ T5837] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[ 1558.031577][ T5837] usb 1-1: USB disconnect, device number 7
[ 1558.913852][T15449] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1550'.
[ 1559.670035][T15465] fuse: Unknown parameter 'r'
[ 1560.015753][T15475] loop6: detected capacity change from 0 to 256
[ 1560.127782][T15475] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[ 1562.866892][T12838] exFAT-fs (loop6): error, data valid size is invalid(-9223372036854774758)
[ 1562.988625][T12838] exFAT-fs (loop6): Filesystem has been set read-only
[ 1563.037921][T15499] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1566'.
[ 1563.072984][T12838] exFAT-fs (loop6): error, data valid size is invalid(-9223372036854774758)
[ 1563.312868][T15505] veth0_to_bridge: Caught tx_queue_len zero misconfig
[ 1564.305251][   T68] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1564.489338][   T68] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1564.642757][   T68] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1564.712422][T15543] Cannot find set identified by id 1 to match
[ 1564.953248][   T68] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1565.050298][   T30] audit: type=1326 audit(1763896544.698:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15549 comm="syz.2.1588" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc9b278f749 code=0x0
[ 1565.201247][T15557] loop1: detected capacity change from 0 to 2048
[ 1565.209091][T15557] EXT4-fs: Ignoring removed i_version option
[ 1565.295410][    C1] wlan1: beacon TX faster than countdown (channel/color switch) completion
[ 1565.489443][T15557] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1565.510271][T15411] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 1565.691855][T15411] usb 1-1: Using ep0 maxpacket: 32
[ 1565.985752][T15411] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1566.186334][T15411] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 26
[ 1566.322510][T15411] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1566.349936][T15411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1566.371147][T15411] usb 1-1: SerialNumber: syz
[ 1566.392911][T15411] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[ 1566.402075][T15411] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[ 1566.408534][T15411] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[ 1566.432705][T14351] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1566.680896][T15411] usb 1-1: USB disconnect, device number 8
[ 1566.814409][T15577] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1595'.
[ 1566.868582][T15577] netlink: 'syz.2.1595': attribute type 1 has an invalid length.
[ 1566.877012][   T68] bridge_slave_1: left allmulticast mode
[ 1566.894311][   T68] bridge_slave_1: left promiscuous mode
[ 1566.896987][T15581] loop1: detected capacity change from 0 to 1024
[ 1566.918063][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1567.003521][T15581] hfsplus: failed to load catalog file
[ 1567.032603][   T68] bridge_slave_0: left allmulticast mode
[ 1567.048991][T11837] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1567.070620][T11837] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1567.081980][T11837] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1567.095062][   T68] bridge_slave_0: left promiscuous mode
[ 1567.105567][T11837] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1567.139597][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1567.140630][T11837] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1567.321140][T15589] loop7: detected capacity change from 0 to 512
[ 1567.328774][T15589] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1567.460737][T15589] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1567.469829][T15589] EXT4-fs (loop7): blocks per group (256) and clusters per group (32768) inconsistent
[ 1568.152426][T15604] x_tables: ip_tables: osf match: only valid for protocol 6
[ 1569.210322][ T5833] Bluetooth: hci5: command tx timeout
[ 1569.392927][T15411] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1571.240829][T15411] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1571.270847][T15411] usb 8-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[ 1571.291306][T15411] usb 8-1: config 2 has 2 interfaces, different from the descriptor's value: 3
[ 1571.301118][ T5833] Bluetooth: hci5: command tx timeout
[ 1571.359821][T15411] usb 8-1: config 2 interface 1 altsetting 190 endpoint 0x6 has invalid maxpacket 512, setting to 64
[ 1571.459067][T15411] usb 8-1: config 2 interface 1 has no altsetting 0
[ 1571.482934][T15411] usb 8-1: New USB device found, idVendor=1686, idProduct=00dd, bcdDevice=37.c4
[ 1571.580023][T15638] loop3: detected capacity change from 0 to 128
[ 1572.227655][   T30] audit: type=1800 audit(1763896551.378:8): pid=15638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1611" name="bus" dev="loop3" ino=1048822 res=0 errno=0
[ 1572.278083][T15638] syz.3.1611: attempt to access beyond end of device
[ 1572.278083][T15638] loop3: rw=0, sector=121, nr_sectors = 920 limit=128
[ 1572.437930][T15411] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1572.470253][T15411] usb 8-1: Product: syz
[ 1572.474577][T15411] usb 8-1: Manufacturer: syz
[ 1572.479193][T15411] usb 8-1: SerialNumber: syz
[ 1572.801111][T14836] usb 2-1: new low-speed USB device number 6 using dummy_hcd
[ 1572.948299][T15644] loop7: detected capacity change from 0 to 8
[ 1573.291550][T14836] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1573.309708][T14836] usb 2-1: config 179 has no interface number 0
[ 1573.316852][T14836] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[ 1573.463738][T15411] usb 8-1: can't set config #2, error -71
[ 1573.484075][T15411] usb 8-1: USB disconnect, device number 3
[ 1573.500701][ T5833] Bluetooth: hci5: command tx timeout
[ 1574.132567][T14836] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[ 1574.153069][T14836] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 1574.164906][T14836] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8
[ 1574.177663][T14836] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1574.191487][T14836] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1574.201083][T14836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1574.480671][T15640] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1574.514623][T15640] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1574.840550][ T5813] usb 2-1: USB disconnect, device number 6
[ 1574.840605][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1574.854794][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1574.863849][    C0] ==================================================================
[ 1574.871930][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0
[ 1574.879786][    C0] Read of size 4 at addr ffff8880248e285c by task kworker/u8:5/1087
[ 1574.887859][    C0] 
[ 1574.890199][    C0] CPU: 0 UID: 0 PID: 1087 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[ 1574.890245][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1574.890272][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1574.890343][    C0] Call Trace:
[ 1574.890356][    C0]  <IRQ>
[ 1574.890370][    C0]  dump_stack_lvl+0x116/0x1f0
[ 1574.890421][    C0]  print_report+0xcd/0x630
[ 1574.890458][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.890508][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.890555][    C0]  ? __phys_addr+0xe8/0x180
[ 1574.890611][    C0]  ? do_raw_spin_lock+0x26f/0x2b0
[ 1574.890655][    C0]  kasan_report+0xe0/0x110
[ 1574.890693][    C0]  ? do_raw_spin_lock+0x26f/0x2b0
[ 1574.890742][    C0]  do_raw_spin_lock+0x26f/0x2b0
[ 1574.890787][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1574.890834][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.890893][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[ 1574.890938][    C0]  ? __wake_up+0x1c/0x60
[ 1574.890990][    C0]  __wake_up+0x1c/0x60
[ 1574.891045][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[ 1574.891104][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[ 1574.891154][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[ 1574.891201][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891251][    C0]  dummy_timer+0x1809/0x3a00
