last executing test programs:

7m6.464855962s ago: executing program 32 (id=175):
io_uring_setup(0x3eae, 0x0)
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x8)
timer_create(0x2, 0x0, &(0x7f0000000040))
timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x10012, r0, 0x1000)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x40, &(0x7f0000000100)={[{@resgid}, {@dioread_lock}, {@dioread_nolock}, {@sysvgroups}]}, 0x1, 0x59d, &(0x7f0000000880)="$eJzs3T9sG2UbAPDnzk7/5vvST/qQAHWoAKlIVZ2kf6AwtSuiUqUOSCwQOW5UxYmjOIEmypDuFaIDAtSlbDAwghgYEAsjKwuIGamiEUhNBzA6+9ykiZMmpYnb+veTLr733rOf9/X5Od+9uosD6FlHsj9pxHMRcSGJGFhVV4y88khrveWlhfLdpYVyEo3Gxd+TSCLiztJCub1+kj8ejIjFiHg2Ir7viziWro9bn5sfH6lWK9N5eXBmYmqwPjd//PLEyFhlrDJ58tXXTp85dXr4xPDqp91trC71bd63tdXXfrn+wbUf37h5/YsvDy+WPxpJ4mz053Wr+/EoJXlLzq5ZfmongnVDofWQdLsdPJRCnudZrjwTA1GI4n37gNUaG1UAT6TG3ogG0KMS+Q89qn0ckJ3/tqfdPP64da51ApLFXc6nVk2xNTYR+5rnJgf+SPLxiJbsfPPQbjaUp9Li1YgYKhbXf/6T/PP38IYeRQPZUd+da22o9ds/vbf/iQ77n/722Om/1N7/La/b/63EL2yw/7uwxRh/vf3rpxvGvxrxfMf4yb34SYf4aUS8u8X4N9765sxGdY3PIo5G5/htydrx4SSvbI0PD166XK0Mtf52jPHt0cOvb9b/AxvEb43Z7mt+zXR6/6e22P+vf/jqhcVN4r/84ubbv9P7vz8iPmwPvna0Uve/O5+/udFat64mt7OjgO1u/2zZzQd3vemVs0d+3uKqAAAAAAAAAADANqTNa9mStBR7m+X+SNNSqXUP7//jQFqt1WeOXarNTo62rnk7FH1p+0qrgVY5ycrD+fW47fKJNeWT7cuRCvub5VK5Vh3tas8BAAAAAAAAAAAAAAAAAADg8XEwv/8/8v8F8Gehef//2p+rBp5WxW43AOga+Q+96/78T7rWDmD3bev7vzGwcw0BdlvD8T/0LvkPvUv+Q++S/9C75D/0LvkPvUv+AwAAAAAAAAAAAAAAAAAAAAAAAADAjrhw/nw2Ne4uLZSz8mhxbna89t7x0Up9vDQxWy6Va9NTpbFabaxaKZVrEw96vaRWmxqKydkrgzOV+sxgfW7+nYna7GT7N0UrfTveIwAAAAAAAAAAAAAAAAAAAHjy9DenJC1FRNqcT9NSKeI/EXEo+pJLl6uVoYj4b0T8VOjbm5WHu91oAAAAAAAAAAAAAAAAAAAAeMrU5+bHR6rVynSPzBS3s3JELD7aZmSvuLJkT74RHvCsvny1LYQoRMRj8T6bedJnurhTAgAAAAAAAAAAAAAAAACAHrVy0+9Wn/H3zjYIAAAAAAAAAAAAAAAAAAAAelL6WxIR2XR04KX+tbV7kuVC8zEi3r9x8eMrIzMz08PZ8tv3ls98ki8/0Y32A1vVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr6nPz4yPVamV6B2e63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/FPAAAA//9WYtEN")
fallocate(0xffffffffffffffff, 0x22, 0xfffffffffffffff7, 0x4c)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x50)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0)

6m21.750524581s ago: executing program 33 (id=529):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x192}}, 0x20}}, 0x0)

5m59.039487881s ago: executing program 34 (id=629):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000180)=0x10, 0x4)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

5m33.776545015s ago: executing program 35 (id=763):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f000026e000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb95f9000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x8, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)

5m33.396612545s ago: executing program 36 (id=693):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0xb, &(0x7f0000000240)={0x0, 0x6109, 0x1, 0x0, 0x1a2}, &(0x7f0000000100)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5m10.971024329s ago: executing program 0 (id=854):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',fscache'])
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000006b40)={0x2020}, 0x206e)

5m10.802114048s ago: executing program 0 (id=856):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x8901, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x19}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="c50a0000000000007910480000000000610438000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

5m10.276804356s ago: executing program 0 (id=861):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x4001)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000280)=0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup2(r0, r3)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c)
sendto$inet6(r3, &(0x7f0000000080)='l', 0x1, 0x7ddfdbdfafa554cd, &(0x7f0000000100)={0xa, 0x4e23, 0x4, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000400)={r2, 0x0, 0x4, "2a8d5c15"}, 0xc)

5m10.043817948s ago: executing program 0 (id=863):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2048c5, &(0x7f0000000400)={[{@fat=@quiet}, {@shortname_winnt}, {@rodir}, {@fat=@discard}, {@fat=@flush}, {@shortname_winnt}, {@numtail}, {@fat=@dmask={'dmask', 0x3d, 0x100}}, {@fat=@tz_utc}, {@uni_xlate}, {@utf8no}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000a00)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000240)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, 0x0, 0x0)

5m9.841293609s ago: executing program 0 (id=865):
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = mq_open(0x0, 0x42, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x1cba8c72}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x177ffb498171ed1, 0x8040010)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0)
lseek(r0, 0xfffffffffffffffa, 0x0)

5m9.451751339s ago: executing program 0 (id=868):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8001, @empty, 0x80000001}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x75)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0xffffffff, @local, 0xa}, 0x1c)

5m9.25981537s ago: executing program 37 (id=868):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8001, @empty, 0x80000001}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x75)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0xffffffff, @local, 0xa}, 0x1c)

4m58.675587683s ago: executing program 7 (id=925):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES32=r2], 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, <r3=>0xffffffffffffffff}, 0x4)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r3, &(0x7f0000000140)="64e96334b1f5", 0x0}, 0x20)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'syzkaller0\x00', 0x7101})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000100)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSNDBUF(r5, 0x400454d4, &(0x7f0000000000)=0x80)

4m58.352647901s ago: executing program 7 (id=929):
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0xc2, 0xfffe, 0x1d, 0xfe, 0xffffffff, 0x9, 0x4d1, 0xe138}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000000, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4m58.083718915s ago: executing program 7 (id=930):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_open_dev$loop(0x0, 0x1, 0x135e80)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384)

4m56.993390573s ago: executing program 7 (id=931):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0xfffffff7)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x111240, 0xa)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f0000000000)={{}, {}, [], {}, [], {0x10, 0x5}}, 0x24, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
chdir(&(0x7f0000000240)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)

4m55.701439962s ago: executing program 7 (id=939):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, 0x0, &(0x7f00000003c0))

4m52.937329729s ago: executing program 7 (id=949):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x969302, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESOCT=r1], 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
umount2(&(0x7f0000000180)='./file0\x00', 0xb)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0xe, 0x1})
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x62, 0x0, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, 0x0)

4m52.827122634s ago: executing program 38 (id=949):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x969302, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESOCT=r1], 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
umount2(&(0x7f0000000180)='./file0\x00', 0xb)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0xe, 0x1})
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x62, 0x0, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, 0x0)

4m22.494167029s ago: executing program 1 (id=1100):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f00000047c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000f80)=""/206, 0xce}], 0x1}, 0x6}], 0x2, 0x600181a2, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom(r2, 0x0, 0x0, 0x12140, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_COMPRESS_FILE(r2, 0xf518, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004"], 0x48)
sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000540)={0x1d, r1}, 0x10, &(0x7f0000000480)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, "000000000000001e"}, 0x10}}, 0x4040)

4m22.264009781s ago: executing program 1 (id=1104):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)

4m20.827048017s ago: executing program 1 (id=1106):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x200401, 0x0, 0x30000, 0xb998, 0xf, "194f2f83c2e798c3584770116cddc8819592b1"})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)={0x1c, 0x12, 0xb05, 0x0, 0x0, {0xa}, [@nested={0x8, 0xa4, 0x0, 0x1, [@generic="3fff65ca"]}]}, 0x1c}}, 0x0)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xff2e)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f0000000040), 0x1d4, r1)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000900)='/proc/keys\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000000940)={0x2020}, 0x2020)
open_by_handle_at(r0, &(0x7f0000000040)=@shmem={0xc, 0x1, {0xe0000000}}, 0x40300)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000100)={0xa04c, 0xffffffdf, 0xffffffff, 0x8, 0x1d, "53af0f0b3eb42f0074a52361062bd2a200"})

4m19.84312129s ago: executing program 1 (id=1118):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@noauto_da_alloc}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==")
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./bus/file0\x00', &(0x7f00000000c0)={0x4840}, 0x18)
renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x2)

4m19.127064048s ago: executing program 1 (id=1121):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0xfd67, &(0x7f0000001400), 0x1}}], 0x4000210, 0x10002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0xcc93f1266b77d0bf}, 0x8040)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
recvmmsg$unix(r0, &(0x7f0000004d80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000020, 0x0)

4m16.751064194s ago: executing program 1 (id=1141):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000dc0)={0x73622a85, 0x10a, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

4m16.46206186s ago: executing program 39 (id=1141):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000dc0)={0x73622a85, 0x10a, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

3m59.516183171s ago: executing program 9 (id=1233):
sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="330320000a00140000007ef52f555f2a0c0900000000000000f786dd3baa4b1f0f858c4632", 0x25, 0x40008c1, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f"], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m59.010716269s ago: executing program 9 (id=1237):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
shmget(0x1, 0x3000, 0x78000a04, &(0x7f0000768000/0x3000)=nil)

3m58.065217439s ago: executing program 9 (id=1240):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x8000, &(0x7f0000000b80)=ANY=[], 0x1, 0x2ab, &(0x7f0000000740)="$eJzs3U9rY1UUAPDz8q8ZXaSIG0XwgS5clalbN40ygtiVEkFdaHBmQJIwMIWAFUy76idw6ffwI7hx4zcQ3Aru2kXlycvL60vaxJYaU5j+fqsz995z73nvDukqJ1+/MRo8fpbE8env0W4nUduLvThLYjtqUTqKRgAAL46zLIu/sttkPqitvxoAYBOKv/+Fu64FANiMTz//4uPu/v6jT9K0Ha91Tsa9JCJGJ+NeMd99Gt/GMJ7Ew+jEeUR2oYib+aJGmtuOt0eTcS/PHH3162z/7p8R0/zd6MT21fwPP9p/tJsWLvJfKqtLo/u0Wf6jE68uz3/3cn6MJtFrxTtvzdW/E5347Zt4FsN4HHlulf/Dbpp+kP14+v2X+TF5flKL3tZ0XSWrb+ZGAAAAAAAAAAAAAAAAAAAAAAC4D3bSNCna90z79+RD0/454179fDq/k5bm+/tMyv5ASblR0R8oi1mLnkkWP5X9dR6maZrNFlb5jXi94YcFAAAAAAAAAAAAAAAAAAAAIHfw3eGgPxw+eb6WoOwGUH6t/7b77M2NvBmHg3599YZbNz+rcVQ9eF7rvy6ORiPW9FquCx7k9ax9563qcj+LIigvZq1nvfJ+senhoJ/OpsqXPOgn153VLi/u5/mpVvzXwrLpf4nzbPFO2xelLma11vQ2Wi8vnfo7y7Kb7fPeH8UdzUaSaYuNm53enAVLHzAP2lfv4pfVG678yKiv55MHAAAAAAAAAAAAAAAAAAC4rPrS75LJ4xVJxXjtfy0MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADao+v3/MmhHxOLIYtCskleuqYJWPD+4y+cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfvgnAAD///PnTH8=")
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000003d)
fcntl$setsig(r0, 0xa, 0x21)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r1, &(0x7f00000001c0)='\\', 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2000, 0x1e1)

3m57.164897407s ago: executing program 9 (id=1248):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2048c5, &(0x7f0000000400)={[{@fat=@quiet}, {@shortname_winnt}, {@rodir}, {@fat=@discard}, {@fat=@flush}, {@shortname_winnt}, {@numtail}, {@fat=@dmask={'dmask', 0x3d, 0x100}}, {@fat=@tz_utc}, {@uni_xlate}, {@utf8no}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000a00)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000240)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, 0x0, 0x0)

3m56.876995902s ago: executing program 9 (id=1249):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f00000008c0)=r2, 0x4)
sendmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000b40)="b29f1716a2", 0x5}], 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$inet(r1, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x20000800)
recvmsg$unix(r0, &(0x7f0000000300)={0x0, 0xffffffffffffff55, 0x0}, 0x2142)
r3 = getpid()
r4 = getpid()
r5 = gettid()
sendmsg$unix(r1, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r4, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB="000000001c00000000000000", @ANYRES32=r5], 0x78, 0x8064}, 0x28048040)
recvmsg$unix(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x40000062)

3m52.728614863s ago: executing program 9 (id=1265):
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002fc0), 0x242002, 0x0)
fcntl$setstatus(r0, 0x403, 0x46c00)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x40000, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x8040)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x30, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x192}}, 0x20}}, 0x0)

3m52.651484407s ago: executing program 40 (id=1265):
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002fc0), 0x242002, 0x0)
fcntl$setstatus(r0, 0x403, 0x46c00)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x40000, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x8040)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x30, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x192}}, 0x20}}, 0x0)

2m33.600651764s ago: executing program 5 (id=1597):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
clock_gettime(0x9, 0x0)

2m32.450967715s ago: executing program 5 (id=1601):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{r0}, &(0x7f00000007c0), &(0x7f0000000800)='%pB    \x00'}, 0x20)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

2m32.279117584s ago: executing program 5 (id=1604):
socket$alg(0x26, 0x5, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={<r4=>r3, @in={{0x2, 0xce23, @broadcast}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000480)={r4, @in={{0x2, 0x4e21, @empty}}, 0x32, 0x1000, 0x200, 0x6, 0x81, 0x1, 0x9}, &(0x7f0000000240)=0x9c)

2m32.089893515s ago: executing program 5 (id=1605):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0xfe8d)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44010}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc010)