[ 1574.891312][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1574.891361][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891411][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891461][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891509][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1574.891556][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891604][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1574.891655][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1574.891704][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1574.891767][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891816][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1574.891872][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1574.891931][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.891979][    C0]  ? mark_held_locks+0x49/0x80
[ 1574.892039][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1574.892090][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1574.892144][    C0]  __hrtimer_run_queues+0x202/0xad0
[ 1574.892201][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1574.892251][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.892307][    C0]  hrtimer_run_softirq+0x17d/0x350
[ 1574.892359][    C0]  handle_softirqs+0x219/0x8e0
[ 1574.892413][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1574.892464][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.892516][    C0]  __irq_exit_rcu+0x109/0x170
[ 1574.892563][    C0]  irq_exit_rcu+0x9/0x30
[ 1574.892611][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1574.892661][    C0]  </IRQ>
[ 1574.892675][    C0]  <TASK>
[ 1574.892691][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1574.892735][    C0] RIP: 0010:unwind_next_frame+0x522/0x20a0
[ 1574.892783][    C0] Code: 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 4c 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 63 15 00 00 0f b6 41 05 <83> e0 07 0f 84 53 fe ff ff 3c 01 0f 84 7b fe ff ff 4c 8d 41 04 4c
[ 1574.892824][    C0] RSP: 0018:ffffc9000394f6e0 EFLAGS: 00000246
[ 1574.892856][    C0] RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff9114bf06
[ 1574.892887][    C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90925b2c
[ 1574.892914][    C0] RBP: ffffc9000394f798 R08: ffffffff9114bf0c R09: 0000000000000000
[ 1574.892941][    C0] R10: 0000000000000000 R11: 0000000000006135 R12: ffffc9000394f7a0
[ 1574.892968][    C0] R13: ffffc9000394f750 R14: ffffc9000394f785 R15: ffffffff9114bf0b
[ 1574.893009][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1574.893049][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1574.893109][    C0]  arch_stack_walk+0x94/0x100
[ 1574.893157][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1574.893194][    C0]  stack_trace_save+0x8e/0xc0
[ 1574.893249][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1574.893307][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.893355][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1574.893418][    C0]  kasan_save_stack+0x33/0x60
[ 1574.893477][    C0]  ? kasan_save_stack+0x33/0x60
[ 1574.893535][    C0]  ? kasan_save_track+0x14/0x30
[ 1574.893593][    C0]  ? __kasan_save_free_info+0x3b/0x60
[ 1574.893642][    C0]  ? __kasan_slab_free+0x5f/0x80
[ 1574.893710][    C0]  ? kmem_cache_free+0x2d4/0x6c0
[ 1574.893765][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1574.893817][    C0]  ? consume_skb+0xcc/0x100
[ 1574.893858][    C0]  ? nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1574.893927][    C0]  ? process_one_work+0x9cf/0x1b70
[ 1574.893969][    C0]  ? worker_thread+0x6c8/0xf10
[ 1574.894010][    C0]  ? kthread+0x3c5/0x780
[ 1574.894045][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1574.894110][    C0]  kasan_save_track+0x14/0x30
[ 1574.894169][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1574.894219][    C0]  __kasan_slab_free+0x5f/0x80
[ 1574.894287][    C0]  kmem_cache_free+0x2d4/0x6c0
[ 1574.894342][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1574.894398][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1574.894447][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.894495][    C0]  kfree_skbmem+0x1a4/0x1f0
[ 1574.894546][    C0]  consume_skb+0xcc/0x100
[ 1574.894590][    C0]  nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1574.894668][    C0]  process_one_work+0x9cf/0x1b70
[ 1574.894720][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1574.894764][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.894818][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.894866][    C0]  ? assign_work+0x1a0/0x250
[ 1574.894911][    C0]  worker_thread+0x6c8/0xf10
[ 1574.894965][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1574.895008][    C0]  kthread+0x3c5/0x780
[ 1574.895046][    C0]  ? __pfx_kthread+0x10/0x10
[ 1574.895085][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1574.895134][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1574.895186][    C0]  ? __pfx_kthread+0x10/0x10
[ 1574.895225][    C0]  ret_from_fork+0x675/0x7d0
[ 1574.895259][    C0]  ? __pfx_kthread+0x10/0x10
[ 1574.895298][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1574.895367][    C0]  </TASK>
[ 1574.895381][    C0] 
[ 1575.474749][    C0] Allocated by task 14836:
[ 1575.479158][    C0]  kasan_save_stack+0x33/0x60
[ 1575.483861][    C0]  kasan_save_track+0x14/0x30
[ 1575.488561][    C0]  __kasan_kmalloc+0xaa/0xb0
[ 1575.493173][    C0]  xpad_probe+0x286/0x1ff0
[ 1575.497610][    C0]  usb_probe_interface+0x303/0xa40
[ 1575.502732][    C0]  really_probe+0x241/0xa90
[ 1575.507250][    C0]  __driver_probe_device+0x1de/0x440
[ 1575.512548][    C0]  driver_probe_device+0x4c/0x1b0
[ 1575.517584][    C0]  __device_attach_driver+0x1df/0x310
[ 1575.522970][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1575.527827][    C0]  __device_attach+0x1e4/0x4b0
[ 1575.532611][    C0]  bus_probe_device+0x17f/0x1c0
[ 1575.537476][    C0]  device_add+0x1148/0x1aa0
[ 1575.542007][    C0]  usb_set_configuration+0x1187/0x1e20
[ 1575.547469][    C0]  usb_generic_driver_probe+0xb1/0x110
[ 1575.552948][    C0]  usb_probe_device+0xef/0x3e0
[ 1575.557758][    C0]  really_probe+0x241/0xa90
[ 1575.562277][    C0]  __driver_probe_device+0x1de/0x440
[ 1575.567579][    C0]  driver_probe_device+0x4c/0x1b0
[ 1575.572624][    C0]  __device_attach_driver+0x1df/0x310
[ 1575.578039][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1575.582926][    C0]  __device_attach+0x1e4/0x4b0
[ 1575.587705][    C0]  bus_probe_device+0x17f/0x1c0
[ 1575.592566][    C0]  device_add+0x1148/0x1aa0
[ 1575.597097][    C0]  usb_new_device+0xd07/0x1a60
[ 1575.601861][    C0]  hub_event+0x2f34/0x4fe0
[ 1575.606282][    C0]  process_one_work+0x9cf/0x1b70
[ 1575.611224][    C0]  worker_thread+0x6c8/0xf10
[ 1575.615824][    C0]  kthread+0x3c5/0x780
[ 1575.619915][    C0]  ret_from_fork+0x675/0x7d0
[ 1575.624504][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1575.629288][    C0] 
[ 1575.631604][    C0] Freed by task 5813:
[ 1575.635576][    C0]  kasan_save_stack+0x33/0x60
[ 1575.640281][    C0]  kasan_save_track+0x14/0x30
[ 1575.644992][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1575.650206][    C0]  __kasan_slab_free+0x5f/0x80
[ 1575.654997][    C0]  kfree+0x2b8/0x6d0
[ 1575.658904][    C0]  xpad_disconnect+0x1cf/0x580
[ 1575.663691][    C0]  usb_unbind_interface+0x1dd/0x9e0
[ 1575.668902][    C0]  device_remove+0x125/0x170
[ 1575.673502][    C0]  device_release_driver_internal+0x44b/0x620
[ 1575.679594][    C0]  bus_remove_device+0x22f/0x420
[ 1575.684538][    C0]  device_del+0x396/0x9f0
[ 1575.688890][    C0]  usb_disable_device+0x355/0x7d0
[ 1575.693942][    C0]  usb_disconnect+0x2e1/0x9c0
[ 1575.698651][    C0]  hub_event+0x1c81/0x4fe0
[ 1575.703068][    C0]  process_one_work+0x9cf/0x1b70
[ 1575.708278][    C0]  worker_thread+0x6c8/0xf10
[ 1575.712872][    C0]  kthread+0x3c5/0x780
[ 1575.716954][    C0]  ret_from_fork+0x675/0x7d0
[ 1575.721550][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1575.726337][    C0] 
[ 1575.728659][    C0] The buggy address belongs to the object at ffff8880248e2800
[ 1575.728659][    C0]  which belongs to the cache kmalloc-1k of size 1024
[ 1575.742711][    C0] The buggy address is located 92 bytes inside of
[ 1575.742711][    C0]  freed 1024-byte region [ffff8880248e2800, ffff8880248e2c00)
[ 1575.756517][    C0] 
[ 1575.758832][    C0] The buggy address belongs to the physical page:
[ 1575.765230][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x248e0
[ 1575.773991][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1575.782491][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1575.790470][    C0] page_type: f5(slab)