2m31.150280604s ago: executing program 5 (id=1608):
set_mempolicy(0x2, &(0x7f0000000000)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x5)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x4000814)
syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x8010, &(0x7f0000001880)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRESDEC, @ANYRESHEX, @ANYRESOCT, @ANYRES16, @ANYRES8, @ANYBLOB="eae535d4c5cd41b584d3bdb8d3fb3e37666220165c8aec9c235bc9af137d4058a50551a5b228bbbcf6cd1275ef3732adfeaebdf711988cbe9d1da671f8bbaac371392e227f548006163fc9aaf3d55e97410ccacb7df3444c03ac4170da3fbc69ae1c8a590318a7a33a774debbcc54bb6d6025bc65458b94791d5a8bcd898b75cce569e2c6fd55928c5084aab22c8196fb436916cff76302fd8c4b69ca674271f5db630ffad103ad9286287759d0d5470d0b54f701a713e8803665b87799065f31bb0cff21d9c109c1fbfffb640facdacd569f158f694c34ffb4c405b186aa90e8be7b47c56e6e439ae953605d89c131c711ff56f0adb96e5ee0d269b4cfc9d089794f60bdd06e845b5ffdccfefee032ecfd92f6cba5920130f685e807f88de4a2e595ea37f39a92dcbaeb2de15dab62a5a199d4666578eb1707e88ebb0b98140fdb62d60005fd6721f18a2054b2ba2ed308813164f8dbc7e1d26a11a707adc6978a25cca2fca5d62e51794447f656b92f8372ebf98934a0bc057b901080da81ef02ccfa18a29c9b82c90fd38eb554b83428948f3608cd8fd5845bed25a0d96b146f09bd4cce20efc1ecc7bf64bd88e7a460b372a298cb776eb1d78cc334da71dc6056b2d1119cdad3af9092a42c184e9d487076399f0be65a442fdc06901089e6b5178ecb57aa4b98ff1f538696e8510551dbb5cbd36b125efa2a3e719f22b96eeec80a178dae9c894a7dd170419c33817baedfc132cde868a1c55192b9c8a332772fc40fed9f6fee1aea0e2001752caeb58afb55ea7c421cd0eb5e6ea301f8e2f6b68484849f5d3e7bd1b4aa865d2cd049dfc773bb4281f5f8dd2a3f1563c8cd3655dd9e391424151dadf7415afb242cb99b9b9541b6780beafc6a8c2c0bd109749dde1e8535040d8d2cda8393abaa6cdae24e13917e867d6d301f6f39619bcbd70acc747e093ef3c22f0b1a8b8a4d8bd11bc19c7102e11a8603d563507423c96d1653a42d02ff1ee390934927f037d2022cbbf86cb605e82e2b6e2c2fa1d523f72b47738f318836defed1f898271bdd4fcbe7863e5aa7c7e468d9bad908de3c6851c696df710da87771840f46e63fc4c3d5d9b13b663ed2fef2e56a8690cdee9e6ac0a9824c9fe458ad29614f9485f9c18caf2d5c229f24a220ab84daa26ddb2a0d4059b43e073b703148d82fe4d91ae24db7224df2ee4e10d596846466d6a62faa9da7d24f9dd1e3b5cc291f4840b6603d1173204a452a9b05a5efcf4f9e09c2a3c38f2fd49322e718ddc8278ea182a359043387705c0be61be7e62ba7bb85dfa0f24400f89087f78d84d2296844944d186fb55045eb016dd3d602c85211d7b19dbebe3247313283da5bcbba09a3a74c590fdce8cdbef49a73b11413a9df4aaefc356e94f838cef801ba2380d7e5fdc8865140311f071c82bc1482c2033b8ad70d08a5a71e1c949f93cd8743b0bd4eefdaf45f5246efcf800444c8e9b8c2a01b76b6eb4e0639ee7381971172c53e165f14946fb56896e40424a3b981d97b4b01504806d797bb9e3405a7326d2ba7bfa6efc923c4c68d0165aea2d80ae953c7e2ec6534d0da7c28bbe255d81097e84254ff7bd065caa84fa7455885e1b28ab7d6243d0f02903860049935a764ebfe5384bdf9ae0b71f1641e457780da2071a84937dd88d2e4aec7ddaab66e335887f555a724ad9692ee996521ccaa35e2358aea1ab6a8c9845af8af552520fdec7ecb635d230074aa532c3efe6677c79b1328451a779501eccb4c11750744cfce16ba2ced0fc6dd2b75a5ff1770f3851c93bcf8850adf496012d94b8dd6a00d1f9f0c96989979b89838a29875072e0b678a2a55338f21625165c350134d7cb9119ac4dcc77f13a153fe6819d1bdc6b357e93531a68813913daf65d2e62d4bd09da6bb16e8d686518f6faff70dc0804b4b6810117d8698a4d27f0482f9adf9be3aae179dbcad90ab1fbd6b1ba15cdc78ee7686bd15a8fe1cf5af00fcc0a6981a77ac5c3485518921a1b4ea90b02e0059c2c71850d517bddc12bd61a5571da765a34b53e5f06a2b8bb122bf9d642f1ad50a0eb7afe34ef6fd2474d25f314adbf276a895b80b8de6e31eaee5fe4544f4709bf6416f26ec52d517dd3a350cb68df6791dc671495e0f056de8b158095b32ec8b43f65b1f3110cf7da37d2383e99a5bd9a0e0d5684a5b15246170bd11909ef22ee740aa5556dbc0f9dacc8ce440c137bf0ec673651067ef1146004701376116986c49b10226141bea12f679c3f53eaea945b1bb92e6c922a85a2221f768ff4f1c188dc82f9e8d947e140f43c4950430f88a47fb15dcd8ef8491ff08d7b287b280eab99e44a7fba6d4fe20fcb2c2cfa1a6f4d59b51755e66a3d9a325a08a286185c2bdac8c8c2910ed3ff8e047f28b2bf1827e0829f8ec8459241300583f1880c96b2e405b253af5f7e9ee91e34c3fa2cd5c53a71bc3b4b1a5741c17a7b73c8e7d3e8ec9e51a90772b8eb38f23fcb9e07eff8b0f68d4f7d4d68bfb8fbc8d90be681166fe5ed220e3a425c65c0e678e8b7470a99d7fccc7a3be07189ee02e1f8c81549b0b8c0113ef602d10d5d2429e8b60fa5aaddd55cb86141609bae35c185c5ad743d0fb0a1244ba6d67755e46073f3d428926c0d9033f8180120deab78a4b42664e36b6723039457195bff897760ede28bf2661a95715dd20bc744ae2a06bcb12ef8b7a373f3a5557f20256446ba95d45b7810d68494f954d1802aa8986279adc368c2365168c0619bc8952ec6ac60840d9968302edb8809d36f6b0c83dc6941193fb8eb2adcef36db70cbe51fd533ee108eaedebc05ab363058feecfb51e294419695019d0ba50a660ecbe3fd1b43ac973141b7e4c423c062f63ad24468ca79740502716b10a823821429d53f34409cc0757587a5de21663c33a8b194c988a3c209cec76b9fc18805649d9cc109635271c968972f4328e561b562ad6c32a71b269718a303ae3635e5b06717152817a11589d3efa0f803d7bb560c08132827333ada867d1a870e2feb3a5e7851363fc333bb681018764aab63eb740978994f62ec3147d4d6a40e099ada0c50c1a5f6a8196549be226508055aef349c76af40596f6c9b7217423628bb6dc07d9382f6d4c87c962ec97bee6384ba3e2522b76ee8619093500a75bcc8fd0fb9bb5093650ec0ca9c867a22260e2668ecf46047e3df87f5d82d992a558e45fb852be616c030edf6aeeae70848403dc1166e6a16776e8660f90449f297224f667563850480f259f6a59039b1a3ea5488971b5e4bcbf380c527c937055dbf4f5a676bacc09f4dde33c50a1286f6024980df1064a9dc4b3f101b129fa1fc141e54f52d4b7322a0cb1c2567205016f5ede0794122fcaa2d11fa77f5fddb3a5f3c7b3d85f0cb6f32cd11d752f755687fb8d93d40711a4c8873ec7c794f0f781bb9c10f9df22fa8f40cca06a48c37e66ea4480fcdd686526be62915ebe36e0bdf7dafd3940f698469ecdc792ca6105a37499a19382247a85bb734e4ba325dd307be8444b5860f99f9dbc7aa28c26747c89041bde3c10c459406786e10792078a52f4bcc32aff61b3f5798cb5dc2927f260f70a41d8e5fc38498b02d0053a86ae408d2efdc1aca9a8508ef9128dfd1fc6a92ba72f940ee469a3111e2cf6c28e77e5a206db6f09139db812fa4e4cfe33c8d184e4763bd8e54e0e473346215b8905d101463dd2ca855747c81c7ffd6c2625e0b59273a9516ec96a5cd8d9078c974980a16b6b87563986ba287821cd41f417792e42dd24e796e313b9cd943f1b9dd6ee35676ff4ad46dbd52db83abbc78f5dad11b6e7bd09a4ace8c246d0a52c36dcb1f0c6025f6ed2868f4b918b6e4e645c63689b7e7bc369dbe44725993b3b43f4572a7136b6e610adc161f45fc307c0937f2338ebc4fd571852b229b80ccd071e1a29c927f88b8b45efa503691758125d29463e742e2ef508babf30ae39ff8bb3a94cfee379f84348c002fdef77b410bee9f47f8119388b3fc159b409b9d9c9af97a4b75c38ca5fc0665cd975df293370de64714cefdd470c1d05a5d3e0f257182889d7a2d797ebf42d6935d1c6b5ef8cd1e2783cef3a316dbd4768510f26ee5b1c481bcac3e1608458d4b5ec6411cb3c921a131140440561931ca51b92231de91d1f950d992eec74c6500a6ecc9e8bc26eec367dba82720accd6dee234db88c132ec649baeef23a16ebb18c8e5b68b95aac984d8322a01b39636baf16911e458242730ea8b22c686bd01bc451e91c34f81fafe88485bbe97ec99299940ca897c3f802d080ecf8ca7e5032c728b8b33f162ab26a6805db239b88103c19ff8160a28268f8f7ac66593c67251fb0f3fa3004d5ad08107f48e0ecc1e4e910554f49ca72e3fd7e212d828fc3c0c40203e4642a3a372f36cfd13a037fd4dd107d6b386659b379c4c41813c8599cb71fd08e4b80f22dbb088d3d0257f30493b1c4d54201a00e049d998d291ecb659e65e2eed9776b367afc9b84b03957701bcbef289b0eea8e5722a63e1bd748d5af209c5ebff7df185d0d68e7ceabbf9a63bba55946cd3b52a09383fd9b9d2d956dc4e5af16986c5600dfd0db89e0e478420557d001c3716350c3e6ba0bbec1e5888435d296d8666f455d22205ea407a95eb60bc68a184e95ae3259f3783c594d3e550c018369df677ea11a37c757a3bd3c19eb257f5e228ad760562e431754a0c620004548962c3a4fb42d49259dafc1b9d365323fa2ace81876728a24f70b06e1198d5f863bfd00a04d5393b3adb15f4191d374c607c7ccb6b7ef84303454b6655392a23dccca41f55cb314a3bfbb637f57178cc9df4fe0645a8dc1ca0386d1fb0ff2cfc3e149991f97264d893fba0b013c027ce753c3e1f907a2988b1507eecd0e5e26368155ff5c55f616ffec31a613be450ee048955a46d68c272aa53f1db6ce199e2765f4be20933799d96f13b3a65f33cb60da1929023ff5d820172c423f83210a992264a37854033cd43c88129fabb5146367d2b748d84be96dc3a4ad95279ec7ed78dcb57056597a9f46a948708b0e9915b22f28216d94554db2082f4b9782a5802bf6700ef9017168a68304b6573f46c78a0a3be302e096b4f5b87313a2ef9a2b5f51956d9e315b08ee89a59aeec225227f3ece808c451e1103df7887f944138af1b93235bc93121fb84591d065d5f245c035c238a1c30d510be5db14725148919e8d57f1e3a36ead8be870e2505e3c9935c4461741c4a8dc4dff7e0e042167a7228bf218c9d8dd9c0be9e5ff4a79968d8f34cfc3206e0ade5889e9c5e44c918ed3755063d4148e7f1da9d2ce7aa45b9fc873f85cb92160b8a4d5b219884d0c43cc1194259ec4a6127887470d2fabbc1983b1bcc51e931f131d1238333c09740b43802fc5b1c01a942c5d08693b81e59429cb7d49f454f517cddc160d563a243182083008f2481e35312b4b35a2688468f18f4733f4b40d2f298c0b88ec2ad51e2efa509905233e3bbb9e172a1e697ab379f500c8c791aa97623bc8faa7f0468e02e6bc6f9bc40c75b4c01b92731fc371ad7c90928bead62a74580bb2d0aa1d8972fa857766ebe8aa00cd9eae79a591ea3e87a5ce636dc865b992c98a6fafe478973665936ad477558dac400fe179e86e6fef41aa074d0812f0c14f3992edb76358d02a2b763512ca9abc0940dd711670deb4d9abf196de9106efa5e1c14a673de86193908206ab9f72afd6ef1b05355f06ad0b9bc83750bb196654566b56e13e6e820d12bc34920b45c3", @ANYRESDEC=r0, @ANYRESDEC=0x0, @ANYRES8, @ANYRES32=r2], 0xfd, 0x200, &(0x7f00000002c0)="$eJzskr9rFEEUx7+zO3fuaUIOORBFEDVoLJLbbDT+KBRsDCoIohADgsfdJS5u/JE90DsOXKsUNoIiJIiFIElhIf4DLqiN2CgEuxBJnSKFjSSsvNm3mwnY28ynuO/NvLfvve/M3A4fhDsAbK5360AZhEQF338JSAAHhNpCw07VYb3MWuT4BSvVmPUP6+bJzvgEIPxDy6NWvKdxUJTRU/n9dQV19N3E6deX3v24WnixtHvt7UfKv3i9/QHiaKPvzav3z87P9ary4saEXseO9887VAjA843x5RW5165ktfxoiVoXkPFyEsKddwAMfR6cO+v2PrW4Ztju3KkFQXMmPPfEwppq9XO9W6c/twAkBPsbA6DnkP1FzqG9fRK4BsBGkudIbFFtTd+vhu3OoD9dm2pONe963sioe9x1T3jVST9ouvQLcDf1OZ8gSI8BoGsq0QhCxXdRbINzdmI7VIfmivK496XE45fQrRe1qxs4jHRb65fZylQgZluOmgPKKlk+Ajrah5HQdvtVFQllbAwCNi+GpTZf2stRgaFP94LGLMgbf7YAmdcYXkUhX3j6YuRU5hCzrP3YujFigXWVNXvR2UuVqoLF73kgAop4VGu1kiR5jMUeXPmWRmhvxivm/8qRfmDUtWxvN3fG/setGAwGg8FgMBgMBsN/4m8AAAD//4Hjlpw=")
open(&(0x7f0000000140)='./file2\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})

2m29.463884244s ago: executing program 5 (id=1619):
r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0200000001"], 0x48)
r3 = fsmount(r0, 0x1, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000100), &(0x7f0000000140)='%pK    \x00'}, 0x20)
fchdir(r3)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)

2m14.018766927s ago: executing program 41 (id=1619):
r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0200000001"], 0x48)
r3 = fsmount(r0, 0x1, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000100), &(0x7f0000000140)='%pK    \x00'}, 0x20)
fchdir(r3)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)

9.836510816s ago: executing program 4 (id=2254):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x1000})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000580)={0x1, 0x0, [{0xf000, 0xe5, &(0x7f0000000480)=""/229}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000980)=0x1)

8.107354988s ago: executing program 3 (id=2261):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0xe0880, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x1294, 0x2, 0x5})
openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x68000, 0x1c6)
mq_timedreceive(r0, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0xe38e, 0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f00000024c0)={0x0, 0x0, 0x0, &(0x7f0000000080), 0x0}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mq_timedreceive(r0, &(0x7f0000000080)=""/87, 0x57, 0x1000002, 0x0)

7.196543407s ago: executing program 2 (id=2263):
r0 = socket(0x840000000002, 0x3, 0xff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='bridge_slave_0\x00', 0x10)
connect$inet(r0, &(0x7f0000000540)={0x2, 0x4e60, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)

7.196012237s ago: executing program 8 (id=2264):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)

7.107604642s ago: executing program 4 (id=2265):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000040000000001, 0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.107137741s ago: executing program 6 (id=2266):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080004000006000008001b"], 0x30}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x7fff, 0x4)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)

5.61706814s ago: executing program 3 (id=2267):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4a000, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1200000008000000040000006f4e00000000", @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6)
socketpair(0x1d, 0x2, 0x2, &(0x7f0000000300)={0x0, 0x0})
recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x2020)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x100, 0x3, 0x20}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001700)={r1, 0x2000002, 0xe, 0xfd47, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0xfffffbff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.545509867s ago: executing program 6 (id=2268):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18)