[ 1575.794452][    C0] raw: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1575.803126][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1575.811726][    C0] head: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1575.820404][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1575.829080][    C0] head: 00fff00000000003 ffffea0000923801 00000000ffffffff 00000000ffffffff
[ 1575.837760][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1575.846432][    C0] page dumped because: kasan: bad access detected
[ 1575.852848][    C0] page_owner tracks the page as allocated
[ 1575.858560][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15057, tgid 15057 (syz.0.1080), ts 1534064285324, free_ts 1533569586343
[ 1575.878383][    C0]  post_alloc_hook+0x1af/0x220
[ 1575.883211][    C0]  get_page_from_freelist+0x10a3/0x3a30
[ 1575.888780][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1575.894873][    C0]  alloc_pages_mpol+0x1fb/0x550
[ 1575.899779][    C0]  new_slab+0x24a/0x360
[ 1575.904045][    C0]  ___slab_alloc+0xd79/0x1a50
[ 1575.908734][    C0]  __slab_alloc.constprop.0+0x63/0x110
[ 1575.914297][    C0]  __kmalloc_noprof+0x501/0x880
[ 1575.919359][    C0]  ieee802_11_parse_elems_full+0x1db/0x3780
[ 1575.925266][    C0]  ieee80211_inform_bss+0x10b/0x1140
[ 1575.930552][    C0]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[ 1575.936801][    C0]  cfg80211_inform_bss_data+0x22b/0x3be0
[ 1575.942440][    C0]  cfg80211_inform_bss_frame_data+0x26f/0x750
[ 1575.948523][    C0]  ieee80211_bss_info_update+0x310/0xab0
[ 1575.954170][    C0]  ieee80211_scan_rx+0x4cf/0xb30
[ 1575.959113][    C0]  ieee80211_rx_list+0x1c15/0x2b20
[ 1575.964271][    C0] page last free pid 15073 tgid 15072 stack trace:
[ 1575.970769][    C0]  __free_frozen_pages+0x7df/0x1160
[ 1575.975986][    C0]  __put_partials+0x130/0x170
[ 1575.980677][    C0]  qlist_free_all+0x4d/0x120
[ 1575.985288][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[ 1575.990765][    C0]  __kasan_slab_alloc+0x69/0x90
[ 1575.995641][    C0]  __kmalloc_noprof+0x2e8/0x880
[ 1576.000500][    C0]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1576.006057][    C0]  tomoyo_path_number_perm+0x245/0x580
[ 1576.011635][    C0]  security_file_ioctl+0x9b/0x240
[ 1576.016782][    C0]  __x64_sys_ioctl+0xb7/0x210
[ 1576.021486][    C0]  do_syscall_64+0xcd/0xfa0
[ 1576.026102][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1576.032003][    C0] 
[ 1576.034317][    C0] Memory state around the buggy address:
[ 1576.039946][    C0]  ffff8880248e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1576.048094][    C0]  ffff8880248e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1576.056341][    C0] >ffff8880248e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1576.064682][    C0]                                                     ^
[ 1576.071612][    C0]  ffff8880248e2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1576.079670][    C0]  ffff8880248e2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1576.087724][    C0] ==================================================================
[ 1576.095777][    C0] Disabling lock debugging due to kernel taint
[ 1576.101919][    C0] ==================================================================
[ 1576.109978][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x27f/0x2b0
[ 1576.117805][    C0] Read of size 8 at addr ffff8880248e2868 by task kworker/u8:5/1087
[ 1576.125794][    C0] 
[ 1576.128122][    C0] CPU: 0 UID: 0 PID: 1087 Comm: kworker/u8:5 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 1576.128173][    C0] Tainted: [B]=BAD_PAGE
[ 1576.128186][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1576.128211][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1576.128275][    C0] Call Trace:
[ 1576.128288][    C0]  <IRQ>
[ 1576.128306][    C0]  dump_stack_lvl+0x116/0x1f0
[ 1576.128353][    C0]  print_report+0xcd/0x630
[ 1576.128385][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.128429][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.128470][    C0]  ? __phys_addr+0xe8/0x180
[ 1576.128532][    C0]  ? do_raw_spin_lock+0x27f/0x2b0
[ 1576.128572][    C0]  kasan_report+0xe0/0x110
[ 1576.128606][    C0]  ? do_raw_spin_lock+0x27f/0x2b0
[ 1576.128650][    C0]  do_raw_spin_lock+0x27f/0x2b0
[ 1576.128691][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1576.128732][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.128778][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[ 1576.128817][    C0]  ? __wake_up+0x1c/0x60
[ 1576.128864][    C0]  __wake_up+0x1c/0x60
[ 1576.128920][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[ 1576.128973][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[ 1576.129018][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[ 1576.129059][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129104][    C0]  dummy_timer+0x1809/0x3a00
[ 1576.129161][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1576.129203][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129247][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129290][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129332][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1576.129374][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129416][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1576.129461][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1576.129503][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1576.129560][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129603][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1576.129651][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1576.129698][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.129740][    C0]  ? mark_held_locks+0x49/0x80
[ 1576.129794][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1576.129838][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1576.129889][    C0]  __hrtimer_run_queues+0x202/0xad0
[ 1576.129940][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1576.129984][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.130032][    C0]  hrtimer_run_softirq+0x17d/0x350
[ 1576.130077][    C0]  handle_softirqs+0x219/0x8e0
[ 1576.130126][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1576.130173][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.130219][    C0]  __irq_exit_rcu+0x109/0x170
[ 1576.130262][    C0]  irq_exit_rcu+0x9/0x30
[ 1576.130304][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1576.130356][    C0]  </IRQ>
[ 1576.130368][    C0]  <TASK>
[ 1576.130381][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1576.130421][    C0] RIP: 0010:unwind_next_frame+0x522/0x20a0
[ 1576.130464][    C0] Code: 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 4c 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 63 15 00 00 0f b6 41 05 <83> e0 07 0f 84 53 fe ff ff 3c 01 0f 84 7b fe ff ff 4c 8d 41 04 4c
[ 1576.130501][    C0] RSP: 0018:ffffc9000394f6e0 EFLAGS: 00000246
[ 1576.130530][    C0] RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff9114bf06
[ 1576.130553][    C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90925b2c
[ 1576.130576][    C0] RBP: ffffc9000394f798 R08: ffffffff9114bf0c R09: 0000000000000000
[ 1576.130600][    C0] R10: 0000000000000000 R11: 0000000000006135 R12: ffffc9000394f7a0
[ 1576.130624][    C0] R13: ffffc9000394f750 R14: ffffc9000394f785 R15: ffffffff9114bf0b
[ 1576.130660][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1576.130694][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1576.130748][    C0]  arch_stack_walk+0x94/0x100
[ 1576.130790][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1576.130824][    C0]  stack_trace_save+0x8e/0xc0
[ 1576.130873][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1576.130929][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.130972][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1576.131029][    C0]  kasan_save_stack+0x33/0x60
[ 1576.131084][    C0]  ? kasan_save_stack+0x33/0x60
[ 1576.131136][    C0]  ? kasan_save_track+0x14/0x30
[ 1576.131188][    C0]  ? __kasan_save_free_info+0x3b/0x60
[ 1576.131232][    C0]  ? __kasan_slab_free+0x5f/0x80
[ 1576.131286][    C0]  ? kmem_cache_free+0x2d4/0x6c0
[ 1576.131337][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1576.131382][    C0]  ? consume_skb+0xcc/0x100
[ 1576.131420][    C0]  ? nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1576.131479][    C0]  ? process_one_work+0x9cf/0x1b70
[ 1576.131516][    C0]  ? worker_thread+0x6c8/0xf10
[ 1576.131553][    C0]  ? kthread+0x3c5/0x780
[ 1576.131585][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1576.131641][    C0]  kasan_save_track+0x14/0x30
[ 1576.131694][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1576.131739][    C0]  __kasan_slab_free+0x5f/0x80
[ 1576.131795][    C0]  kmem_cache_free+0x2d4/0x6c0
[ 1576.131844][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1576.131897][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1576.131940][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.131983][    C0]  kfree_skbmem+0x1a4/0x1f0
[ 1576.132029][    C0]  consume_skb+0xcc/0x100
[ 1576.132067][    C0]  nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1576.132135][    C0]  process_one_work+0x9cf/0x1b70
[ 1576.132182][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1576.132221][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.132269][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.132311][    C0]  ? assign_work+0x1a0/0x250
[ 1576.132347][    C0]  worker_thread+0x6c8/0xf10
[ 1576.132394][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1576.132433][    C0]  kthread+0x3c5/0x780
[ 1576.132467][    C0]  ? __pfx_kthread+0x10/0x10
[ 1576.132501][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1576.132543][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1576.132589][    C0]  ? __pfx_kthread+0x10/0x10
[ 1576.132624][    C0]  ret_from_fork+0x675/0x7d0
[ 1576.132654][    C0]  ? __pfx_kthread+0x10/0x10
[ 1576.132689][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1576.132754][    C0]  </TASK>
[ 1576.132766][    C0] 
[ 1576.720435][    C0] Allocated by task 14836:
[ 1576.724849][    C0]  kasan_save_stack+0x33/0x60
[ 1576.729561][    C0]  kasan_save_track+0x14/0x30
[ 1576.734263][    C0]  __kasan_kmalloc+0xaa/0xb0
[ 1576.738878][    C0]  xpad_probe+0x286/0x1ff0
[ 1576.743321][    C0]  usb_probe_interface+0x303/0xa40
[ 1576.748447][    C0]  really_probe+0x241/0xa90
[ 1576.752975][    C0]  __driver_probe_device+0x1de/0x440
[ 1576.758283][    C0]  driver_probe_device+0x4c/0x1b0
[ 1576.763332][    C0]  __device_attach_driver+0x1df/0x310
[ 1576.768738][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1576.773621][    C0]  __device_attach+0x1e4/0x4b0
[ 1576.778411][    C0]  bus_probe_device+0x17f/0x1c0
[ 1576.783292][    C0]  device_add+0x1148/0x1aa0
[ 1576.787828][    C0]  usb_set_configuration+0x1187/0x1e20
[ 1576.793296][    C0]  usb_generic_driver_probe+0xb1/0x110
[ 1576.798782][    C0]  usb_probe_device+0xef/0x3e0
[ 1576.803550][    C0]  really_probe+0x241/0xa90
[ 1576.808069][    C0]  __driver_probe_device+0x1de/0x440
[ 1576.813372][    C0]  driver_probe_device+0x4c/0x1b0
[ 1576.818416][    C0]  __device_attach_driver+0x1df/0x310
[ 1576.823803][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1576.828658][    C0]  __device_attach+0x1e4/0x4b0
[ 1576.833439][    C0]  bus_probe_device+0x17f/0x1c0
[ 1576.838304][    C0]  device_add+0x1148/0x1aa0
[ 1576.842827][    C0]  usb_new_device+0xd07/0x1a60
[ 1576.847594][    C0]  hub_event+0x2f34/0x4fe0
[ 1576.852018][    C0]  process_one_work+0x9cf/0x1b70
[ 1576.856965][    C0]  worker_thread+0x6c8/0xf10
[ 1576.861561][    C0]  kthread+0x3c5/0x780
[ 1576.865635][    C0]  ret_from_fork+0x675/0x7d0
[ 1576.870232][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1576.875126][    C0] 
[ 1576.877455][    C0] Freed by task 5813:
[ 1576.881431][    C0]  kasan_save_stack+0x33/0x60
[ 1576.886148][    C0]  kasan_save_track+0x14/0x30
[ 1576.890860][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1576.896077][    C0]  __kasan_slab_free+0x5f/0x80
[ 1576.900877][    C0]  kfree+0x2b8/0x6d0
[ 1576.904794][    C0]  xpad_disconnect+0x1cf/0x580
[ 1576.909672][    C0]  usb_unbind_interface+0x1dd/0x9e0
[ 1576.914885][    C0]  device_remove+0x125/0x170
[ 1576.919582][    C0]  device_release_driver_internal+0x44b/0x620
[ 1576.925679][    C0]  bus_remove_device+0x22f/0x420
[ 1576.930633][    C0]  device_del+0x396/0x9f0
[ 1576.934985][    C0]  usb_disable_device+0x355/0x7d0
[ 1576.940219][    C0]  usb_disconnect+0x2e1/0x9c0
[ 1576.944999][    C0]  hub_event+0x1c81/0x4fe0
[ 1576.949420][    C0]  process_one_work+0x9cf/0x1b70
[ 1576.954367][    C0]  worker_thread+0x6c8/0xf10
[ 1576.959146][    C0]  kthread+0x3c5/0x780
[ 1576.963219][    C0]  ret_from_fork+0x675/0x7d0
[ 1576.968009][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1576.972804][    C0] 
[ 1576.975168][    C0] The buggy address belongs to the object at ffff8880248e2800
[ 1576.975168][    C0]  which belongs to the cache kmalloc-1k of size 1024
[ 1576.989312][    C0] The buggy address is located 104 bytes inside of
[ 1576.989312][    C0]  freed 1024-byte region [ffff8880248e2800, ffff8880248e2c00)
[ 1577.003291][    C0] 
[ 1577.005610][    C0] The buggy address belongs to the physical page:
[ 1577.012097][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x248e0
[ 1577.020858][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1577.029361][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1577.037339][    C0] page_type: f5(slab)
[ 1577.041325][    C0] raw: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1577.049920][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1577.058706][    C0] head: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1577.067388][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1577.076735][    C0] head: 00fff00000000003 ffffea0000923801 00000000ffffffff 00000000ffffffff
[ 1577.085688][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1577.094576][    C0] page dumped because: kasan: bad access detected
[ 1577.101180][    C0] page_owner tracks the page as allocated
[ 1577.107238][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15057, tgid 15057 (syz.0.1080), ts 1534064285324, free_ts 1533569586343
[ 1577.126985][    C0]  post_alloc_hook+0x1af/0x220
[ 1577.131778][    C0]  get_page_from_freelist+0x10a3/0x3a30
[ 1577.137341][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1577.143253][    C0]  alloc_pages_mpol+0x1fb/0x550
[ 1577.148106][    C0]  new_slab+0x24a/0x360
[ 1577.152270][    C0]  ___slab_alloc+0xd79/0x1a50
[ 1577.156979][    C0]  __slab_alloc.constprop.0+0x63/0x110
[ 1577.162452][    C0]  __kmalloc_noprof+0x501/0x880
[ 1577.167315][    C0]  ieee802_11_parse_elems_full+0x1db/0x3780
[ 1577.173222][    C0]  ieee80211_inform_bss+0x10b/0x1140
[ 1577.178520][    C0]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[ 1577.184784][    C0]  cfg80211_inform_bss_data+0x22b/0x3be0
[ 1577.190424][    C0]  cfg80211_inform_bss_frame_data+0x26f/0x750
[ 1577.196647][    C0]  ieee80211_bss_info_update+0x310/0xab0
[ 1577.202286][    C0]  ieee80211_scan_rx+0x4cf/0xb30
[ 1577.207314][    C0]  ieee80211_rx_list+0x1c15/0x2b20
[ 1577.212451][    C0] page last free pid 15073 tgid 15072 stack trace:
[ 1577.218964][    C0]  __free_frozen_pages+0x7df/0x1160
[ 1577.224261][    C0]  __put_partials+0x130/0x170
[ 1577.229223][    C0]  qlist_free_all+0x4d/0x120
[ 1577.233943][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[ 1577.239604][    C0]  __kasan_slab_alloc+0x69/0x90
[ 1577.244574][    C0]  __kmalloc_noprof+0x2e8/0x880
[ 1577.249470][    C0]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1577.255227][    C0]  tomoyo_path_number_perm+0x245/0x580
[ 1577.260903][    C0]  security_file_ioctl+0x9b/0x240
[ 1577.265932][    C0]  __x64_sys_ioctl+0xb7/0x210
[ 1577.270621][    C0]  do_syscall_64+0xcd/0xfa0
[ 1577.275173][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1577.281182][    C0] 
[ 1577.283497][    C0] Memory state around the buggy address:
[ 1577.289208][    C0]  ffff8880248e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1577.297269][    C0]  ffff8880248e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1577.305768][    C0] >ffff8880248e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1577.314139][    C0]                                                           ^
[ 1577.321671][    C0]  ffff8880248e2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1577.329727][    C0]  ffff8880248e2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1577.337781][    C0] ==================================================================
[ 1577.345836][    C0] ==================================================================
[ 1577.353894][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x265/0x2b0
[ 1577.361715][    C0] Read of size 4 at addr ffff8880248e2860 by task kworker/u8:5/1087