4.545152417s ago: executing program 2 (id=2269):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r0, 0x2ee83000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x18000, &(0x7f0000000dc0)={[{@journal_dev={'journal_dev', 0x3d, 0x8001}}, {@max_batch_time={'max_batch_time', 0x3d, 0x4a460f54}}, {@i_version}, {@noload}, {@barrier}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@dax_never}, {@auto_da_alloc}]}, 0x82, 0x62d, &(0x7f0000000e80)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNv3szue98dvZ03MzuaAEprKhulEfsi4lwSMdmybCIaC6eK9R5+fft8NiRRr///qySSIq+5/qNiujsbJY3XfHwy4neV9eUu3bx1cbZWb7gTcXj50tXDSzdvHVq8NHth/sL85Zkj/zx6bPpfMx9uTZy7i+mp0//70+svv/iPhU9qh5I4HmdHX5qLtji2ylTj040sxNb8kYg4liU6fC6wnSrF3+NoRPwhJqOSzzVMxuJrA60c0Ff1SmP/VB+rA6WTxKBrAAxGsx/QPLbvx3HwMHtwIhvf6BD/SHH0vjM/Ntr1MGk5MspyI/ZsQfkrEfHj7f1vZ0N0OQ8xsgXldC3/bkT8sdP2T/L49+SRZvGnkba8LktPF+c2svr9ZxN1SFrSvf393dlEaT/3S+Jv3Q5Z/MeLaZZ/ssv7P+0Uz1TbfNnaHwCDsXqi2JFnHZFY2/9lPcNm/yfa+z/19/NrQ+37ro3ovv9Lt+Ddny7v/4102v839/c783142tYPS2Ll2zOd33K0PePzV0+92a38qZb+XzZk5Tf7gj3YdNfwwd2I/W3xv5J/9Mnj7Z906P9mq5zrsYz/fvrlqW7LNhn/ptXvRRzoePyz1ivNUm3XJ5NoXp88OnN4YbE2P90Ydyzjg49eeLdb+YOOP9v+u7rE/6Ttn+Vd7bGM987cu9RI7Vi3bOKp8adfjCVn89RYPl5rXmPJ6WKVxuTG7PLytSNPrktznXw604j/4F87t/8u8ecHH+PNr8weXH3u4sNuyza5/R/Ve1yxmyz+uQ1u/zd6LOO756//uduy9fGvnZMY32hQAAAAAAAAUFJpfg02SauP02laLS68/T52pbUrS8t/W7hy/fJcxMH895CjafNK92RjPsnmZ4rfwzbnj7TN/z0i9kbEW5XxfL56/kptbtDBAwAAAAAAAAAAAAAAAAAAwJDYXdz//6h4Htg3lTStVgddK2Db9PMBc8Bw0/6hvPL2vz3PWwOGjP0/lFfH9u9LAUpBU4fy0v6hvLR/KC/tH8pL+4fy6t7+1y252++6AAAAAABbZu9fVu+PRMTKv8fzITNWLBsdaM2AftPGobwqg64AMDCPL/C7/R9Kp6f+//fFPwfsf3WAAUg6Zeadg/qTG/9qx1cCAAAAAAAAAAAAAH1wYN/q/cT9/1BKbvuD8trY/f+Vjb8UGBqd/vW/x4FAOTjGh5Lr4STAzm4L3P8PAAAAAAAAAAAAANtmIh+StFr8DHgi0rRajfhNROyJ0WRhsTY/HRG/jYjPKqM7svmZQVcaAAAAAAAAAAAAAAAAAAAAnjFLN29dnK3V5q+1Jn5Yl/NsJ5pPPB2W+rQmIul7EWm05YxHxDDE3p/ESEtOErGSbfmteOdk838/MQyfT5EY8BcTAAAAAAAAAAAAAAAAAACUUMu9x53tf2ebawQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA22/t+f/9Sww6RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1+mnAAAA//+EYjvS")
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1000, &(0x7f00002cd000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff006)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.32285726s ago: executing program 8 (id=2270):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492aba0883783d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504ba96446e1437af6fa875d9d32fdaaae01e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4858fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f80fdef113a145ace522e8379474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23)

4.257466433s ago: executing program 4 (id=2271):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x40f00}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x1e, 0x8, 0x0, 0x3, @multicast}, 0x10)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)

4.257132863s ago: executing program 2 (id=2272):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x14, 0x1, 0x2, 0x201, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)

2.877011586s ago: executing program 8 (id=2273):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r3 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r4 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10)
close(r4)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0xfffffffc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0x12}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000340)={0xc0, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xac, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x98}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x9c, 0x3, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '%(,\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffa}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xa}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\'\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '.!:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000040)

2.876534396s ago: executing program 6 (id=2274):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
close_range(r0, 0xffffffffffffffff, 0x0)

2.695727156s ago: executing program 2 (id=2275):
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
waitid(0x0, 0x0, 0x0, 0x2100000a, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x20006, 0x8, 0x0, 0xd99d}}]}]}}}]}, 0x70}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendto$packet(r0, &(0x7f0000000180)="44c33b69ebc9e05e9f860b000000", 0xe, 0x830, &(0x7f0000000440)={0x11, 0x88a8, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)

2.604250031s ago: executing program 6 (id=2276):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000b80)=ANY=[@ANYBLOB="180000005600230d0000000000000000070000005c47ef594ca1561b3e5955bd7e058027d86f7673081c"], 0x18}}, 0x4040000)

2.563015603s ago: executing program 3 (id=2277):
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000080)={0x0, 0x2, [0x1, 0x9, 0xfa, 0x8, 0x1ff, 0x1000]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x8, 0x5, 0x0, 0x3, 0x2, 0x0, 0xfffffffffffffffc], 0x10000, 0x202})
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2022012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba5234400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b60dd7710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f400000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048636662867d08f50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x0, 0x10201, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x20000)
statx(r2, &(0x7f00000000c0)='./file0\x00', 0x800, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec90df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d330b0000004360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a2fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0})

1.651548202s ago: executing program 3 (id=2278):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000005000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="05005b"], 0x24}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
close(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})

1.385986486s ago: executing program 8 (id=2279):
close(0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303, 0x36}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38)
r1 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r1, &(0x7f0000000240)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323456536005ad94a461cdbfee9bdb9423523598451d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = socket$unix(0x1, 0x5, 0x0)
r4 = dup2(r3, r2)
close_range(r4, 0xffffffffffffffff, 0x0)

1.30733415s ago: executing program 4 (id=2280):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b000000070000000100010009"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r3, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0)

1.215595605s ago: executing program 6 (id=2281):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x81, 0x150f, &(0x7f0000000400)="$eJzs3AuYjtXaOPB1r7UehsTbJIdh3et+eNNgmSTJISGHJEmSJKeEpEmShMSQU9KQhBwnyWEIyWEak8b5fMg5abKlSZKQkLD+1/S1P3v/29/u29/Xt+1rz/27rnXNumc99z3ree+53vd5nuua+bbX6PotG9RpTkTifwX+40uSECJGCDFcCFFICBEIISrHVlbiyjL7l/FQ6tXeAbuauP+5G/c/d+P+527c/9yN+5+7cf9zN+5/7sb9Zyw32zG3+HU8/tlD/8u87v+k5/+xOev5FPDz/3+S7oX+O0fx5/+/kewKU77cVOGG3v9ACvc/d+P+527c/9yN+5+7cf9zN+7/v7/af2eN+5+7cf8Zy83+wefF+cS/wDNrHn/cuNq/f4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGcofz/gothPjz/GrvizHGGGOMMcYYY38cn/dq74AxxhhjjDHGGGP/90BIoYQWgcgj8ooYkU/kF9eIAuJaUVAUEhFxnYgV14vC4gZRRBQVxURxESdKiJLCCBRWkAhFKVFaRMWNooy4ScSLsqKcKC+cqCASxM2iorhFVBK3isriNlHF3i6qimqiuqgh7hA1xZ2ilqgt6oi7RF1RT9QXDcTdoqG4RzQS94rG4j7RRNwvmooHRDPxoGguHhItxMOipXhEtBKPitaijWgr2on2/6P8F0U/8ZLoLwaIJDFQDBIvi8FiiBgqhonh4hUxQrwqRorXRLIYJUaL18UY8YYYK94U48R4MUG8JSaKSWKymCKmimkiRbwtpot3xAzxrpgpZonZYo5IFXPFPPGemC8WiIXifbFIfCAWiyViqVgm0sSHIl0sFxniI7FCfCwyxUqxSqwWa8RasU6sFxvERrFJbBZbxFaxTWwXO8QnYqfYJXaLPWKv2Cf2i0/FAfGZOCg+F1nii38w/9z/l98bBAiQIEGDhjyQB2IgBvJDfigABaAgFIQIRCAWYqEwFIYiUASKQTGIgzgoCSUBAYGAoBSUgihEoQyUgXiIh3JQDhw4SIAEqAi3QCWoBJWhMlSBKlAVqkE1qAE1oCbUhFpQC+pAHagLdaE+1Ie74W64BxpBI2gMjaEJNIGm0BSaQTNoDs2hBbSAltASWkEraA2toS20hfbQHjpAB+gIHaEzdIYu0AW6QldIhEToBt2gO3SHHtADekJP6AW9oDf0gT7wIrwIL8FLMADqyoEwCAbBYBgMQ2EYDINXYAS8Cq/Ca5AMo2A0vA6vwxswFs7COBgPE2AC1JSTYDJMAZLTIAVSYDpMhxkwA2bCLJgFcyAV5sI8mAfzYQEsgPdhEXwAH8ASWALLIA3SIB2WQwZkwAo4B5mwElbBalgDa2ENrIcNsB42wWbYBFthK2yH7fAJfAK7YBfsgT2wD/bBp/ApfAafQTJkQRYcgkNwGA7DETgC2ZANR+EoHINjcByOwwk4ASfhFJyGU3AGzsBZOAfn4TxcgAtwEZ6P+7rFvrIbk4XMoaWWeWQeGSNjZH6ZXxaQBWRBWVBGZETGylhZWBaWRWQRWUwWk3EyTpaUJSVKlCRDWUqWklEZlWVkGRkv42U5WU466WSCTJAVZUVZSVaSleVtsoq8XVaV1WQnV0PWkDVlZ1dL1pZ1ZB1ZV9aT9WUD2UA2lA1lI9lINpaNZRPZRDaVD8hmciAMhYdkTmdaylHQSo6G1rKNbCvbyTfgMdlBjoWOspPsLJ+Q42EcdJUdXKJ8WnaTk6G7fFZOgedkTzkNeskXZG/ZR/aVL8p+sqPrLwfImTBQDpJzYLAcIofKYXI+1JM5HasvX5PJcpQcLV+Xy+ANOVa+KcfJ8XKCfEtOlJPkZDlFTpXTZIp8W06X78gZ8l05U86Ss+UcmSrnynnyPTlfLpAL5ftykfxALpZL5FK5TKbJD2W6XC4z5EdyhfxYZsqVcpVcLdfItXKdXC83yI1yk9wst8itcpvcLnfIT+ROuUvulnvkXrlP7pefygPyM3lQfi6z5BfykPyTPCy/lEfkVzJbfi2Pym/kMfmtPC6/kyfk9/KkPCVPyx/kGfmjPCvPyfPyJ3lB/iwvykvysvRSKFBSKaVVoPKovCpG5VP51TWqgLpWFVSFVERdp2LV9aqwukEVUUVVMVVcxakSqqQyCpVVpEJVSpVWUXWjKqNuUvGqrCqnyiunKqgEdbOqqG5RldStqrK6TVVRt6uqqpqqrmqoO1RNdaeqpWqrOuouVVfVU/VVA3W3aqjuUY3Uvaqxuk81UferpuoB1Uw9qJqrh1QL9bBqqR5RrdSjqrVqo9qqdqq9ekx1UI+rjqqT6qyeUF3Uk6qrekolqqdVN/WM6q6eVT3Uc6qnel71Ui+o3qqP6qsuqcvKq/5qgEpSA9Ug9bIarIaooWqYGq5eUSPUq2qkek0lq1FqtHpdjVFvqLHqTTVOjVcT1FtqopqkJqspaqqaplLU22q6ekfNUO+qmWqWmq3mqFQ1Vw39tdLC/0b+O38jf+QvP3272qE+UTvVLrVb7VF71T61X+1XB9QBdVAdVFkqSx1Sh9RhdVgdUUdUtspWR/MJIdQxdTznnT2HOqV+Uj+oM+pHdVadU+fUT+qCuqAu/voaCA1aaqW1DnQenVfH6Hw6v75GF9DX6oK6kI7o63Ssvl4X1jfoIrqoLqaL6zhdQpfURqO2mnSoS+nSOqpv1GX0TTpel9XldHntdAWdoG/+X+f/3v7a6/a6g+6gO+qOurPurLvoLrqr7qoTdaLuprvp7rq77qF76J66p+6le+neurfuq/vqfrqf7q/76ySdpAfpl/VgPUQP1cP0cP2KHqFH6JF6pE7WyXq0Hq3H6DF6rB6rx+lxeoKeoCfqiXqynqyn6qk6Rafo6Xq6nqFn6Jl6pp6tZ+tUnarn6Xl6vp6vF+qFepFepBfrxXqpXqrTdJpO1+k6Q2foFXqFztQr9Uq9Wq/Wa/VavV6v1xv1Rr1Zb9Zb9VadqXfoHXqn3ql36916r96r9+v9+oA+oA/qgzpLZ+lD+pA+rA/rI/qIztbZ+qg+qo/pY/q4Pq5P6BP6pD6pT+vT+ow+o8/qs/q8Pq8v6Av6or6oL+vLOZd9gQxkoAMd5AnyBDFBTJA/yB8UCAoEBYOCQSSIBLFBbFA4uCEoEhQNigXFg7igRFAyMAEGNqAgDEoFpYNocGNQJrgpiA/KBuWC8oELKgQJwc1BxeCWoFJwa1A5uC2oEtweVA2qBdWDGsEdQc3gzqBWUDuoE9wV1A3qBfWDBsHdQcPgnqBRcG/QOLgvaBLcHzQNHgiaBQ8GzYOHghbBw0HL4JGgVfBo0DpoE7QN2gXt/9D63p8t+rjrbwaYJDPQDDIvm8FmiBlqhpnh5hUzwrxqRprXTLIZZUab180Y84YZa94048x4M8G8ZSaaSWaymWKmmmkmxbxtppt3zAzzrplpZpnZZo5JNXPNPPOemW8WmIXmfbPIfGAWmyVmqVlm0syHJt0sNxnmI7PCfGwyzUqzyqw2a8xas86sNxvMRrPJbDZbzFazzWw3O8wnZqfZZXabPWav2Wf2m0/NAfOZOWg+N1nmC3PI/MkcNl+aI+Yrk22+NkfNN+aY+dYcN9+ZE+Z7c9KcMqfND+aM+dGcNefMefOTuWB+NhfNJXPZ+JyL+5yPd9SoMQ/mwRiMwfyYHwtgASyIBTGCEYzFWCyMhbEIFsFiWAzjMA5LYknMQUhYCkthFKNYBstgPMZjOSyHDh0mYAJWxIpYCSthZayMVbAKVsWqWB2r4x14B96Jd2JtrI134V1YD+thA2yADbEhNsJG2BgbYxNsgk2xKTbDZtgcm2MLbIEtsSW2wlbYGltjW2yL7bE9dsAO2BE7YmfsjF2wC3bFrpiIidgNu2F37I49sAf2xJ7YC3thb+yNfbEv9sN+2B/7YxIm4SAchINxMA7FoTgch+MIHIEjcSQmYzKOxtE4BsfgWByL43A8TsC3cCJOwsk4BafiNEzBFJyO03EGzsCZOBNn42xMxVSch/NwPs7HhbgQF+EiXIyLcSkuxTRMw3RMxwzMwBW4AjMxE1fhKlyDa3AdrsMNuAE34SbcgltwG27DHbgDd+JO3I27cS/uxf24Hw/gATyIBzELs/AQHsLDeBiP4BHMxmw8ikfxGB7D43gcT+AJPIkn8TSexjN4Bs/iWTyP5/EC/owX8RJeRo8xVor89hpbwF5rC9pCNsbms38ZF7PFbZwtYUtaY4vYon8Vo7U23pa15Wx562wFm2Bv/k1c1Vaz1W0Ne4etae+0tX4TN7T32Eb2XtvY3mcb2Lv/Km5i77dN7SO2mX3UNrdtbAvbzra0j9hW9lHb2raxbW0728U+abvap2yifdp2s8/8Jk63y+0Gu9FuspvtAfuZPW9/ssfst/aC/dn2twPscPuKHWFftSPtazbZjvpNPMG+ZSfaSXaynWKn2mm/iWfbOTbVzrXz7Ht2vl3wmzjNfmgX2Qy72C6xS+2yX+KcPWXYj+wK+7HNtCvtKrvarrFr7Tq7/j/3utputdvsdrvffmp32l12t91j99p9v8Q553HQfm6z7Bf2qP3GHrZf2iP2uM22X/8S55zfcfudPWG/tyftKXva/mDP2B/tWXvul/PPOfcf7CV72XorCEiSIk0B5aG8FEP5KD9dQwXoWipIhShC11EsXU+F6QYqQkWpGBWnOCpBJckQkiWikEpRaYrSjVSGbqJ4KkvlqDw5qkAJdDNVpFuoEt1Klek2qkK3U1WqRtWpBt1BNelOqkW1qQ7dRXWpHtWnBnQ3NaR7qBHdS43pPmpC91NTeoCa0YPUnB6iFvQwtaRHqBU9Sq2pDbWldtSeHqMO9Dh1pE7UmZ6gLvQkdaWnKJGepm70DHWnZ6kHPUc96XnqRS9Qb+pDfelF6kcvUX8aQEk0kAbRyzSYhtBQGkbD6RUaQa/SSHqNkmkUjabXaQy9QWPpTRpH42kCvUUTaRJNpik0laZRCr1N0+kdmkHv0kyaRbNpDqXSXJpH79F8WkAL6X1aRB/QYlpCS2kZpdGHlE7LKYM+ohX0MWXSSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtAntJN20W7aQ3tpH+2nT+kAfUYH6XPKoi/oEP2JDtOXdIS+omz6mo7SN3SMvqXj9B2doO/pJJ0KBP1AZ+hHOkvn6Dz9RBfoZ7pIl+gyeRIhhDJUoQ6DME+YN4wJ84X5w2vCAuG1YcGwUBgJrwtjw+vDwuENYZGwaFgsLB7GhSXCkqEJMbQhhWFYKiwdRsMbwzLhTWF8WDYsF5YPXVghTAhvDiuGt4SVwlvDyuFtYZXw9rBqWC185L4a4R1hzfDOsFZYO6wT3hXWDeuF9cMG4d1hw/CesFF4b9g4vC+sFN4fNg0fCJuFD4bNw4fCFuHDYcvwkbBV+GjYOmwTtg3bhe3Dx8IO4eNhx7BT2Dl8IuwSPhl2DZ8KE8Onw27hM7+7nhQODAeFL4cvh97fq5ZGl0XToh9G06PLoxnRj6Iroh9HM6Mro6uiq6Nromuj66LroxuiG6ObopujW6Jbo9ui26PeN8grHDjplNMucHlcXhfj8rn87hpXwF3rCrpCLuKuc7HuelfY3eCKuKKumCvu4lwJV9IZh846cqEr5Uq7qLvRlXE3uXhX1pVz5Z1zFVyCa+fau/aug3vcdXSdXGf3hHvCPemedE+5p9zTrpt7xnV3z7oe7jnX0z3vnncvuN6uj+vrXnT93EuuvxvgklySG+QGucFusBvqhrrhbrgb4Ua4kW6kS3bJbrQb7ca4MW6sG+vGuXFugpvgJrqJbrKb7Ka6qS7Fpbjpbrqb4Wa4mW6mm+1mu1SX6ua5eW6+m+8WuoVuUfwit9gtdkvdUpfm0ly6S3cZLsOtcCtcpst0q9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t8PtcDvdTrfb7XZ73V633+13B9wBd9AddFkuyx1yh9xhd9gdcV+5bPe1O+q+ccfct+64+86dcN+7k+6UO+1+cGfcj+6sO+fOu5/cBfezu+guucvOu5TI25HpkXciMyLvRmZGZkVmR+ZEUiNzI/Mi70XmRxZEFkbejyyKfBBZHFkSWRpZFkmLfBhJjyyPZEQ+iqyIfBzJjKyMrIqsjqyJrI14X2Jn6Ev50j7qb/Rl/E0+3pf15Xx573wFn+Bv9hX9Lb6Sv9VX9rf5Kv52X9VX89X9o761b+Pb+na+vX/Md/CP+46+k+/sn/Bd/JO+q3/KJ/qnfTf/jO/un/U9/HO+p3/e9/Iv+N6+j+/rX/T9/Eu+vx/gk/xAP8i/7Af7IX6oH+aH+1f8CP+qH+lf88l+lB/tX/dj/Bt+rH/Tj/Pj/QT/lp/oJ/nJfoqf6qf5FP+2n+7f8TP8u36mn+Vn+zk+1c/18/x7fr5f4Bf69/0i/4Ff7Jf4pX6ZT/Mf+nS/3Gf4j/wK/7HP9Cv9Kr/ar/Fr/Tq/3m/wG/0mv9lv8Vv9Nr/d7/Cf+J1+l9/t9/i9fp/f7z/1B/xn/qD/3Gf5L/wh/yd/2H/pj/ivfLb/2h/13/hj/lt/3H/nT/jv/Ul/yp/2P/gz/kd/1p/z5/1P/oL/2V/0l/zl/9HfrMX88Y/TGWOMMcb+xW0r8vfXB/6N78lfR45BQohrdxXP/st1JYTY8mvdITKuS0QI8fSAXg/9edStm5SU9OuxmUoEpZcIISJX8vOIK/FK0Vk8KRJFJ1Hxb+5viOxzgX6nfvQ2IfL/RU7OVd+f4yv1b/kv6j/2xIT0KuH52L9Tf4kQ8aWv5OQTV+Ir9Sv9F/WLdvid/ef7MkWIjn+RU0Bcia/UTxCPi2dE4l8dyRhjjDHGGGOM/YchsnqP37t/zrk/j9NXcvKKK/Hv3Z8zxhhjjDHGGGPs6nuuT9+nHktM7NSDJzzhCU/+c3K135kYY4wxxhhjf7QrF/1XeyeMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlju9c/4d2JX+xwZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxq+3/BQAA//8SbzYB")
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x41, 0x6, 0xcd, 0x40, 0x6cd, 0x10f, 0xd51b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0xb, 0xfd, 0x2, 0x33, 0x77, 0x61, 0x0, [], [{{0x9, 0x5, 0x7, 0x2, 0x400, 0x81, 0x40, 0x6}}, {{0x9, 0x5, 0x87, 0x3, 0x8, 0xf, 0xff, 0x7}}]}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x40, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x12, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x581}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.184748046s ago: executing program 3 (id=2282):
r0 = socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(r0)