[ 1577.369702][    C0] 
[ 1577.372024][    C0] CPU: 0 UID: 0 PID: 1087 Comm: kworker/u8:5 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 1577.372074][    C0] Tainted: [B]=BAD_PAGE
[ 1577.372087][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1577.372112][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1577.372172][    C0] Call Trace:
[ 1577.372184][    C0]  <IRQ>
[ 1577.372197][    C0]  dump_stack_lvl+0x116/0x1f0
[ 1577.372242][    C0]  print_report+0xcd/0x630
[ 1577.372274][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.372317][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.372360][    C0]  ? __phys_addr+0xe8/0x180
[ 1577.372409][    C0]  ? do_raw_spin_lock+0x265/0x2b0
[ 1577.372447][    C0]  kasan_report+0xe0/0x110
[ 1577.372482][    C0]  ? do_raw_spin_lock+0x265/0x2b0
[ 1577.372526][    C0]  do_raw_spin_lock+0x265/0x2b0
[ 1577.372567][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1577.372607][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.372652][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[ 1577.372691][    C0]  ? __wake_up+0x1c/0x60
[ 1577.372737][    C0]  __wake_up+0x1c/0x60
[ 1577.372785][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[ 1577.372835][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[ 1577.372878][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[ 1577.372924][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.372967][    C0]  dummy_timer+0x1809/0x3a00
[ 1577.373020][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1577.373062][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373104][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373146][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373187][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1577.373228][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373269][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1577.373313][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1577.373354][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1577.373409][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373451][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1577.373498][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1577.373544][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373585][    C0]  ? mark_held_locks+0x49/0x80
[ 1577.373637][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1577.373680][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1577.373726][    C0]  __hrtimer_run_queues+0x202/0xad0
[ 1577.373775][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1577.373817][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.373865][    C0]  hrtimer_run_softirq+0x17d/0x350
[ 1577.373912][    C0]  handle_softirqs+0x219/0x8e0
[ 1577.373959][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1577.374003][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.374046][    C0]  __irq_exit_rcu+0x109/0x170
[ 1577.374087][    C0]  irq_exit_rcu+0x9/0x30
[ 1577.374128][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1577.374171][    C0]  </IRQ>
[ 1577.374183][    C0]  <TASK>
[ 1577.374196][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1577.374234][    C0] RIP: 0010:unwind_next_frame+0x522/0x20a0
[ 1577.374275][    C0] Code: 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 4c 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 63 15 00 00 0f b6 41 05 <83> e0 07 0f 84 53 fe ff ff 3c 01 0f 84 7b fe ff ff 4c 8d 41 04 4c
[ 1577.374309][    C0] RSP: 0018:ffffc9000394f6e0 EFLAGS: 00000246
[ 1577.374335][    C0] RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff9114bf06
[ 1577.374358][    C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90925b2c
[ 1577.374381][    C0] RBP: ffffc9000394f798 R08: ffffffff9114bf0c R09: 0000000000000000
[ 1577.374404][    C0] R10: 0000000000000000 R11: 0000000000006135 R12: ffffc9000394f7a0
[ 1577.374426][    C0] R13: ffffc9000394f750 R14: ffffc9000394f785 R15: ffffffff9114bf0b
[ 1577.374461][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1577.374495][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1577.374546][    C0]  arch_stack_walk+0x94/0x100
[ 1577.374587][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1577.374620][    C0]  stack_trace_save+0x8e/0xc0
[ 1577.374668][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1577.374717][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.374758][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1577.374814][    C0]  kasan_save_stack+0x33/0x60
[ 1577.374864][    C0]  ? kasan_save_stack+0x33/0x60
[ 1577.374918][    C0]  ? kasan_save_track+0x14/0x30
[ 1577.374968][    C0]  ? __kasan_save_free_info+0x3b/0x60
[ 1577.375010][    C0]  ? __kasan_slab_free+0x5f/0x80
[ 1577.375063][    C0]  ? kmem_cache_free+0x2d4/0x6c0
[ 1577.375111][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1577.375155][    C0]  ? consume_skb+0xcc/0x100
[ 1577.375191][    C0]  ? nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1577.375245][    C0]  ? process_one_work+0x9cf/0x1b70
[ 1577.375282][    C0]  ? worker_thread+0x6c8/0xf10
[ 1577.375317][    C0]  ? kthread+0x3c5/0x780
[ 1577.375347][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1577.375402][    C0]  kasan_save_track+0x14/0x30
[ 1577.375453][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1577.375496][    C0]  __kasan_slab_free+0x5f/0x80
[ 1577.375550][    C0]  kmem_cache_free+0x2d4/0x6c0
[ 1577.375597][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1577.375644][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1577.375686][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.375727][    C0]  kfree_skbmem+0x1a4/0x1f0
[ 1577.375771][    C0]  consume_skb+0xcc/0x100
[ 1577.375808][    C0]  nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1577.375874][    C0]  process_one_work+0x9cf/0x1b70
[ 1577.375923][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1577.375961][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.376006][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.376047][    C0]  ? assign_work+0x1a0/0x250
[ 1577.376081][    C0]  worker_thread+0x6c8/0xf10
[ 1577.376126][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1577.376163][    C0]  kthread+0x3c5/0x780
[ 1577.376196][    C0]  ? __pfx_kthread+0x10/0x10
[ 1577.376229][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1577.376271][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1577.376315][    C0]  ? __pfx_kthread+0x10/0x10
[ 1577.376351][    C0]  ret_from_fork+0x675/0x7d0
[ 1577.376381][    C0]  ? __pfx_kthread+0x10/0x10
[ 1577.376413][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1577.376472][    C0]  </TASK>
[ 1577.376484][    C0] 
[ 1577.961230][    C0] Allocated by task 14836:
[ 1577.965646][    C0]  kasan_save_stack+0x33/0x60
[ 1577.970356][    C0]  kasan_save_track+0x14/0x30
[ 1577.975059][    C0]  __kasan_kmalloc+0xaa/0xb0
[ 1577.979677][    C0]  xpad_probe+0x286/0x1ff0
[ 1577.984115][    C0]  usb_probe_interface+0x303/0xa40
[ 1577.989242][    C0]  really_probe+0x241/0xa90
[ 1577.993767][    C0]  __driver_probe_device+0x1de/0x440
[ 1577.999072][    C0]  driver_probe_device+0x4c/0x1b0
[ 1578.004111][    C0]  __device_attach_driver+0x1df/0x310
[ 1578.009500][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1578.014355][    C0]  __device_attach+0x1e4/0x4b0
[ 1578.019137][    C0]  bus_probe_device+0x17f/0x1c0
[ 1578.023997][    C0]  device_add+0x1148/0x1aa0
[ 1578.028524][    C0]  usb_set_configuration+0x1187/0x1e20
[ 1578.034094][    C0]  usb_generic_driver_probe+0xb1/0x110
[ 1578.039575][    C0]  usb_probe_device+0xef/0x3e0
[ 1578.044342][    C0]  really_probe+0x241/0xa90
[ 1578.048860][    C0]  __driver_probe_device+0x1de/0x440
[ 1578.054161][    C0]  driver_probe_device+0x4c/0x1b0
[ 1578.059200][    C0]  __device_attach_driver+0x1df/0x310
[ 1578.064589][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1578.069445][    C0]  __device_attach+0x1e4/0x4b0
[ 1578.074225][    C0]  bus_probe_device+0x17f/0x1c0
[ 1578.079080][    C0]  device_add+0x1148/0x1aa0
[ 1578.083610][    C0]  usb_new_device+0xd07/0x1a60
[ 1578.088382][    C0]  hub_event+0x2f34/0x4fe0
[ 1578.092799][    C0]  process_one_work+0x9cf/0x1b70
[ 1578.097744][    C0]  worker_thread+0x6c8/0xf10
[ 1578.102429][    C0]  kthread+0x3c5/0x780
[ 1578.106501][    C0]  ret_from_fork+0x675/0x7d0
[ 1578.111087][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1578.115868][    C0] 
[ 1578.118182][    C0] Freed by task 5813:
[ 1578.122149][    C0]  kasan_save_stack+0x33/0x60
[ 1578.126845][    C0]  kasan_save_track+0x14/0x30
[ 1578.131541][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1578.136754][    C0]  __kasan_slab_free+0x5f/0x80
[ 1578.141536][    C0]  kfree+0x2b8/0x6d0
[ 1578.145453][    C0]  xpad_disconnect+0x1cf/0x580
[ 1578.150239][    C0]  usb_unbind_interface+0x1dd/0x9e0
[ 1578.155446][    C0]  device_remove+0x125/0x170
[ 1578.160048][    C0]  device_release_driver_internal+0x44b/0x620
[ 1578.166134][    C0]  bus_remove_device+0x22f/0x420
[ 1578.171077][    C0]  device_del+0x396/0x9f0
[ 1578.175423][    C0]  usb_disable_device+0x355/0x7d0
[ 1578.180475][    C0]  usb_disconnect+0x2e1/0x9c0
[ 1578.185177][    C0]  hub_event+0x1c81/0x4fe0
[ 1578.189603][    C0]  process_one_work+0x9cf/0x1b70
[ 1578.194549][    C0]  worker_thread+0x6c8/0xf10
[ 1578.199146][    C0]  kthread+0x3c5/0x780
[ 1578.203221][    C0]  ret_from_fork+0x675/0x7d0
[ 1578.207812][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1578.212598][    C0] 
[ 1578.214915][    C0] The buggy address belongs to the object at ffff8880248e2800
[ 1578.214915][    C0]  which belongs to the cache kmalloc-1k of size 1024
[ 1578.228962][    C0] The buggy address is located 96 bytes inside of
[ 1578.228962][    C0]  freed 1024-byte region [ffff8880248e2800, ffff8880248e2c00)
[ 1578.242762][    C0] 
[ 1578.245082][    C0] The buggy address belongs to the physical page:
[ 1578.251619][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x248e0
[ 1578.260915][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1578.269686][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1578.277670][    C0] page_type: f5(slab)
[ 1578.281657][    C0] raw: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1578.290250][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1578.298837][    C0] head: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1578.307512][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1578.316207][    C0] head: 00fff00000000003 ffffea0000923801 00000000ffffffff 00000000ffffffff
[ 1578.324903][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1578.334012][    C0] page dumped because: kasan: bad access detected
[ 1578.340457][    C0] page_owner tracks the page as allocated
[ 1578.346164][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15057, tgid 15057 (syz.0.1080), ts 1534064285324, free_ts 1533569586343
[ 1578.365810][    C0]  post_alloc_hook+0x1af/0x220
[ 1578.370599][    C0]  get_page_from_freelist+0x10a3/0x3a30
[ 1578.376162][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1578.382072][    C0]  alloc_pages_mpol+0x1fb/0x550
[ 1578.386930][    C0]  new_slab+0x24a/0x360
[ 1578.391098][    C0]  ___slab_alloc+0xd79/0x1a50
[ 1578.395790][    C0]  __slab_alloc.constprop.0+0x63/0x110
[ 1578.401352][    C0]  __kmalloc_noprof+0x501/0x880
[ 1578.406237][    C0]  ieee802_11_parse_elems_full+0x1db/0x3780
[ 1578.412232][    C0]  ieee80211_inform_bss+0x10b/0x1140
[ 1578.417524][    C0]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[ 1578.423779][    C0]  cfg80211_inform_bss_data+0x22b/0x3be0
[ 1578.429427][    C0]  cfg80211_inform_bss_frame_data+0x26f/0x750
[ 1578.435507][    C0]  ieee80211_bss_info_update+0x310/0xab0
[ 1578.441150][    C0]  ieee80211_scan_rx+0x4cf/0xb30
[ 1578.446092][    C0]  ieee80211_rx_list+0x1c15/0x2b20
[ 1578.451218][    C0] page last free pid 15073 tgid 15072 stack trace:
[ 1578.457798][    C0]  __free_frozen_pages+0x7df/0x1160
[ 1578.463009][    C0]  __put_partials+0x130/0x170
[ 1578.467699][    C0]  qlist_free_all+0x4d/0x120
[ 1578.472308][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[ 1578.477796][    C0]  __kasan_slab_alloc+0x69/0x90
[ 1578.482757][    C0]  __kmalloc_noprof+0x2e8/0x880
[ 1578.487625][    C0]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1578.493183][    C0]  tomoyo_path_number_perm+0x245/0x580
[ 1578.498667][    C0]  security_file_ioctl+0x9b/0x240
[ 1578.503693][    C0]  __x64_sys_ioctl+0xb7/0x210
[ 1578.508385][    C0]  do_syscall_64+0xcd/0xfa0
[ 1578.512921][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1578.518819][    C0] 
[ 1578.521149][    C0] Memory state around the buggy address:
[ 1578.526772][    C0]  ffff8880248e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1578.535536][    C0]  ffff8880248e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1578.543683][    C0] >ffff8880248e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1578.551737][    C0]                                                        ^
[ 1578.559558][    C0]  ffff8880248e2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1578.567721][    C0]  ffff8880248e2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1578.575794][    C0] ==================================================================
[ 1578.583857][    C0] ==================================================================
[ 1578.591917][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x11d/0x2b0
[ 1578.599743][    C0] Write of size 4 at addr ffff8880248e2858 by task kworker/u8:5/1087
[ 1578.607807][    C0] 
[ 1578.610143][    C0] CPU: 0 UID: 0 PID: 1087 Comm: kworker/u8:5 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 1578.610200][    C0] Tainted: [B]=BAD_PAGE
[ 1578.610215][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1578.610243][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1578.610312][    C0] Call Trace:
[ 1578.610327][    C0]  <IRQ>
[ 1578.610342][    C0]  dump_stack_lvl+0x116/0x1f0
[ 1578.610394][    C0]  print_report+0xcd/0x630
[ 1578.610431][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.610481][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.610528][    C0]  ? __phys_addr+0xe8/0x180
[ 1578.610585][    C0]  ? do_raw_spin_lock+0x11d/0x2b0
[ 1578.610632][    C0]  kasan_report+0xe0/0x110
[ 1578.610670][    C0]  ? do_raw_spin_lock+0x11d/0x2b0
[ 1578.610723][    C0]  kasan_check_range+0x100/0x1b0
[ 1578.610768][    C0]  do_raw_spin_lock+0x11d/0x2b0
[ 1578.610807][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1578.610848][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.610894][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[ 1578.610933][    C0]  ? __wake_up+0x1c/0x60
[ 1578.610980][    C0]  __wake_up+0x1c/0x60
[ 1578.611028][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[ 1578.611080][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[ 1578.611138][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[ 1578.611178][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611224][    C0]  dummy_timer+0x1809/0x3a00
[ 1578.611276][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1578.611318][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611362][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611405][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611446][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1578.611487][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611529][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1578.611572][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1578.611614][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1578.611670][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611712][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1578.611760][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1578.611806][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.611848][    C0]  ? mark_held_locks+0x49/0x80
[ 1578.611902][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1578.611946][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1578.611992][    C0]  __hrtimer_run_queues+0x202/0xad0
[ 1578.612042][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1578.612085][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.612137][    C0]  hrtimer_run_softirq+0x17d/0x350
[ 1578.612182][    C0]  handle_softirqs+0x219/0x8e0
[ 1578.612230][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1578.612274][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.612318][    C0]  __irq_exit_rcu+0x109/0x170
[ 1578.612360][    C0]  irq_exit_rcu+0x9/0x30
[ 1578.612402][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1578.612445][    C0]  </IRQ>
[ 1578.612456][    C0]  <TASK>
[ 1578.612470][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1578.612509][    C0] RIP: 0010:unwind_next_frame+0x522/0x20a0
[ 1578.612551][    C0] Code: 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 4c 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 63 15 00 00 0f b6 41 05 <83> e0 07 0f 84 53 fe ff ff 3c 01 0f 84 7b fe ff ff 4c 8d 41 04 4c
[ 1578.612585][    C0] RSP: 0018:ffffc9000394f6e0 EFLAGS: 00000246
[ 1578.612612][    C0] RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff9114bf06
[ 1578.612635][    C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90925b2c
[ 1578.612657][    C0] RBP: ffffc9000394f798 R08: ffffffff9114bf0c R09: 0000000000000000
[ 1578.612681][    C0] R10: 0000000000000000 R11: 0000000000006135 R12: ffffc9000394f7a0
[ 1578.612703][    C0] R13: ffffc9000394f750 R14: ffffc9000394f785 R15: ffffffff9114bf0b
[ 1578.612738][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1578.612771][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1578.612823][    C0]  arch_stack_walk+0x94/0x100
[ 1578.612865][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1578.612899][    C0]  stack_trace_save+0x8e/0xc0
[ 1578.612946][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1578.612997][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.613039][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1578.613095][    C0]  kasan_save_stack+0x33/0x60
[ 1578.613150][    C0]  ? kasan_save_stack+0x33/0x60
[ 1578.613201][    C0]  ? kasan_save_track+0x14/0x30
[ 1578.613252][    C0]  ? __kasan_save_free_info+0x3b/0x60
[ 1578.613295][    C0]  ? __kasan_slab_free+0x5f/0x80
[ 1578.613347][    C0]  ? kmem_cache_free+0x2d4/0x6c0
[ 1578.613395][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1578.613440][    C0]  ? consume_skb+0xcc/0x100
[ 1578.613476][    C0]  ? nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1578.613532][    C0]  ? process_one_work+0x9cf/0x1b70
[ 1578.613569][    C0]  ? worker_thread+0x6c8/0xf10
[ 1578.613604][    C0]  ? kthread+0x3c5/0x780
[ 1578.613635][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1578.613689][    C0]  kasan_save_track+0x14/0x30
[ 1578.613740][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1578.613784][    C0]  __kasan_slab_free+0x5f/0x80
[ 1578.613838][    C0]  kmem_cache_free+0x2d4/0x6c0
[ 1578.613886][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1578.613934][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1578.613976][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.614017][    C0]  kfree_skbmem+0x1a4/0x1f0
[ 1578.614061][    C0]  consume_skb+0xcc/0x100
[ 1578.614099][    C0]  nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1578.614169][    C0]  process_one_work+0x9cf/0x1b70
[ 1578.614214][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1578.614252][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.614298][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.614339][    C0]  ? assign_work+0x1a0/0x250
[ 1578.614373][    C0]  worker_thread+0x6c8/0xf10
[ 1578.614418][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1578.614456][    C0]  kthread+0x3c5/0x780
[ 1578.614488][    C0]  ? __pfx_kthread+0x10/0x10
[ 1578.614522][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1578.614563][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1578.614607][    C0]  ? __pfx_kthread+0x10/0x10
[ 1578.614641][    C0]  ret_from_fork+0x675/0x7d0
[ 1578.614670][    C0]  ? __pfx_kthread+0x10/0x10
[ 1578.614704][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1578.614763][    C0]  </TASK>
[ 1578.614775][    C0] 
[ 1579.204575][    C0] Allocated by task 14836:
[ 1579.208994][    C0]  kasan_save_stack+0x33/0x60
[ 1579.213699][    C0]  kasan_save_track+0x14/0x30
[ 1579.218399][    C0]  __kasan_kmalloc+0xaa/0xb0
[ 1579.223212][    C0]  xpad_probe+0x286/0x1ff0
[ 1579.227828][    C0]  usb_probe_interface+0x303/0xa40
[ 1579.232950][    C0]  really_probe+0x241/0xa90
[ 1579.237488][    C0]  __driver_probe_device+0x1de/0x440
[ 1579.242785][    C0]  driver_probe_device+0x4c/0x1b0
[ 1579.247910][    C0]  __device_attach_driver+0x1df/0x310
[ 1579.253298][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1579.258170][    C0]  __device_attach+0x1e4/0x4b0
[ 1579.262945][    C0]  bus_probe_device+0x17f/0x1c0
[ 1579.267803][    C0]  device_add+0x1148/0x1aa0
[ 1579.272325][    C0]  usb_set_configuration+0x1187/0x1e20
[ 1579.277784][    C0]  usb_generic_driver_probe+0xb1/0x110
[ 1579.283263][    C0]  usb_probe_device+0xef/0x3e0
[ 1579.288029][    C0]  really_probe+0x241/0xa90
[ 1579.292545][    C0]  __driver_probe_device+0x1de/0x440
[ 1579.297845][    C0]  driver_probe_device+0x4c/0x1b0
[ 1579.302882][    C0]  __device_attach_driver+0x1df/0x310
[ 1579.308272][    C0]  bus_for_each_drv+0x159/0x1e0
[ 1579.313129][    C0]  __device_attach+0x1e4/0x4b0
[ 1579.317918][    C0]  bus_probe_device+0x17f/0x1c0
[ 1579.322777][    C0]  device_add+0x1148/0x1aa0
[ 1579.327307][    C0]  usb_new_device+0xd07/0x1a60
[ 1579.332071][    C0]  hub_event+0x2f34/0x4fe0
[ 1579.336489][    C0]  process_one_work+0x9cf/0x1b70
[ 1579.341430][    C0]  worker_thread+0x6c8/0xf10
[ 1579.346025][    C0]  kthread+0x3c5/0x780
[ 1579.350093][    C0]  ret_from_fork+0x675/0x7d0
[ 1579.354689][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1579.359472][    C0] 
[ 1579.361784][    C0] Freed by task 5813:
[ 1579.365753][    C0]  kasan_save_stack+0x33/0x60
[ 1579.370453][    C0]  kasan_save_track+0x14/0x30
[ 1579.375154][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1579.380364][    C0]  __kasan_slab_free+0x5f/0x80
[ 1579.385153][    C0]  kfree+0x2b8/0x6d0
[ 1579.389069][    C0]  xpad_disconnect+0x1cf/0x580
[ 1579.393863][    C0]  usb_unbind_interface+0x1dd/0x9e0
[ 1579.399067][    C0]  device_remove+0x125/0x170
[ 1579.403668][    C0]  device_release_driver_internal+0x44b/0x620
[ 1579.409755][    C0]  bus_remove_device+0x22f/0x420
[ 1579.414697][    C0]  device_del+0x396/0x9f0
[ 1579.419043][    C0]  usb_disable_device+0x355/0x7d0
[ 1579.424094][    C0]  usb_disconnect+0x2e1/0x9c0
[ 1579.428798][    C0]  hub_event+0x1c81/0x4fe0
[ 1579.433219][    C0]  process_one_work+0x9cf/0x1b70
[ 1579.438185][    C0]  worker_thread+0x6c8/0xf10
[ 1579.442786][    C0]  kthread+0x3c5/0x780
[ 1579.446858][    C0]  ret_from_fork+0x675/0x7d0
[ 1579.451450][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1579.456239][    C0] 
[ 1579.458553][    C0] The buggy address belongs to the object at ffff8880248e2800
[ 1579.458553][    C0]  which belongs to the cache kmalloc-1k of size 1024
[ 1579.472611][    C0] The buggy address is located 88 bytes inside of
[ 1579.472611][    C0]  freed 1024-byte region [ffff8880248e2800, ffff8880248e2c00)
[ 1579.486412][    C0] 
[ 1579.488730][    C0] The buggy address belongs to the physical page:
[ 1579.495133][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x248e0
[ 1579.503901][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1579.512396][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1579.520376][    C0] page_type: f5(slab)
[ 1579.524360][    C0] raw: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1579.532946][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1579.541536][    C0] head: 00fff00000000040 ffff88813ffa6dc0 0000000000000000 dead000000000001
[ 1579.550211][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1579.558886][    C0] head: 00fff00000000003 ffffea0000923801 00000000ffffffff 00000000ffffffff
[ 1579.567559][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1579.576234][    C0] page dumped because: kasan: bad access detected
[ 1579.582640][    C0] page_owner tracks the page as allocated
[ 1579.588346][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15057, tgid 15057 (syz.0.1080), ts 1534064285324, free_ts 1533569586343
[ 1579.607990][    C0]  post_alloc_hook+0x1af/0x220
[ 1579.612775][    C0]  get_page_from_freelist+0x10a3/0x3a30
[ 1579.618341][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1579.624254][    C0]  alloc_pages_mpol+0x1fb/0x550
[ 1579.629111][    C0]  new_slab+0x24a/0x360
[ 1579.633280][    C0]  ___slab_alloc+0xd79/0x1a50
[ 1579.637967][    C0]  __slab_alloc.constprop.0+0x63/0x110
[ 1579.643438][    C0]  __kmalloc_noprof+0x501/0x880
[ 1579.648304][    C0]  ieee802_11_parse_elems_full+0x1db/0x3780
[ 1579.654204][    C0]  ieee80211_inform_bss+0x10b/0x1140
[ 1579.659493][    C0]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[ 1579.665752][    C0]  cfg80211_inform_bss_data+0x22b/0x3be0
[ 1579.671396][    C0]  cfg80211_inform_bss_frame_data+0x26f/0x750
[ 1579.677619][    C0]  ieee80211_bss_info_update+0x310/0xab0
[ 1579.683357][    C0]  ieee80211_scan_rx+0x4cf/0xb30
[ 1579.688321][    C0]  ieee80211_rx_list+0x1c15/0x2b20
[ 1579.693474][    C0] page last free pid 15073 tgid 15072 stack trace:
[ 1579.699972][    C0]  __free_frozen_pages+0x7df/0x1160
[ 1579.705182][    C0]  __put_partials+0x130/0x170
[ 1579.709878][    C0]  qlist_free_all+0x4d/0x120
[ 1579.714499][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[ 1579.719985][    C0]  __kasan_slab_alloc+0x69/0x90
[ 1579.724865][    C0]  __kmalloc_noprof+0x2e8/0x880
[ 1579.729740][    C0]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1579.735303][    C0]  tomoyo_path_number_perm+0x245/0x580
[ 1579.740794][    C0]  security_file_ioctl+0x9b/0x240
[ 1579.745825][    C0]  __x64_sys_ioctl+0xb7/0x210
[ 1579.750526][    C0]  do_syscall_64+0xcd/0xfa0
[ 1579.755044][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1579.760946][    C0] 
[ 1579.763259][    C0] Memory state around the buggy address:
[ 1579.768882][    C0]  ffff8880248e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1579.776944][    C0]  ffff8880248e2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1579.785004][    C0] >ffff8880248e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1579.793070][    C0]                                                     ^
[ 1579.800001][    C0]  ffff8880248e2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1579.808154][    C0]  ffff8880248e2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1579.816210][    C0] ==================================================================
[ 1579.824269][    C0] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 1579.831988][    C0] CPU: 0 UID: 0 PID: 1087 Comm: kworker/u8:5 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 1579.843114][    C0] Tainted: [B]=BAD_PAGE
[ 1579.847260][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1579.857318][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1579.864122][    C0] Call Trace:
[ 1579.867403][    C0]  <IRQ>
[ 1579.870245][    C0]  dump_stack_lvl+0x3d/0x1f0
[ 1579.874859][    C0]  vpanic+0x640/0x6f0
[ 1579.878889][    C0]  panic+0xca/0xd0
[ 1579.882657][    C0]  ? __pfx_panic+0x10/0x10
[ 1579.887127][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1579.892780][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1579.897570][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1579.903221][    C0]  ? lock_release+0x201/0x2f0
[ 1579.908086][    C0]  ? print_report+0x2bd/0x630
[ 1579.913215][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1579.918864][    C0]  end_report+0x159/0x170
[ 1579.923208][    C0]  kasan_report+0xee/0x110
[ 1579.927641][    C0]  ? do_raw_spin_lock+0x11d/0x2b0
[ 1579.932791][    C0]  kasan_check_range+0x100/0x1b0
[ 1579.937756][    C0]  do_raw_spin_lock+0x11d/0x2b0
[ 1579.942629][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1579.948022][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1579.953677][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[ 1579.958890][    C0]  ? __wake_up+0x1c/0x60
[ 1579.963162][    C0]  __wake_up+0x1c/0x60
[ 1579.967258][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[ 1579.972753][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[ 1579.978149][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[ 1579.983365][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1579.989025][    C0]  dummy_timer+0x1809/0x3a00
[ 1579.993648][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1579.998692][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.004344][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.009996][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.015646][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1580.021480][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.027127][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[ 1580.032781][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1580.038777][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1580.043746][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.049394][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1580.054354][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1580.059315][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.065050][    C0]  ? mark_held_locks+0x49/0x80
[ 1580.069843][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1580.075682][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1580.080729][    C0]  __hrtimer_run_queues+0x202/0xad0
[ 1580.085955][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1580.091690][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.097345][    C0]  hrtimer_run_softirq+0x17d/0x350
[ 1580.102476][    C0]  handle_softirqs+0x219/0x8e0
[ 1580.107262][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1580.112562][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.118211][    C0]  __irq_exit_rcu+0x109/0x170
[ 1580.122904][    C0]  irq_exit_rcu+0x9/0x30
[ 1580.127162][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1580.132811][    C0]  </IRQ>
[ 1580.135735][    C0]  <TASK>
[ 1580.138660][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1580.144656][    C0] RIP: 0010:unwind_next_frame+0x522/0x20a0
[ 1580.150482][    C0] Code: 00 00 fc ff df 4c 8d 79 05 4c 89 fa 48 c1 ea 03 0f b6 04 02 4c 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 63 15 00 00 0f b6 41 05 <83> e0 07 0f 84 53 fe ff ff 3c 01 0f 84 7b fe ff ff 4c 8d 41 04 4c
[ 1580.170114][    C0] RSP: 0018:ffffc9000394f6e0 EFLAGS: 00000246
[ 1580.176214][    C0] RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff9114bf06
[ 1580.184196][    C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90925b2c
[ 1580.192349][    C0] RBP: ffffc9000394f798 R08: ffffffff9114bf0c R09: 0000000000000000
[ 1580.200355][    C0] R10: 0000000000000000 R11: 0000000000006135 R12: ffffc9000394f7a0
[ 1580.208619][    C0] R13: ffffc9000394f750 R14: ffffc9000394f785 R15: ffffffff9114bf0b
[ 1580.216879][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1580.221777][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1580.228094][    C0]  arch_stack_walk+0x94/0x100
[ 1580.232831][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1580.237617][    C0]  stack_trace_save+0x8e/0xc0
[ 1580.242486][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1580.248607][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.254269][    C0]  ? __lock_acquire+0xb8a/0x1c90
[ 1580.259954][    C0]  kasan_save_stack+0x33/0x60
[ 1580.264676][    C0]  ? kasan_save_stack+0x33/0x60
[ 1580.269563][    C0]  ? kasan_save_track+0x14/0x30
[ 1580.274447][    C0]  ? __kasan_save_free_info+0x3b/0x60
[ 1580.279935][    C0]  ? __kasan_slab_free+0x5f/0x80
[ 1580.284999][    C0]  ? kmem_cache_free+0x2d4/0x6c0
[ 1580.289970][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1580.294670][    C0]  ? consume_skb+0xcc/0x100
[ 1580.299361][    C0]  ? nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1580.305304][    C0]  ? process_one_work+0x9cf/0x1b70
[ 1580.310433][    C0]  ? worker_thread+0x6c8/0xf10
[ 1580.315228][    C0]  ? kthread+0x3c5/0x780
[ 1580.319571][    C0]  ? ret_from_fork+0x675/0x7d0
[ 1580.324468][    C0]  kasan_save_track+0x14/0x30
[ 1580.329186][    C0]  __kasan_save_free_info+0x3b/0x60
[ 1580.334432][    C0]  __kasan_slab_free+0x5f/0x80
[ 1580.339234][    C0]  kmem_cache_free+0x2d4/0x6c0
[ 1580.344166][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1580.348965][    C0]  ? kfree_skbmem+0x1a4/0x1f0
[ 1580.353670][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.359329][    C0]  kfree_skbmem+0x1a4/0x1f0
[ 1580.363945][    C0]  consume_skb+0xcc/0x100
[ 1580.368453][    C0]  nsim_dev_trap_report_work+0x8bd/0xcf0
[ 1580.374223][    C0]  process_one_work+0x9cf/0x1b70
[ 1580.379189][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1580.384598][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.390277][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.395938][    C0]  ? assign_work+0x1a0/0x250
[ 1580.400542][    C0]  worker_thread+0x6c8/0xf10
[ 1580.405156][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1580.410278][    C0]  kthread+0x3c5/0x780
[ 1580.414354][    C0]  ? __pfx_kthread+0x10/0x10
[ 1580.418951][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1580.424602][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1580.429385][    C0]  ? __pfx_kthread+0x10/0x10
[ 1580.433982][    C0]  ret_from_fork+0x675/0x7d0
[ 1580.438578][    C0]  ? __pfx_kthread+0x10/0x10
[ 1580.443176][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1580.447976][    C0]  </TASK>
[ 1580.451297][    C0] Kernel Offset: disabled
[ 1580.455618][    C0] Rebooting in 86400 seconds..