1.080232082s ago: executing program 2 (id=2283):
ioprio_set$pid(0x1, 0x0, 0x2004)
syz_clone(0x88280, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fadvise64(0xffffffffffffffff, 0xc2f, 0x5, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6a2e4e0ed11fabf6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

1.045719114s ago: executing program 8 (id=2284):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000)=0xb6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000100)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
recvfrom(r0, 0x0, 0x0, 0x32, 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000240)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "a324292dad11008954a40b57bb23a78bd1175c0cd068c525e1cdf100", "6868aaf371b13a6a21324c50a094ab38785b31fe60b985a578ad106fd0eafef54485b61e1df4a065c451bf0f24279510", "7d8608ddf3268d2045b27ebf8ee672bc4421549386a5a5903b20b9f4", {"96775e3b6484c1851f6984768a7bb2fb", "412a7c8e5fffae9a88c46a3056c4319a"}}}}}}}, 0x0)
syz_emit_ethernet(0x4d, &(0x7f00000003c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x2b, 0x0, @gue={{0x1, 0x0, 0x0, 0x40, 0x100, @void}, "2df7990e4ba2b0afb2fe9d5f1108bfb74e6b922142f2e46741066aa292c9ed"}}}}}}, 0x0)

980.211157ms ago: executing program 4 (id=2285):
rt_sigprocmask(0x2, &(0x7f0000000080)={[0xffffffffffffffff]}, 0x0, 0x8)
r0 = gettid()
r1 = getpid()
rt_tgsigqueueinfo(r1, r0, 0x7, &(0x7f0000000140)={0x812, 0x810002, 0x8})
r2 = getpid()
r3 = gettid()
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000000c0)='./file2\x00', 0xf4ddc3267dd022d3, &(0x7f0000000480)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c63727566742c646d6f64653d3078303030303030303030303030303030352c6f76657272696465726f636b7065726d2c73686f776173736f632c7065726d69745f646972656374696f2c736d73726f6f743d63727566742c004ef38bc576ab64c53f16e96fd52f000000653f208615df39cede52a3565e692d60a4ff07fa1d591fc9a537ff5c37c22628c35863cb192d5806c780471ca1d3ba6ccff6a3b3cb4e3b224c95ab069a7a"], 0x3, 0x562, &(0x7f00000009c0)="$eJzs3V1v01YYwPHHbaOFMLFpmxCqeDm0m1Q0CE4KRRFXnnOSHkjsyHZQe4UQTVFFChNl0tob6A3bpG2fYdzuQ+x2d/smaB9hk+2kpG1eBn1Jh/6/iPrEfuzz2KR+5CrHFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIJZbtu2CJTXjNZdUr992vXPLgV9Xg3W3d2XXZEi/Ilb8T7JZOZfOOvfF28Vn4x8zcj59d16y8SQrW6fPfnr786mJ7vpDEjoWG5tbjx+0261n405kTKraM6Fv6k5VKxP6qvTrnyKLlVBVTE2Hy2Gk68oNtBP5gZpzr6hCqTSvdH7Zb3rVslPT3Zm3rhVte0HdyTe0E4S+d/1OPnQXTa1mvGoSEy+OY27FH8S7JlKRdupKra61W/NKqdPDkoyDCqP2JA4qjgoq2sVioVAsFhZulm7esu2pfTPsPWRfxPg/tBivQz6DA+9volP/pSZGPGnKkqi+L1fKEogv9QHLO7r1/6vremi/lsikdOp/t8qfe7t4WpL6fzF9d3FQ/R+Qy/G9NmRTMp2cT0lLno09o+N9VUWLJ0ZC8cVIXZxkjurMUVKSBVkQW+7LolQkFCUVMVITLaEsSyiR6OQT5UogWhyJxJdAlMyJK1dESUFKUpJ5UaIlL8viS1M8qUpZnGQrq7ImbWklEf1fp2QnqDBkR3aCikOCqP84uMM9gQMH8E+3/g+WOb5sAAAAAADAUbCSv75byWX+haRVMTVtjzstAAAAAABwiCyRlZ5vpFwQi+t/AAAAAAA+NFYyxs4SkZxcSlvdkVD8EQAAAAAAgA9EMvL/YjzJxa1LYnH9DwAAAADAh+bHkffYDxsfWX/8LcGLjLXdWPrSWnfiOGd9Ml1vcu8Wo8q0daazkWSyMNV55+rzVmeswc6QgzedyeqgPD5O5lrWi/jnAROQn+VyGnN5JZ2udJeke5urmJrOuxm5XUjTEJHvnqx9LxLsdLO61m7lHz5tryS5bMezttc7N1Dcdx/FIbk8T+63kIy56HvkM8lAjCDIWD951ksr6dfu3f+JdPWJd+jzlcykMTO5dJrbvf/ZuM9C/nZBHOfMRKSXos7eJ1nUc2kWhT173vfukUOzmE1jZudm00mfLIoDs4i7W2u3ir1ZvNexGJjFS+lmMT/qWMx3s8i87f5dsgCAcVkdUYWs5Hy3fcC6M7C6d3ux9vXyHtX9lcylMXPTyYl1arpPXbFHndHtA9b13zN7n4E0qMbG/f6yp6q+jld4PbDfsFa04kM4+Xz9Wzm7sbl1bW39waPWo9aTYnF+wb5h2zeLkkl2ozOh9gAA+hj9jJ2REdaNEVfVn+18pSAvD+WptGVFriajDZJvHPTdaq7nawhXR1y15nqe8HJ1xLVlrudBL/89dv4Y/icAADg+MyPq8Mj6L93ryFMi0v+6e3ctH3513FvLezYMAAAOkQ7eWLnoBysITON+oVQqONGiVoHv3lWBKVe1Ml6kA3fR8apaNQI/8l2/FjfumbIOVdhsNPwgUhU/UA0/NEvJk99V59Hvoa47XmTcsFHTTqiV63uR40aqbEJXNZrf1Ey4qINk5bChXVMxrhMZ31Oh3wxcnVcq1Lon0JS1F5mKiZueagSm7gTL6p5fa9a1KuvQDUwj8tMNdvsyXsUP6slm8+M+2AAAnBAbm1uPH7TbrWdH2Bj3PgIAgN2o0gAAAAAAAAAAAAAAAAAAAAAAnHzHMf7vSBqSfYfgv9KnCMhJSf5/1vjkZKTRt5E9GWmMrWENWvT17MF+u5NfmFp2vKcnAEfo3wAAAP//hQRKQg==")
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = memfd_create(&(0x7f0000000040)='\\\\&\x0e\x00', 0x1)
copy_file_range(r4, 0x0, r4, &(0x7f0000000080)=0xde27, 0x3, 0x0)
rt_tgsigqueueinfo(r2, r3, 0x1f, &(0x7f0000000000)={0x17, 0xb, 0x82})
ppoll(0x0, 0x0, 0x0, &(0x7f0000000100), 0x8)

288.778414ms ago: executing program 6 (id=2286):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x3, 0x4, 0x801, 0x1, r3, 0x15b4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50)

227.069628ms ago: executing program 3 (id=2287):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x24}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_INTERFACE(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x1c, r6, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20004080)

226.507618ms ago: executing program 4 (id=2288):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f0000000340)={[{@fat=@codepage={'codepage', 0x3d, '850'}}, {@uni_xlateno}, {@fat=@check_strict}, {@fat=@nfs}, {@shortname_lower}, {@shortname_mixed}, {@numtail}, {@fat=@umask={'umask', 0x3d, 0xe1}}, {@utf8}, {@shortname_lower}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@utf8no}]}, 0x2a, 0x360, &(0x7f0000000e40)="$eJzs3T9sG1UYAPDPPddOg4IzIFUwmREJqiaIAVgSVUWqyABFFv8WLJryJzaVYmEpGeJm4c8IYkECMbB1gIGhM2JAiI2BlSKhAmKhW6RWHLLv4nNih0RUSan4/Ybo0/fed++9u1OcnOznVxZi5cLxuHjjxvWYmipFeeHMQmyVYjaORRKZyzFBeVISALgbbKVp/Jlm9u/94fR2VDnkeQEAh2fw+v/aTJGo3snZAABH4YD//z8zMXvp0KYFAByirRi+/r93z3jzrsf85eF7AgCAu9dzL7709OJSxPl6fSqi/W630W3EE0X74sV4I1qxHKejFrcisgcF2dOC/s+nzi2dPV3v+3U2Gv2KbiOi3es2sr8UFpNBfTXmohazeX06rE/69XOD+npEXO4Nxo92qds4HtP5+D9Nx3LMRy3uG6uPOLd0dr6eH6DR3q7vRWzG1PYi+vM/FbX44dW4FK24EP3aYv4bc/X6mXRpR333SnXQby+fef8jAAAAAAAAAAAAAAAAAAAAAAC34VR9aHa4/03a7nXfOV90KJV2tg/298ma8/2BNrP9gdLq9u487ye79wfauT9Pt1GOY3d05QAAAAAAAAAAAAAAAAAAAPDf0VmrRLPVWl7trK2vjAa9kcxb333xzYnY3efNpMhEOTtcnqkMjpznYqQqiWF5OixPkx198iCJKDpfuTqc8Wif6nAV69ubCYwepxrxyEzESKaUz6nZas08+MsnY4Oura/8VWSSGDstO4PS+KDte7PUP1TtHczv0+damqZ7lW98PF4VpYjy2IW7naCSB99ef/3+RzsnHxs0fZ1v+vDQw7Xnr330+e8rzVbkp6bVqqx2bqX/ZqzILkFxb5Ty81yacCdMDjaLzOZqZ62Z/PjHCw988P2uzklMKu/fW0Xm7b3H+nJ3ppIF/WkeZKXHJ9z8E4Inv2q+fHN49+639tpY5uSnC82rGz//dtBLMPJLwkYdAAAAAAAAAAAAAAAAAABwJEY+bn0g2WevH3/2cGcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEer+P7/kWBzLHOQ4GYvxpuqy6udPQc/caRLBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgf+zvAAAA//8iKW4Q")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x650ce4b086bd440d)

80.097795ms ago: executing program 2 (id=2289):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1123102, 0x0)
pipe2(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r3, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
splice(r2, 0x0, r1, 0x0, 0x40010003, 0x8)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x1b)

0s ago: executing program 8 (id=2290):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001000)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffe000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000080)=""/92)
shmctl$SHM_INFO(r3, 0xe, 0x0)

kernel console output (not intermixed with test programs):

scuous mode
[  231.635892][ T8807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1046'.
[  231.682433][ T8807] device geneve2 left promiscuous mode
[  231.830410][ T8807] bridge0: port 3(geneve2) entered disabled state
[  231.935868][ T8807] device bridge_slave_1 left promiscuous mode
[  231.954691][ T8807] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.986135][ T8840] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1053'.
[  232.046547][ T8807] device bridge_slave_0 left promiscuous mode
[  232.068994][ T8807] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.255548][ T8826] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1050'.
[  232.536393][ T8865] binder: 8863:8865 unknown command 0
[  232.567906][ T8865] binder: 8863:8865 ioctl c0306201 200000000080 returned -22
[  232.590681][ T8869] tipc: Started in network mode
[  232.607022][ T8869] tipc: Node identity c63386d51509, cluster identity 4711
[  232.668682][ T8869] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  232.855991][ T8873] device syzkaller0 entered promiscuous mode
[  232.960272][ T8888] kvm: pic: non byte read
[  232.996166][ T8888] kvm: pic: non byte read
[  233.196469][ T8888] kvm: pic: non byte read
[  233.378500][ T8888] kvm: pic: non byte read
[  233.503247][ T8867] tipc: Resetting bearer <eth:syzkaller0>
[  233.512390][ T8888] kvm: pic: non byte read
[  233.948429][ T8867] tipc: Disabling bearer <eth:syzkaller0>
[  234.032132][ T1324] tipc: Node number set to 3543828181
[  234.091770][ T8904] loop8: detected capacity change from 0 to 8
[  234.269704][ T4226] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  234.306027][ T8904] SQUASHFS error: Unable to read inode 0x11f
[  235.292712][ T8917] loop3: detected capacity change from 0 to 65536
[  235.414558][ T4226] usb 10-1: Using ep0 maxpacket: 32
[  235.448489][ T8917] XFS (loop3): Mounting V5 Filesystem
[  235.578717][ T4226] usb 10-1: unable to get BOS descriptor or descriptor too short
[  235.596890][ T8917] XFS (loop3): Ending clean mount
[  235.604113][ T8917] XFS (loop3): Quotacheck needed: Please wait.
[  235.660777][ T4226] usb 10-1: config 7 has an invalid interface number: 128 but max is 0
[  235.688821][ T8943] loop8: detected capacity change from 0 to 1024
[  235.701981][ T4226] usb 10-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[  235.727581][ T8945] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1082'.
[  235.742378][ T4226] usb 10-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  235.768846][ T4254] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  235.770716][ T4226] usb 10-1: config 7 has no interface number 0
[  235.797156][ T4226] usb 10-1: config 7 interface 128 altsetting 2 has an invalid endpoint with address 0x17, skipping
[  235.845787][ T4226] usb 10-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11
[  235.866111][ T4226] usb 10-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  235.880480][ T4226] usb 10-1: config 7 interface 128 has no altsetting 0
[  235.929257][ T8917] XFS (loop3): Quotacheck: Done.
[  236.028545][ T8344] XFS (loop3): Unmounting Filesystem
[  236.041084][ T4254] usb 2-1: Using ep0 maxpacket: 32
[  236.053610][ T4226] usb 10-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13
[  236.107005][ T4226] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.168372][ T4226] usb 10-1: Product: syz
[  236.195556][ T4226] usb 10-1: Manufacturer: syz
[  236.200883][ T4254] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  236.211015][ T4226] usb 10-1: SerialNumber: syz
[  236.232209][ T4254] usb 2-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  236.257479][ T8896] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  236.278609][ T5104] hfsplus: b-tree write err: -5, ino 8
[  236.295386][ T4254] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.352384][ T4254] usb 2-1: config 0 descriptor??
[  236.439578][ T4254] dw2102: su3000_identify_state
[  236.451556][ T4254] dvb-usb: found a 'TeVii S662' in warm state.
[  236.472937][ T4254] dw2102: su3000_power_ctrl: 1, initialized 0
[  236.503336][ T4254] dvb-usb: bulk message failed: -22 (2/0)
[  236.523374][ T8896] loop9: detected capacity change from 0 to 512
[  236.559975][ T4254] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  236.597728][ T4254] dvbdev: DVB: registering new adapter (TeVii S662)
[  236.606296][ T4254] usb 2-1: media controller created
[  236.662241][ T4254] dvb-usb: bulk message failed: -22 (6/0)
[  236.662302][ T8896] EXT4-fs (loop9): corrupt root inode, run e2fsck
[  236.662363][ T8896] EXT4-fs (loop9): mount failed
[  236.674056][ T4254] dw2102: i2c transfer failed.
[  236.690187][ T8922] dvb-usb: bulk message failed: -22 (7/0)
[  236.696559][ T8922] dw2102: i2c transfer failed.
[  236.730968][ T4254] dvb-usb: bulk message failed: -22 (6/0)
[  236.738297][ T4254] dw2102: i2c transfer failed.
[  236.748256][ T4254] dvb-usb: bulk message failed: -22 (6/0)
[  236.754153][ T4254] dw2102: i2c transfer failed.
[  236.759209][ T4254] dvb-usb: bulk message failed: -22 (6/0)
[  236.768863][ T4254] dw2102: i2c transfer failed.
[  236.775831][ T4254] dvb-usb: bulk message failed: -22 (6/0)
[  236.781960][ T4254] dw2102: i2c transfer failed.
[  236.786822][ T4254] dvb-usb: bulk message failed: -22 (6/0)
[  236.793717][ T4254] dw2102: i2c transfer failed.
[  236.798677][ T4254] dvb-usb: MAC address: 02:02:02:02:02:02
[  236.820693][ T4254] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  236.850946][ T4254] dvb-usb: bulk message failed: -22 (3/0)
[  236.856792][ T4254] dw2102: command 0x0e transfer failed.
[  236.865687][ T4254] dvb-usb: bulk message failed: -22 (3/0)
[  236.871516][ T4254] dw2102: command 0x0e transfer failed.
[  236.926020][ T8967] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1087'.
[  236.945068][ T8967] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  236.962980][ T8977] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1088'.
[  236.993529][ T8977] device bond0 entered promiscuous mode
[  236.999404][ T8977] device bond_slave_0 entered promiscuous mode
[  237.041221][ T8977] device bond_slave_1 entered promiscuous mode
[  237.110296][ T8977] device wlan1 entered promiscuous mode
[  237.157456][ T8977] device bond0 left promiscuous mode
[  237.163186][ T8977] device bond_slave_0 left promiscuous mode
[  237.179235][ T8977] device bond_slave_1 left promiscuous mode
[  237.187555][ T8977] device wlan1 left promiscuous mode
[  237.202291][ T4254] dvb-usb: bulk message failed: -22 (3/0)
[  237.209560][ T4254] dw2102: command 0x0e transfer failed.
[  237.222043][ T4254] dvb-usb: bulk message failed: -22 (3/0)
[  237.253199][ T8980] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1088'.
[  237.263505][ T4254] dw2102: command 0x0e transfer failed.
[  237.264161][ T4226] usb 10-1: MIDIStreaming interface descriptor not found
[  237.281068][ T4254] dvb-usb: bulk message failed: -22 (1/0)
[  237.302230][ T4254] dw2102: command 0x51 transfer failed.
[  237.317942][ T8980] device bond0 entered promiscuous mode
[  237.327731][ T8980] device bond_slave_0 entered promiscuous mode
[  237.328860][ T4254] dvb-usb: bulk message failed: -22 (5/0)
[  237.364288][ T8980] device bond_slave_1 entered promiscuous mode
[  237.370423][ T4254] dw2102: i2c probe for address 0x68 failed.
[  237.393130][ T4226] usb 10-1: USB disconnect, device number 4
[  237.394943][ T4254] dvb-usb: bulk message failed: -22 (5/0)
[  237.407876][ T8980] device wlan1 entered promiscuous mode
[  237.427591][ T4254] dw2102: i2c probe for address 0x69 failed.
[  237.462672][ T8980] device bond0 left promiscuous mode
[  237.469028][ T8980] device bond_slave_0 left promiscuous mode
[  237.480040][ T4254] dvb-usb: bulk message failed: -22 (5/0)
[  237.531080][ T4254] dw2102: i2c probe for address 0x6a failed.
[  237.537738][ T8980] device bond_slave_1 left promiscuous mode
[  237.555528][ T4254] dw2102: probing for demodulator failed. Is the external power switched on?
[  237.565691][ T8980] device wlan1 left promiscuous mode
[  237.589115][ T4254] dvb-usb: no frontend was attached by 'TeVii S662'
[  237.624698][ T9000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'.
[  237.748797][ T4225] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.817770][ T4254] rc_core: IR keymap rc-tt-1500 not found
[  237.825621][ T4254] Registered IR keymap rc-empty
[  237.828663][ T8480] udevd[8480]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  237.869330][ T4254] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  237.904602][ T4254] input: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input10
[  237.922945][ T4254] dvb-usb: schedule remote query interval to 250 msecs.
[  237.969859][ T4254] dw2102: su3000_power_ctrl: 0, initialized 1
[  237.988689][ T4254] dvb-usb: TeVii S662 successfully initialized and connected.
[  238.039531][ T4254] usb 2-1: USB disconnect, device number 2
[  238.091807][ T4225] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.266054][ T4254] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  238.302905][ T4225] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.342900][ T9023] sch_tbf: burst 19360 is lower than device lo mtu (65550) !
[  238.447412][ T4225] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.842076][ T9037] program syz.8.1097 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  239.332204][ T9053] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  241.282748][ T4225] tipc: Disabling bearer <udp:syz2>
[  241.299528][ T4225] tipc: Disabling bearer <eth:veth0_macvtap>
[  241.358004][ T4225] tipc: Disabling bearer <eth:ipvlan1>
[  241.414461][ T4225] tipc: Left network mode
[  242.016232][ T9116] loop1: detected capacity change from 0 to 1024
[  242.117970][ T9116] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  242.362422][   T26] audit: type=1800 audit(2000000572.858:16): pid=9116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1118" name="file0" dev="overlay" ino=22 res=0 errno=0
[  242.770365][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  242.861649][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  242.939068][   T26] audit: type=1326 audit(2000000573.428:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9136 comm="syz.3.1124" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x0
[  242.952605][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  242.978250][ T9141] fuse: Unknown parameter '00000000000000000000'
[  243.014786][ T9141] loop8: detected capacity change from 0 to 1024
[  243.061335][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  243.104566][ T9141] EXT4-fs (loop8): Ignoring removed nomblk_io_submit option
[  243.123728][ T9141] EXT4-fs (loop8): Ignoring removed bh option
[  243.137807][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  243.185386][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  243.207570][ T9141] EXT4-fs (loop8): mounted filesystem without journal. Opts: jqfmt=vfsv1,nombcache,min_batch_time=0x0000000000000001,delalloc,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,nomblk_io_submit,noauto_da_alloc,bh,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  243.276527][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  243.285254][ T9141] EXT4-fs error (device loop8): ext4_search_dir:1549: inode #12: block 7: comm syz.8.1126: bad entry in directory: inode out of bounds - offset=0, inode=1073741837, rec_len=16, size=56 fake=0
[  243.376739][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  243.524364][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  243.652377][ T7923] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size
[  244.076709][ T4522] usb 9-1: new full-speed USB device number 6 using dummy_hcd
[  244.466891][ T4522] usb 9-1: config 0 has an invalid interface number: 41 but max is 0
[  244.496819][ T4522] usb 9-1: config 0 has no interface number 0
[  244.535979][ T4522] usb 9-1: config 0 interface 41 has no altsetting 0
[  244.736775][ T4522] usb 9-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  244.756056][ T4522] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.786620][ T4522] usb 9-1: Product: syz
[  244.790822][ T4522] usb 9-1: Manufacturer: syz
[  244.795422][ T4522] usb 9-1: SerialNumber: syz
[  244.821811][ T4522] usb 9-1: config 0 descriptor??
[  244.848889][ T9203] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1139'.
[  244.995592][ T9209] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1140'.
[  245.787533][ T4522] CoreChips 9-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  246.397494][ T9237] loop3: detected capacity change from 0 to 256
[  247.424572][   T26] audit: type=1326 audit(2000000577.900:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9242 comm="syz.6.1149" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa235340eb9 code=0x0
[  247.579466][ T9257] loop3: detected capacity change from 0 to 512
[  247.616872][ T4522] CoreChips 9-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9
[  247.650173][ T4225] device hsr_slave_0 left promiscuous mode
[  247.666608][ T4522] CoreChips 9-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  247.667068][ T9257] EXT4-fs (loop3): Ignoring removed bh option
[  247.706644][ T4522] CoreChips: probe of 9-1:0.41 failed with error -71
[  247.713501][ T4225] device hsr_slave_1 left promiscuous mode
[  247.749750][ T4522] usb 9-1: USB disconnect, device number 6
[  247.789048][ T4225] device hsr_slave_0 left promiscuous mode
[  247.798417][ T9257] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,usrquota,bh,,errors=continue. Quota mode: writeback.
[  247.812195][ T4225] device hsr_slave_1 left promiscuous mode
[  247.883140][ T4225] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  247.944459][ T9257] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  247.963061][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_0
[  248.025920][ T4225] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  248.054042][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_1
[  248.090467][ T4225] device bridge_slave_1 left promiscuous mode
[  248.116222][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.173809][ T4225] device bridge_slave_0 left promiscuous mode
[  248.207897][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.362744][ T4225] device veth1_macvtap left promiscuous mode
[  248.394658][ T4225] device veth0_macvtap left promiscuous mode
[  248.403133][ T4225] device veth1_vlan left promiscuous mode
[  248.416907][   T21] Bluetooth: hci3: command 0x0409 tx timeout
[  248.477642][ T4225] device veth0_vlan left promiscuous mode
[  248.512163][ T4225] device veth1_macvtap left promiscuous mode
[  248.556267][ T4225] device veth0_macvtap left promiscuous mode
[  248.595825][ T4225] device veth1_vlan left promiscuous mode
[  248.609247][ T4225] device veth0_vlan left promiscuous mode
[  249.030537][ T9305] loop6: detected capacity change from 0 to 1024
[  249.092727][ T9305] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option
[  249.143200][ T9305] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  249.445368][ T9316] xt_CT: No such helper "syz0"
[  249.498280][ T4225] bond0 (unregistering): Released all slaves
[  249.615928][ T4225] team0 (unregistering): Port device macvlan0 removed
[  249.670798][ T4225] team0 (unregistering): Port device team_slave_1 removed
[  249.685805][ T4225] team0 (unregistering): Port device team_slave_0 removed
[  249.704352][ T4225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.726323][ T4225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.804885][ T4225] bond0 (unregistering): Released all slaves
[  250.156721][ T9230] chnl_net:caif_netlink_parms(): no params data found
[  250.235050][ T9230] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.242555][ T9230] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.250846][ T9230] device bridge_slave_0 entered promiscuous mode
[  250.259748][ T9230] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.267134][ T9230] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.275697][ T9230] device bridge_slave_1 entered promiscuous mode
[  250.302192][ T9230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  250.358549][ T9230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  250.392670][ T9230] team0: Port device team_slave_0 added
[  250.409038][ T9230] team0: Port device team_slave_1 added
[  250.444369][ T9230] batman_adv: batadv0: Adding interface: batadv_slave_0
[  250.451585][ T9230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.478132][ T9230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  250.491248][ T9230] batman_adv: batadv0: Adding interface: batadv_slave_1
[  250.504099][ T9230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.533685][ T7277] Bluetooth: hci3: command 0x041b tx timeout
[  250.542177][ T9230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  250.595122][ T9230] device hsr_slave_0 entered promiscuous mode
[  250.608032][ T9230] device hsr_slave_1 entered promiscuous mode
[  250.615122][ T9230] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  250.626577][ T9230] Cannot create hsr debugfs directory
[  251.162335][ T9230] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  251.181243][ T9230] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  251.207415][ T9230] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  251.225747][ T9230] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  251.406673][ T9230] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.445778][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  251.454293][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  251.498192][ T9230] 8021q: adding VLAN 0 to HW filter on device team0
[  251.516888][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  251.526162][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  251.537259][ T6536] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.544341][ T6536] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.578115][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  251.587666][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  251.596984][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  251.605482][ T6536] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.612599][ T6536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.622625][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  251.632760][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  251.648930][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  251.682879][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  251.714640][ T9230] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  251.726345][ T9230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  251.739654][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  251.748507][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  251.758098][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  251.774020][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  251.783891][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  251.799103][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  251.817612][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  251.843373][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  252.031658][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  252.051231][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  252.075473][ T9230] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.110054][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  252.127510][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  252.166380][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  252.179013][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  252.195724][ T9230] device veth0_vlan entered promiscuous mode
[  252.203486][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  252.221294][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  252.239433][ T9230] device veth1_vlan entered promiscuous mode
[  252.271808][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  252.284107][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  252.304186][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  252.321827][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  252.336369][ T9230] device veth0_macvtap entered promiscuous mode
[  252.356125][ T9230] device veth1_macvtap entered promiscuous mode
[  252.394740][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.411493][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.430169][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.445055][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.458318][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.479429][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.516521][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.545650][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.570534][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  252.582982][ T4254] Bluetooth: hci3: command 0x040f tx timeout
[  252.614210][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  252.637996][ T9230] batman_adv: batadv0: Interface activated: batadv_slave_0
[  252.650234][ T9413] netlink: 'syz.6.1171': attribute type 1 has an invalid length.
[  252.713263][ T9413] 8021q: adding VLAN 0 to HW filter on device bond2
[  252.721466][ T9417] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1172'.
[  252.752890][ T9417] device bond0 entered promiscuous mode
[  252.760489][ T9417] device bond_slave_0 entered promiscuous mode
[  252.806144][ T9417] device bond_slave_1 entered promiscuous mode
[  252.815741][ T9417] device bond0 left promiscuous mode
[  252.822857][ T9417] device bond_slave_0 left promiscuous mode
[  252.876429][ T9417] device bond_slave_1 left promiscuous mode
[  252.912393][ T9418] bond2: (slave vlan2): making interface the new active one
[  252.945977][ T9418] bond2: (slave vlan2): Enslaving as an active interface with an up link
[  252.973732][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  253.002429][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  253.029770][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  253.066664][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  253.080416][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  253.098977][ T9420] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1172'.
[  253.125724][ T9420] device bond0 entered promiscuous mode
[  253.133587][ T9420] device bond_slave_0 entered promiscuous mode
[  253.153672][ T9420] device bond_slave_1 entered promiscuous mode
[  253.192592][ T9420] device bond0 left promiscuous mode
[  253.201900][ T9420] device bond_slave_0 left promiscuous mode
[  253.220716][ T9420] device bond_slave_1 left promiscuous mode
[  253.277653][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.298842][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.317125][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.328103][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.340842][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.373990][ T9457] binder: 9456:9457 unknown command 0
[  253.377867][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.386657][ T9457] binder: 9456:9457 ioctl c0306201 200000000080 returned -22
[  253.411155][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.429969][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.443718][ T9230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.463800][ T9230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.480717][ T9230] batman_adv: batadv0: Interface activated: batadv_slave_1
[  253.485448][ T9462] tipc: Failed to remove unknown binding: 66,0,0/0:3625560876/3625560877
[  253.505496][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  253.533677][ T9462] tipc: Failed to remove unknown binding: 66,0,0/0:3625560876/3625560877
[  253.560994][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  253.640754][ T9230] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.677655][ T9230] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.699341][ T9230] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.717944][ T9230] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.919316][ T4342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.983600][ T4342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.008014][ T5104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.052859][ T5104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.084864][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  254.107782][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  254.282705][ T9479] loop9: detected capacity change from 0 to 512
[  254.361674][ T9479] EXT4-fs (loop9): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  254.382373][ T4225] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.448343][ T9479] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  254.549700][ T9479] EXT4-fs (loop9): 1 truncate cleaned up
[  254.557713][ T9479] EXT4-fs (loop9): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,dioread_nolock,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,bsdgroups,grpjquota=,,errors=continue. Quota mode: none.
[  254.611709][ T9483] loop2: detected capacity change from 0 to 1024
[  254.667163][ T7281] Bluetooth: hci3: command 0x0419 tx timeout
[  254.709014][ T4225] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.739441][ T9483] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  254.942938][ T4225] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.226407][ T4225] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.268756][ T9502] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  255.516251][ T9508] 
[  255.935174][ T4225] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.527586][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  256.692337][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  256.855031][ T4225] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.975754][ T4225] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.100452][ T4225] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.150112][ T9517] chnl_net:caif_netlink_parms(): no params data found
[  257.163756][ T9521] loop9: detected capacity change from 0 to 32768
[  257.204750][ T9521] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop9 scanned by syz.9.1194 (9521)
[  257.249027][ T9521] BTRFS info (device loop9): using xxhash64 (xxhash64-generic) checksum algorithm
[  257.284858][ T9521] BTRFS info (device loop9): force zlib compression, level 3
[  257.292934][ T1324] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  257.328367][ T9521] BTRFS info (device loop9): turning on flush-on-commit
[  257.350528][ T9517] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.369877][ T9517] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.386730][ T9521] BTRFS info (device loop9): max_inline at 4096
[  257.393053][ T9521] BTRFS info (device loop9): using free space tree
[  257.400155][ T9521] BTRFS info (device loop9): has skinny extents
[  257.447920][ T9517] device bridge_slave_0 entered promiscuous mode
[  257.527658][ T9517] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.555997][ T9517] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.582032][ T9517] device bridge_slave_1 entered promiscuous mode
[  257.651331][ T9517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  257.674082][ T9517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  257.722987][ T9517] team0: Port device team_slave_0 added
[  257.748159][ T9517] team0: Port device team_slave_1 added
[  257.755634][ T9521] BTRFS info (device loop9): enabling ssd optimizations
[  257.776789][ T4525] Bluetooth: hci2: command 0x0409 tx timeout
[  257.819903][ T1324] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  257.825844][ T9517] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.852932][ T1324] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.885508][ T9517] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.886297][ T1324] usb 3-1: Product: syz
[  258.005857][ T9521] BTRFS info (device loop9): balance: start -d -m -s
[  258.021493][ T9521] BTRFS info (device loop9): relocating block group 6881280 flags data|metadata
[  258.026662][ T9517] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  258.045444][ T1324] usb 3-1: Manufacturer: syz
[  258.066759][ T1324] usb 3-1: SerialNumber: syz
[  258.075745][ T4342] BTRFS info (device loop9): space_info 5 has 610304 free, is not full
[  258.084474][ T4342] BTRFS info (device loop9): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=978944, readonly=1617920 zone_unusable=0
[  258.087315][ T4225] tipc: Left network mode
[  258.099067][ T4342] BTRFS info (device loop9): global_block_rsv: size 851968 reserved 851968
[  258.105138][ T9517] batman_adv: batadv0: Adding interface: batadv_slave_1
[  258.112131][ T4342] BTRFS info (device loop9): trans_block_rsv: size 0 reserved 0
[  258.112153][ T4342] BTRFS info (device loop9): chunk_block_rsv: size 0 reserved 0
[  258.112170][ T4342] BTRFS info (device loop9): delayed_block_rsv: size 0 reserved 0
[  258.112187][ T4342] BTRFS info (device loop9): delayed_refs_rsv: size 262144 reserved 126976
[  258.137523][ T1324] usb 3-1: config 0 descriptor??
[  258.346210][ T9517] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.441406][ T9521] BTRFS info (device loop9): relocating block group 5242880 flags data|metadata
[  258.466701][ T1324] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  258.490921][ T9517] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  258.539943][ T4225] tipc: Left network mode
[  258.582338][ T9620] overlayfs: failed to clone upperpath
[  258.779785][ T9517] device hsr_slave_0 entered promiscuous mode
[  258.832912][ T9517] device hsr_slave_1 entered promiscuous mode
[  258.868732][ T9517] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  258.876361][ T9517] Cannot create hsr debugfs directory
[  258.954152][ T9521] BTRFS info (device loop9): found 10 extents, stage: move data extents
[  259.195940][ T9521] BTRFS info (device loop9): found 1 extents, stage: update data pointers
[  259.340609][ T9521] BTRFS info (device loop9): left=0, need=98304, flags=2
[  259.386936][ T9521] BTRFS info (device loop9): space_info 2 has 0 free, is not full
[  259.395743][ T9521] BTRFS info (device loop9): space_info total=4194304, used=4096, pinned=0, reserved=4096, may_use=0, readonly=4186112 zone_unusable=0
[  259.410075][ T9521] BTRFS info (device loop9): global_block_rsv: size 851968 reserved 847872
[  259.420151][ T9521] BTRFS info (device loop9): trans_block_rsv: size 0 reserved 0
[  259.428168][ T9521] BTRFS info (device loop9): chunk_block_rsv: size 0 reserved 0
[  259.436063][ T9521] BTRFS info (device loop9): delayed_block_rsv: size 0 reserved 0
[  259.444017][ T9521] BTRFS info (device loop9): delayed_refs_rsv: size 786432 reserved 421888
[  259.511158][ T9521] BTRFS info (device loop9): relocating block group 1048576 flags system
[  259.532247][ T9517] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.633517][ T9521] BTRFS info (device loop9): balance: canceled
[  259.648946][ T9517] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.771909][ T9517] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.858654][ T7281] Bluetooth: hci2: command 0x041b tx timeout
[  259.926585][ T9665] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1222'.
[  260.009687][ T9517] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.308843][ T1324] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71
[  260.343097][ T1324] usb 3-1: USB disconnect, device number 3
[  261.251786][ T9711] loop2: detected capacity change from 0 to 512
[  261.939597][ T9714] loop9: detected capacity change from 0 to 256
[  261.953960][ T7282] Bluetooth: hci2: command 0x040f tx timeout
[  261.978705][ T9517] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  262.058508][ T9714] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  262.180411][ T9711] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  262.193507][ T9517] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  262.222058][ T9711] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  262.246923][ T9711] EXT4-fs error (device loop2): ext4_do_update_inode:5222: inode #2: comm syz.2.1229: corrupted inode contents
[  262.267253][ T9711] EXT4-fs error (device loop2): ext4_dirty_inode:6058: inode #2: comm syz.2.1229: mark_inode_dirty error
[  262.294963][ T9711] EXT4-fs error (device loop2): ext4_do_update_inode:5222: inode #2: comm syz.2.1229: corrupted inode contents
[  262.333579][ T9517] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  262.376790][ T9517] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  262.403589][ T9711] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.1229: mark_inode_dirty error
[  262.448633][ T9732] loop8: detected capacity change from 0 to 256
[  262.568020][ T9732] FAT-fs (loop8): Directory bread(block 64) failed
[  262.616393][ T9732] FAT-fs (loop8): Directory bread(block 65) failed
[  262.672605][ T9732] FAT-fs (loop8): Directory bread(block 66) failed
[  262.738966][ T9732] FAT-fs (loop8): Directory bread(block 67) failed
[  262.778652][ T9732] FAT-fs (loop8): Directory bread(block 68) failed
[  262.806461][ T9732] FAT-fs (loop8): Directory bread(block 69) failed
[  263.597101][ T9732] FAT-fs (loop8): Directory bread(block 70) failed
[  263.652036][ T4225] device hsr_slave_0 left promiscuous mode
[  263.715506][ T9732] FAT-fs (loop8): Directory bread(block 71) failed
[  263.740706][ T9749] loop9: detected capacity change from 0 to 256
[  263.747797][ T4225] device hsr_slave_1 left promiscuous mode
[  263.759463][ T9732] FAT-fs (loop8): Directory bread(block 72) failed
[  263.784662][ T9732] FAT-fs (loop8): Directory bread(block 73) failed
[  263.810023][ T4225] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.841307][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.875839][ T4225] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.920782][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_1
[  263.947147][   T26] audit: type=1326 audit(2000000001.759:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9747 comm="syz.9.1240" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1f24268eb9 code=0x0
[  263.996584][ T4225] device bridge_slave_1 left promiscuous mode
[  264.017693][ T7279] Bluetooth: hci2: command 0x0419 tx timeout
[  264.038064][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.083130][ T4225] device bridge_slave_0 left promiscuous mode
[  264.106951][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.199276][ T4225] device hsr_slave_0 left promiscuous mode
[  264.224950][ T4225] device hsr_slave_1 left promiscuous mode
[  264.277123][ T4225] device bridge_slave_1 left promiscuous mode
[  264.313783][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.421730][ T4225] device bridge_slave_0 left promiscuous mode
[  264.428551][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.489371][ T4225] device veth1_macvtap left promiscuous mode
[  264.523306][ T4225] device veth0_macvtap left promiscuous mode
[  264.573497][ T4225] device veth1_vlan left promiscuous mode
[  264.601426][ T4225] device veth0_vlan left promiscuous mode
[  264.613325][ T4225] device veth1_macvtap left promiscuous mode
[  264.620685][ T4225] device veth0_macvtap left promiscuous mode
[  264.626869][ T4225] device veth1_vlan left promiscuous mode
[  264.635514][ T4225] device veth0_vlan left promiscuous mode
[  264.644549][ T9770] loop9: detected capacity change from 0 to 128
[  265.315010][ T4225] team0 (unregistering): Port device team_slave_1 removed
[  265.333126][ T4225] team0 (unregistering): Port device team_slave_0 removed
[  265.345719][ T4225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  265.363131][ T4225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  265.444004][ T4225] bond0 (unregistering): Released all slaves
[  265.674668][ T4225] team0 (unregistering): Port device macvlan0 removed
[  265.737005][ T4225] team0 (unregistering): Port device team_slave_1 removed
[  265.754614][ T4225] team0 (unregistering): Port device team_slave_0 removed
[  265.770443][ T4225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  265.785150][ T4225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  265.854376][ T4225] bond0 (unregistering): Released all slaves
[  265.899392][ T9751] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1241'.
[  265.920970][ T9763] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1244'.
[  265.951359][ T9763] device bridge_slave_1 left promiscuous mode
[  265.957796][ T9763] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.985644][ T9763] device bridge_slave_0 left promiscuous mode
[  265.999236][ T9763] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.255352][ T9517] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.334505][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  266.381041][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  266.428262][ T9517] 8021q: adding VLAN 0 to HW filter on device team0
[  266.491976][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  266.506515][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  266.557476][ T4342] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.564757][ T4342] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.683211][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  266.696686][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  266.741081][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  266.791205][ T4342] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.798301][ T4342] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.822876][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  266.841234][ T9795] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1252'.
[  266.873942][ T9799] netlink: 'syz.3.1252': attribute type 5 has an invalid length.
[  266.881911][ T9799] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1252'.
[  266.922024][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  266.949784][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  266.983756][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  267.047121][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  267.101925][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  267.169378][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  267.226659][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  267.250341][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  267.258920][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  267.267971][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  267.281132][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  267.319981][ T9820] bond1: option mode: unable to set because the bond device has slaves
[  267.563487][ T9834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1258'.
[  267.588544][ T9834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1258'.
[  267.641646][ T9834] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.649123][ T9834] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.802952][ T9844] loop8: detected capacity change from 0 to 8
[  268.298908][ T9862] xt_NFQUEUE: number of total queues is 0
[  269.020046][ T9517] 8021q: adding VLAN 0 to HW filter on device batadv0
[  269.038059][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  269.072247][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  269.924129][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  269.953431][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  270.036368][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  270.071256][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  270.117983][ T9517] device veth0_vlan entered promiscuous mode
[  270.138971][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  270.192854][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  270.278432][ T9517] device veth1_vlan entered promiscuous mode
[  271.421908][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  271.453756][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  271.501593][ T9517] device veth0_macvtap entered promiscuous mode
[  271.519607][ T9517] device veth1_macvtap entered promiscuous mode
[  271.792785][ T6249] Bluetooth: hci0: command 0x0409 tx timeout
[  272.821233][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  272.863238][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  272.917300][ T9885] chnl_net:caif_netlink_parms(): no params data found
[  272.966157][ T9934] APIC base relocation is unsupported by KVM
[  272.983217][ T9931] netlink: 'syz.3.1280': attribute type 10 has an invalid length.
[  273.096366][ T9931] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  273.147325][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  273.192065][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.224930][ T9942] loop8: detected capacity change from 0 to 1024
[  273.246398][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  273.282109][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.320166][ T9942] hfsplus: invalid btree flag
[  273.338464][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  273.354377][ T9942] hfsplus: failed to load extents file
[  273.390015][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.412740][ T9923] loop2: detected capacity change from 0 to 512
[  273.483025][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  273.518607][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.562041][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  273.573037][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.584535][ T9517] batman_adv: batadv0: Interface activated: batadv_slave_0
[  273.610684][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  273.637090][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  274.507963][ T9923] EXT4-fs warning (device loop2): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop2.
[  274.595883][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  274.637929][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.649961][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  274.660784][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.671698][ T7280] Bluetooth: hci0: command 0x041b tx timeout
[  274.677542][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  274.752819][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.780459][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  274.825222][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.858895][ T9517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  274.875484][ T9517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.902643][ T9517] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.075629][ T9960] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.148047][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  275.171577][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  275.194204][ T9517] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  275.212264][ T9517] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.262378][ T9517] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.286619][ T9517] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  275.375315][ T9960] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.416278][ T9983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1289'.
[  275.456237][ T9983] bond0: option arp_all_targets: invalid value (16711680)
[  275.546263][ T9960] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.647842][ T9990] loop2: detected capacity change from 0 to 4096
[  275.820604][ T9994] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  275.834111][ T9960] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.870911][ T9990] NILFS error (device loop2): nilfs_dotdot: directory #12 missing '.'
[  275.894367][ T9990] Remounting filesystem read-only
[  275.976488][ T9230] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  276.088645][ T9885] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.479329][T10002] sd 0:0:1:0: PR command failed: 2
[  276.487300][T10002] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  276.562223][ T9885] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.748939][T10002] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  276.757539][ T9885] device bridge_slave_0 entered promiscuous mode
[  276.769298][ T9885] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.801512][ T6249] Bluetooth: hci0: command 0x040f tx timeout
[  276.813841][ T9885] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.834954][ T9885] device bridge_slave_1 entered promiscuous mode
[  276.962265][ T9960] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.049815][T10013] SET target dimension over the limit!
[  277.168769][ T9885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.583669][ T9960] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.615422][ T9885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.678888][T10014] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  277.679644][ T9885] team0: Port device team_slave_0 added
[  277.683136][ T9885] team0: Port device team_slave_1 added
[  277.698938][ T9960] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.724492][ T9960] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.798171][ T9885] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.798187][ T9885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.798207][ T9885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.802283][ T9885] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.802297][ T9885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.802328][ T9885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  278.068963][T10023] netlink: 'syz.3.1297': attribute type 1 has an invalid length.
[  278.109202][T10029] bond1: (slave gretap1): making interface the new active one
[  278.117802][T10029] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  278.164174][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.177809][ T9885] device hsr_slave_0 entered promiscuous mode
[  278.182919][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.213160][ T9885] device hsr_slave_1 entered promiscuous mode
[  278.259038][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  278.345772][ T9244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.371381][ T9244] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.456021][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  279.252026][ T6249] Bluetooth: hci0: command 0x0419 tx timeout
[  279.385015][T10048] tipc: Started in network mode
[  279.391884][T10048] tipc: Node identity 080211000001, cluster identity 4711
[  279.445441][T10048] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  279.539943][  T155] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.548807][T10077] kvm [10071]: vcpu0, guest rIP: 0xdf disabled perfctr wrmsr: 0xc1 data 0x6000000308f
[  280.599458][T10077] kvm [10071]: vcpu0, guest rIP: 0xdf disabled perfctr wrmsr: 0xc2 data 0x60000005aeb
[  280.749185][  T155] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.802868][ T1324] tipc: Node number set to 134418688
[  281.126273][  T155] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.733304][T10113] loop6: detected capacity change from 0 to 256
[  281.822122][  T155] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.898382][T10113] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  282.220382][T10133] loop8: detected capacity change from 0 to 256
[  284.539590][T10133] FAT-fs (loop8): Directory bread(block 64) failed
[  284.546612][T10133] FAT-fs (loop8): Directory bread(block 65) failed
[  284.553591][T10133] FAT-fs (loop8): Directory bread(block 66) failed
[  284.560282][T10133] FAT-fs (loop8): Directory bread(block 67) failed
[  284.567216][T10133] FAT-fs (loop8): Directory bread(block 68) failed
[  284.573939][T10133] FAT-fs (loop8): Directory bread(block 69) failed
[  284.580896][T10133] FAT-fs (loop8): Directory bread(block 70) failed
[  284.587561][T10133] FAT-fs (loop8): Directory bread(block 71) failed
[  284.594544][T10133] FAT-fs (loop8): Directory bread(block 72) failed
[  284.601246][T10133] FAT-fs (loop8): Directory bread(block 73) failed
[  284.815092][T10144] loop2: detected capacity change from 0 to 512
[  284.841948][ T9885] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  284.941240][T10144] EXT4-fs (loop2): Ignoring removed bh option
[  285.066249][ T9885] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  285.075610][T10144] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,usrquota,bh,,errors=continue. Quota mode: writeback.
[  285.105878][T10144] ext4 filesystem being mounted at /32/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  285.117663][ T9885] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  285.263029][ T9885] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  285.365363][T10148] device syzkaller0 entered promiscuous mode
[  285.468414][  T155] bond1: (slave ip6gretap1): Releasing active interface
[  285.727801][T10179] loop6: detected capacity change from 0 to 1024
[  285.789361][ T9885] 8021q: adding VLAN 0 to HW filter on device bond0
[  285.821901][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  285.862622][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  286.002158][ T9885] 8021q: adding VLAN 0 to HW filter on device team0
[  286.019787][T10191] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1332'.
[  286.071448][T10200] netdevsim netdevsim8 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  286.138744][T10200] netdevsim netdevsim8 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  286.147724][T10200] netdevsim netdevsim8 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  286.169900][T10200] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  286.184387][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  286.207344][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  286.216355][ T5104] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.223486][ T5104] bridge0: port 1(bridge_slave_0) entered forwarding state
[  286.231458][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1332'.
[  286.249125][T10191] bond3 (unregistering): (slave geneve2): Releasing backup interface
[  286.279978][T10191] netdevsim netdevsim8 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  286.290792][T10191] netdevsim netdevsim8 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  286.300286][T10191] netdevsim netdevsim8 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  286.320483][T10191] bond3 (unregistering): Released all slaves
[  286.389174][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  286.397397][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  286.414477][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  286.423587][ T5104] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.430745][ T5104] bridge0: port 2(bridge_slave_1) entered forwarding state
[  286.441040][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  286.450227][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  286.526956][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  286.560014][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  286.597375][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  286.636707][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  286.664234][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  286.707812][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  286.802623][ T9885] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  286.860104][ T9885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  286.930009][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  286.938345][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  286.988660][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  287.942669][T10255] Bluetooth: (null): Invalid header checksum
[  288.141422][T10264] input: syz1 as /devices/virtual/input/input11
[  288.249315][T10269] cgroup: fork rejected by pids controller in /syz6
[  288.495657][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  288.505978][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  288.547428][ T9885] 8021q: adding VLAN 0 to HW filter on device batadv0
[  288.809124][T10321] loop6: detected capacity change from 0 to 512
[  288.833529][  T155] device hsr_slave_0 left promiscuous mode
[  288.856091][  T155] device hsr_slave_1 left promiscuous mode
[  288.869457][T10321] EXT4-fs (loop6): Ignoring removed bh option
[  288.902832][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  288.944760][  T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[  289.016609][T10321] EXT4-fs (loop6): mounted filesystem without journal. Opts: i_version,usrquota,bh,,errors=continue. Quota mode: writeback.
[  289.030928][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  289.040317][T10321] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  289.076686][  T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[  289.092970][  T155] device bridge_slave_1 left promiscuous mode
[  289.111813][  T155] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.215426][  T155] device bridge_slave_0 left promiscuous mode
[  289.234071][  T155] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.290298][  T155] device hsr_slave_0 left promiscuous mode
[  289.444021][  T155] device hsr_slave_1 left promiscuous mode
[  290.140965][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  290.151139][  T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[  290.162836][  T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  290.174284][  T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[  290.202591][  T155] device team_slave_0 left promiscuous mode
[  290.209366][  T155] device team_slave_1 left promiscuous mode
[  290.226736][  T155] device veth1_macvtap left promiscuous mode
[  290.258278][  T155] device veth0_macvtap left promiscuous mode
[  290.462267][  T155] device veth1_vlan left promiscuous mode
[  290.531934][  T155] device veth0_vlan left promiscuous mode
[  290.678383][  T155] device veth1_macvtap left promiscuous mode
[  290.763015][  T155] device veth0_macvtap left promiscuous mode
[  290.922480][  T155] device veth1_vlan left promiscuous mode
[  290.928336][  T155] device veth0_vlan left promiscuous mode
[  292.274303][  T155] bond1 (unregistering): Released all slaves
[  294.362671][ T6248] Bluetooth: hci1: command 0x0406 tx timeout
[  294.499098][  T155] team0 (unregistering): Port device team_slave_1 removed
[  294.576238][  T155] team0 (unregistering): Port device team_slave_0 removed
[  294.633951][  T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  294.690243][  T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  294.954797][  T155] bond0 (unregistering): Released all slaves
[  295.030475][  T155] bond2 (unregistering): (slave vlan2): Releasing active interface
[  295.064528][  T155] bond2 (unregistering): Released all slaves
[  295.150320][  T155] bond1 (unregistering): Released all slaves
[  295.568871][  T155] team0 (unregistering): Port device team_slave_1 removed
[  295.664283][  T155] team0 (unregistering): Port device team_slave_0 removed
[  295.718512][  T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  295.748798][  T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.991194][  T155] bond0 (unregistering): Released all slaves
[  296.048437][T10342] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  296.184961][T10397] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1372'.
[  299.248381][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  299.309177][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  299.443206][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  299.460496][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  299.508895][ T9885] device veth0_vlan entered promiscuous mode
[  299.538060][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  299.566929][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  299.619106][ T9885] device veth1_vlan entered promiscuous mode
[  299.769649][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  299.782033][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  299.803156][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  299.838779][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  299.854918][ T9885] device veth0_macvtap entered promiscuous mode
[  299.894006][ T9885] device veth1_macvtap entered promiscuous mode
[  300.018750][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.054844][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.082760][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.109335][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.325073][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.335770][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.358713][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.383914][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.390390][T10399] ODEBUG: Out of memory. ODEBUG disabled
[  300.433435][ T9885] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.455759][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  300.499921][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  300.567383][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  300.594789][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  300.614521][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.654230][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.682830][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.728034][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.738071][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.742816][T10457] "syz.6.1385" (10457) uses obsolete ecb(arc4) skcipher
[  300.761627][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.778048][ T9885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.792984][ T9885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.825637][ T9885] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.853980][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  300.880392][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  301.023349][ T9885] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  301.052157][ T9885] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  301.061038][ T9885] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  301.070438][ T9885] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.773188][T10469] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1388'.
[  303.954824][T10469] device bond0 entered promiscuous mode
[  303.961479][T10469] device bond_slave_0 entered promiscuous mode
[  303.987064][T10469] device bond_slave_1 entered promiscuous mode
[  304.026332][T10469] device bond0 left promiscuous mode
[  304.032346][T10469] device bond_slave_0 left promiscuous mode
[  304.042345][T10469] device bond_slave_1 left promiscuous mode
[  304.114724][T10478] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1388'.
[  304.136494][T10501] loop8: detected capacity change from 0 to 1024
[  304.155580][T10478] device bond0 entered promiscuous mode
[  304.211316][T10501] EXT4-fs (loop8): Ignoring removed oldalloc option
[  304.218207][T10478] device bond_slave_0 entered promiscuous mode
[  304.251897][T10478] device bond_slave_1 entered promiscuous mode
[  304.258337][T10501] EXT4-fs (loop8): Ignoring removed bh option
[  304.287306][T10501] EXT4-fs (loop8): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  304.310987][T10478] device bond0 left promiscuous mode
[  304.316413][T10478] device bond_slave_0 left promiscuous mode
[  304.335181][T10478] device bond_slave_1 left promiscuous mode
[  304.371412][T10501] EXT4-fs (loop8): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,nobarrier,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  304.416892][ T6536] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  304.457762][ T6536] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  304.639275][   T26] audit: type=1804 audit(2000000042.438:20): pid=10501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.1396" name="/newroot/136/file1/bus" dev="loop8" ino=18 res=1 errno=0
[  305.270727][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  305.425152][ T6536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  305.487030][ T6536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  305.632780][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  313.335778][T10584] team0 (unregistering): Port device team_slave_0 removed
[  313.359164][T10597] loop5: detected capacity change from 0 to 1024
[  313.382899][T10584] team0 (unregistering): Port device team_slave_1 removed
[  313.420160][T10584] team0 (unregistering): Port device dummy0 removed
[  313.482557][T10597] EXT4-fs (loop5): Ignoring removed oldalloc option
[  313.517145][T10597] EXT4-fs (loop5): Ignoring removed bh option
[  313.547719][T10597] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  313.632336][T10597] EXT4-fs (loop5): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,nobarrier,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  313.819189][   T26] audit: type=1804 audit(2000000051.604:21): pid=10597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1416" name="/newroot/2/file1/bus" dev="loop5" ino=18 res=1 errno=0
[  314.857877][T10600] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  314.872978][ T1324] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  314.901709][T10600] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  315.123070][ T1324] usb 6-1: Using ep0 maxpacket: 8
[  315.184387][T10600] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.193684][T10600] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.202646][T10600] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.212050][T10600] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.243409][ T1324] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  315.253374][ T1324] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.292097][T10602] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1418'.
[  315.322827][ T1324] pvrusb2: Hardware description: Terratec Grabster AV400
[  315.389349][ T1324] pvrusb2: **********
[  315.409606][ T1324] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  315.530366][ T1324] pvrusb2: Important functionality might not be entirely working.
[  315.538287][ T1324] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  315.549640][ T1324] pvrusb2: **********
[  315.598522][T10655] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1426'.
[  316.104516][ T2420] pvrusb2: Invalid write control endpoint
[  316.613854][T10655] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1426'.
[  316.674401][ T2420] pvrusb2: Invalid write control endpoint
[  316.681068][ T2420] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  316.690977][ T4522] usb 6-1: USB disconnect, device number 4
[  316.754658][ T2420] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  316.793360][T10676] fuse: Bad value for 'fd'
[  316.804188][ T2420] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  316.811911][T10679] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1435'.
[  316.828215][T10679] netlink: 72 bytes leftover after parsing attributes in process `syz.8.1435'.
[  316.852708][ T2420] pvrusb2: Device being rendered inoperable
[  316.873896][ T2420] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  316.892075][ T2420] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  316.989875][ T2420] pvrusb2: Attached sub-driver cx25840
[  317.007904][T10692] bond1: (slave lo): Releasing backup interface
[  317.019309][ T2420] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  317.065999][T10692] bond1: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[  317.077076][ T2420] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  317.132453][T10692] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  317.196166][T10692] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  317.219184][T10692] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  317.260906][T10692] bond0: (slave bond_slave_0): Releasing backup interface
[  317.319312][T10692] bond0: (slave bond_slave_1): Releasing backup interface
[  317.343109][T10692] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  317.373146][T10692] batman_adv: batadv0: Removing interface: batadv_slave_0
[  317.395535][T10692] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  317.403167][T10692] batman_adv: batadv0: Removing interface: batadv_slave_1
[  317.509344][T10692] bond0: (slave wlan1): Releasing backup interface
[  317.549722][T10692] bond2: (slave gretap1): Releasing active interface
[  317.887212][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  317.893532][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  317.911823][T10733] netlink: 'syz.5.1451': attribute type 4 has an invalid length.
[  319.395785][T10765] overlayfs: failed to clone upperpath
[  320.066200][T10777] netlink: 'syz.8.1463': attribute type 1 has an invalid length.
[  320.111600][T10777] 8021q: adding VLAN 0 to HW filter on device bond3
[  320.151396][T10782] bond3: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  320.247322][T10777] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  320.368617][T10791] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  320.551782][T10799] device batadv_slave_0 entered promiscuous mode
[  320.685128][T10805] overlayfs: failed to clone upperpath
[  321.688626][T10813] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  322.517378][T10824] loop8: detected capacity change from 0 to 256
[  322.569282][T10830] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1478'.
[  322.939163][T10824] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  323.110539][T10824] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  323.430486][T10841] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  323.664721][T10842] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  323.817206][T10842] device batadv_slave_0 entered promiscuous mode
[  325.376435][T10889] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1489'.
[  325.883395][T10922] overlayfs: failed to clone upperpath
[  326.288938][T10933] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  326.312547][T10933] device batadv_slave_0 entered promiscuous mode
[  326.815459][T10948] overlayfs: failed to clone upperpath
[  326.878300][T10950] overlayfs: failed to clone upperpath
[  327.189107][ T4242] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  327.405448][T10963] loop8: detected capacity change from 0 to 8
[  327.439158][ T4242] usb 6-1: Using ep0 maxpacket: 32
[  327.507129][T10963] SQUASHFS error: lzo decompression failed, data probably corrupt
[  327.526583][T10963] SQUASHFS error: Failed to read block 0x91: -5
[  327.559233][T10963] SQUASHFS error: Unable to read metadata cache entry [8f]
[  327.630889][T10963] SQUASHFS error: Unable to read inode 0x11f
[  327.669335][ T4242] usb 6-1: config 0 has no interfaces?
[  327.674943][ T4242] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  327.709131][ T4242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.812714][ T4242] usb 6-1: config 0 descriptor??
[  328.158283][T10963] netlink: 'syz.8.1507': attribute type 4 has an invalid length.
[  328.257296][T10972] netlink: 'syz.8.1507': attribute type 4 has an invalid length.
[  328.317049][ T4242] usb 6-1: USB disconnect, device number 5
[  328.573878][T10987] loop8: detected capacity change from 0 to 1024
[  328.640107][T10987] EXT4-fs (loop8): Ignoring removed nobh option
[  328.659813][T10987] EXT4-fs (loop8): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  328.791253][ T4242] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  328.842396][T10987] EXT4-fs (loop8): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000003,nodioread_nolock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,nouid32,nobh,user_xattr,nouid32,dioread_nolock,,errors=continue. Quota mode: none.
[  329.070259][ T4242] usb 6-1: Using ep0 maxpacket: 32
[  329.190924][ T4242] usb 6-1: config 0 has no interfaces?
[  329.197229][ T4242] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  329.206492][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888060f99800: rx timeout, send abort
[  329.558564][ T4242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.651970][ T4242] usb 6-1: config 0 descriptor??
[  329.708841][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888060f99800: abort rx timeout. Force session deactivation
[  329.825100][ T4242] usb 6-1: USB disconnect, device number 6
[  330.043979][T11032] EXT4-fs error (device loop8): __ext4_get_inode_loc:4327: comm syz.8.1516: Invalid inode table block 2311279685043996184 in block_group 0
[  330.064752][T11029] loop5: detected capacity change from 0 to 1024
[  330.152777][T11029] hfsplus: invalid btree flag
[  330.187234][T11029] hfsplus: failed to load extents file
[  330.479522][T11029] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  331.348651][T11057] xt_CT: You must specify a L4 protocol and not use inversions on it
[  334.721161][T11068] loop8: detected capacity change from 0 to 128
[  334.996044][T11068] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  335.041866][T11068] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  336.236977][T11099] device syzkaller0 entered promiscuous mode
[  336.352396][T11101] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  336.374736][ T4254] Bluetooth: hci4: command 0x0406 tx timeout
[  336.428210][T11108] loop8: detected capacity change from 0 to 1024
[  336.495753][T11108] EXT4-fs (loop8): Ignoring removed orlov option
[  336.614702][T11108] EXT4-fs (loop8): mounted filesystem without journal. Opts: orlov,usrjquota=,,errors=continue. Quota mode: none.
[  336.675190][   T26] audit: type=1800 audit(2000000074.452:22): pid=11108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1544" name="bus" dev="loop8" ino=18 res=0 errno=0
[  336.723213][T11108] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:3887: comm syz.8.1544: Allocating blocks 385-513 which overlap fs metadata
[  336.772895][T11083] IPVS: nq: FWM 3 0x00000003 - no destination available
[  336.788758][T11108] EXT4-fs (loop8): pa ffff888071f8ed20: logic 16, phys. 129, len 24
[  336.797983][T11108] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 8
[  336.885017][ T7259] Trying to write to read-only block-device loop8
[  336.917720][ T7259] Trying to write to read-only block-device loop8
[  336.931642][ T7259] Trying to write to read-only block-device loop8
[  336.951758][ T7259] Trying to write to read-only block-device loop8
[  336.979487][ T7259] Trying to write to read-only block-device loop8
[  337.007824][ T7259] Trying to write to read-only block-device loop8
[  337.030151][ T7259] Trying to write to read-only block-device loop8
[  337.070391][ T7259] Trying to write to read-only block-device loop8
[  337.111708][ T7259] Trying to write to read-only block-device loop8
[  337.130655][ T7259] Trying to write to read-only block-device loop8
[  337.326056][T11154] loop8: detected capacity change from 0 to 1024
[  337.873610][T11157] blk_update_request: I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0
[  337.965359][T11157] EXT4-fs (loop5): unable to read superblock
[  338.967260][   T26] audit: type=1326 audit(2000000076.751:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11181 comm="syz.3.1564" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x0
[  339.512312][T11211] loop5: detected capacity change from 0 to 256
[  341.570783][T11211] FAT-fs (loop5): Directory bread(block 64) failed
[  341.603763][T11211] FAT-fs (loop5): Directory bread(block 65) failed
[  341.631803][T11211] FAT-fs (loop5): Directory bread(block 66) failed
[  341.660005][T11211] FAT-fs (loop5): Directory bread(block 67) failed
[  341.681339][T11211] FAT-fs (loop5): Directory bread(block 68) failed
[  341.738617][T11211] FAT-fs (loop5): Directory bread(block 69) failed
[  341.745779][T11211] FAT-fs (loop5): Directory bread(block 70) failed
[  341.752525][T11211] FAT-fs (loop5): Directory bread(block 71) failed
[  341.781021][T11211] FAT-fs (loop5): Directory bread(block 72) failed
[  341.941393][T11211] FAT-fs (loop5): Directory bread(block 73) failed
[  342.613041][T11240] overlayfs: failed to clone upperpath
[  342.809053][T11248] loop5: detected capacity change from 0 to 1024
[  343.597999][T11248] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  344.754257][T11248] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5854: Out of memory
[  345.025146][T11248] EXT4-fs error (device loop5): ext4_dirty_inode:6058: inode #15: comm syz.5.1574: mark_inode_dirty error
[  345.816743][T11300] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  345.816743][T11300] The task syz.2.1584 (11300) triggered the difference, watch for misbehavior.
[  345.892462][T11301] loop5: detected capacity change from 0 to 1024
[  346.039285][T11304] 8021q: adding VLAN 0 to HW filter on device bond4
[  346.065912][T11301] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  349.183046][T11360] bridge0: port 1(erspan0) entered blocking state
[  349.203035][T11360] bridge0: port 1(erspan0) entered disabled state
[  349.226284][T11360] device erspan0 entered promiscuous mode
[  349.289527][T11360] bridge0: port 1(erspan0) entered blocking state
[  349.296073][T11360] bridge0: port 1(erspan0) entered forwarding state
[  349.431696][T11361] device erspan0 left promiscuous mode
[  349.437868][T11361] bridge0: port 1(erspan0) entered disabled state
[  351.377630][T11399] loop5: detected capacity change from 0 to 8
[  351.887580][T11439] tipc: Can't bind to reserved service type 0
[  352.211123][   T26] audit: type=1800 audit(2000000089.965:24): pid=11399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1608" name="file2" dev="loop5" ino=6 res=0 errno=0
[  352.279252][T11425] loop8: detected capacity change from 0 to 32768
[  353.633030][T11480] x_tables: duplicate underflow at hook 1
[  354.637177][T11502] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1635'.
[  357.164114][ T4226] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  357.567242][ T4226] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.591993][T11558] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1644'.
[  357.777487][ T4226] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  357.794398][ T4226] usb 9-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  357.829474][ T4226] usb 9-1: Product: syz
[  357.833878][ T4226] usb 9-1: SerialNumber: syz
[  359.235705][T11611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1653'.
[  359.263385][T11608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1650'.
[  360.219567][ T4226] cdc_ncm 9-1:1.0: MAC-Address: 42:42:42:42:42:42
[  360.226927][ T4226] cdc_ncm 9-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  360.234407][ T4226] cdc_ncm 9-1:1.0: setting rx_max = 2048
[  360.309222][T11608] bond0: (slave bond_slave_1): Releasing backup interface
[  360.370233][ T4226] cdc_ncm 9-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.8-1, CDC NCM, 42:42:42:42:42:42
[  360.536688][ T4226] usb 9-1: USB disconnect, device number 7
[  360.576384][ T4226] cdc_ncm 9-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.8-1, CDC NCM
[  361.648408][T11645] 8021q: adding VLAN 0 to HW filter on device bond1
[  361.682488][T11644] netlink: 'syz.3.1660': attribute type 10 has an invalid length.
[  361.900755][T11656] IPVS: nq: FWM 3 0x00000003 - no destination available
[  361.946563][T11649] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  361.971230][T11649] bond1: (slave macvlan2): making interface the new active one
[  362.002129][T11649] bond1: (slave macvlan2): Enslaving as an active interface with an up link
[  362.029228][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  362.230085][T11668] netlink: 'syz.3.1663': attribute type 13 has an invalid length.
[  362.504150][T11681] loop8: detected capacity change from 0 to 1024
[  363.089865][ T4523] libceph: connect (1)[c::]:6789 error -101
[  363.096281][ T4523] libceph: mon0 (1)[c::]:6789 connect error
[  363.383942][ T4226] libceph: connect (1)[c::]:6789 error -101
[  363.395244][ T4226] libceph: mon0 (1)[c::]:6789 connect error
[  363.522747][T11706] pit: kvm: requested 137447 ns i8254 timer period limited to 200000 ns
[  363.555911][T11706] pit: kvm: requested 120685 ns i8254 timer period limited to 200000 ns
[  363.586153][T11706] pit: kvm: requested 173485 ns i8254 timer period limited to 200000 ns
[  363.633924][T11706] pit: kvm: requested 78781 ns i8254 timer period limited to 200000 ns
[  363.677563][T11706] pit: kvm: requested 24304 ns i8254 timer period limited to 200000 ns
[  363.697052][T11706] pit: kvm: requested 174323 ns i8254 timer period limited to 200000 ns
[  363.717415][T11706] pit: kvm: requested 25142 ns i8254 timer period limited to 200000 ns
[  363.728736][T11668] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  363.739185][T11706] pit: kvm: requested 101409 ns i8254 timer period limited to 200000 ns
[  363.802734][T11706] pit: kvm: requested 134933 ns i8254 timer period limited to 200000 ns
[  363.813872][T11668] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  363.834815][T11706] pit: kvm: requested 29333 ns i8254 timer period limited to 200000 ns
[  363.955486][ T4523] libceph: connect (1)[c::]:6789 error -101
[  363.970072][ T4523] libceph: mon0 (1)[c::]:6789 connect error
[  364.309596][T11701] ceph: No mds server is up or the cluster is laggy
[  364.362158][T11668] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  364.376174][T11668] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  364.385098][T11668] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  364.398936][T11668] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  367.994577][T11962] chnl_net:caif_netlink_parms(): no params data found
[  368.052457][T11962] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.059699][T11962] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.067755][T11962] device bridge_slave_0 entered promiscuous mode
[  368.076554][T11962] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.083994][T11962] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.092430][T11962] device bridge_slave_1 entered promiscuous mode
[  368.116248][T11962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.128193][T11962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.158935][T11962] team0: Port device team_slave_0 added
[  368.168162][T11962] team0: Port device team_slave_1 added
[  368.230061][T11991] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  368.243912][T11962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.265523][T11962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.532089][T11962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.124598][T12002] 8021q: adding VLAN 0 to HW filter on device bond1
[  369.148099][T11962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.163197][T11962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.277484][T11962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.336071][T12012] device veth0 entered promiscuous mode
[  369.356083][T12010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1686'.
[  369.369796][T12010] device veth0 left promiscuous mode
[  369.577625][T11962] device hsr_slave_0 entered promiscuous mode
[  369.600758][T11962] device hsr_slave_1 entered promiscuous mode
[  369.628215][T11962] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.643825][T11962] Cannot create hsr debugfs directory
[  369.910546][ T7282] Bluetooth: hci5: command 0x0409 tx timeout
[  370.287381][T12049] loop8: detected capacity change from 0 to 4096
[  370.555789][T12049] /dev/loop8: Can't open blockdev
[  371.114729][T12060] bridge0: port 3(erspan0) entered blocking state
[  371.122863][T12060] bridge0: port 3(erspan0) entered disabled state
[  371.168075][T12060] device erspan0 entered promiscuous mode
[  371.245747][ T7282] Bluetooth: hci3: command 0x0406 tx timeout
[  371.264333][T12065] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1700'.
[  371.290178][T12064] device erspan0 left promiscuous mode
[  371.307617][T12064] bridge0: port 3(erspan0) entered disabled state
[  371.397533][T11962] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  371.447607][T11962] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  371.493053][T11962] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  371.550095][T11962] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  371.601036][T12080] VFS: Mount too revealing
[  371.624030][T12080] VFS: Mount too revealing
[  371.628995][T12078] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1705'.
[  371.645013][T12084] overlayfs: failed to clone upperpath
[  371.655582][T12079] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1704'.
[  371.991432][   T21] Bluetooth: hci5: command 0x041b tx timeout
[  372.740046][T11962] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.762820][T12114] bridge0: port 3(erspan0) entered blocking state
[  372.779805][T12114] bridge0: port 3(erspan0) entered disabled state
[  372.790762][T12114] device erspan0 entered promiscuous mode
[  372.798192][T12114] bridge0: port 3(erspan0) entered blocking state
[  372.804709][T12114] bridge0: port 3(erspan0) entered forwarding state
[  372.812734][T12118] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1713'.
[  372.843020][T12115] device erspan0 left promiscuous mode
[  372.848936][T12115] bridge0: port 3(erspan0) entered disabled state
[  372.869578][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  372.912786][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  372.947057][T11962] 8021q: adding VLAN 0 to HW filter on device team0
[  373.015240][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  373.049861][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  373.069226][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.076563][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.123299][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  373.148234][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  373.167499][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  373.203332][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.210493][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.232502][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  373.467677][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  373.552590][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  373.830315][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  374.067889][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  374.111414][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  374.114844][ T6248] Bluetooth: hci5: command 0x040f tx timeout
[  374.137134][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  374.196957][T12146] kvm: emulating exchange as write
[  374.213971][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  374.274443][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  374.294806][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  374.487566][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  374.583136][T11962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  375.994220][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  376.036668][ T9244] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  376.051910][T11962] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.702942][ T7280] Bluetooth: hci5: command 0x0419 tx timeout
[  377.272793][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  377.282581][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  377.310607][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  377.319423][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  377.333422][T11962] device veth0_vlan entered promiscuous mode
[  377.344985][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  377.353393][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  377.371387][T11962] device veth1_vlan entered promiscuous mode
[  377.394648][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  377.403139][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  377.420883][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  377.430111][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  377.442702][T11962] device veth0_macvtap entered promiscuous mode
[  377.458702][T11962] device veth1_macvtap entered promiscuous mode
[  377.485292][T11962] batman_adv: batadv0: Interface activated: batadv_slave_0
[  377.492711][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  377.508178][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  377.521742][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  377.534005][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  377.546702][T11962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.558157][T11962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.568378][T11962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  377.579160][T11962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  377.590156][T11962] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.612537][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  377.621607][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  377.636158][T11962] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.646456][T11962] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.659227][T11962] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.668987][T11962] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.766587][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.789987][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  377.799846][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.818121][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  377.824651][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  377.844016][ T4342] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  379.357811][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  379.371203][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  381.068578][T12277] netlink: 'syz.3.1735': attribute type 6 has an invalid length.
[  381.654822][ T4254] Bluetooth: hci2: command 0x0406 tx timeout
[  381.691431][T12288] loop4: detected capacity change from 0 to 256
[  381.796757][T12288] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  381.941814][T12301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1746'.
[  382.043556][T12301] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1746'.
[  382.405265][T12334] loop8: detected capacity change from 0 to 2048
[  382.471876][T12334] netlink: 182 bytes leftover after parsing attributes in process `syz.8.1757'.
[  382.550637][T12343] 9pnet: Insufficient options for proto=fd
[  382.723252][T12351] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  382.903799][T12364] netlink: 76 bytes leftover after parsing attributes in process `syz.8.1766'.
[  386.449890][T12412] x_tables: ip_tables: osf match: only valid for protocol 6
[  386.688811][ T4242] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  386.753003][T12415] bridge0: port 3(wlan1) entered blocking state
[  387.156332][T12415] bridge0: port 3(wlan1) entered disabled state
[  387.179393][ T4242] usb 9-1: Using ep0 maxpacket: 32
[  387.411329][T12415] device wlan1 entered promiscuous mode
[  387.439937][ T4242] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  387.450165][ T4242] usb 9-1: config 0 has no interfaces?
[  387.455680][ T4242] usb 9-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  387.464779][ T4242] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.478697][ T4242] usb 9-1: config 0 descriptor??
[  387.722892][T12396] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1774'.
[  387.753221][T12396] netlink: 2 bytes leftover after parsing attributes in process `syz.8.1774'.
[  387.845030][ T4226] usb 9-1: USB disconnect, device number 8
[  387.866468][T12446] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.886851][T12446] team0: Port device bond0 added
[  387.907348][T12448] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.921517][T12448] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.434256][T12471] loop8: detected capacity change from 0 to 4096
[  389.595258][T12489] bridge0: port 3(wlan1) entered disabled state
[  389.804431][T12471] loop8: detected capacity change from 0 to 32768
[  389.900408][T12471] /dev/loop8: Can't open blockdev
[  389.948224][T12503] unsupported nlmsg_type 40
[  391.562632][T12521] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1805'.
[  393.321718][T12535] bridge0: port 3(wlan1) entered blocking state
[  393.353165][T12535] bridge0: port 3(wlan1) entered disabled state
[  393.383088][T12535] device wlan1 entered promiscuous mode
[  393.494396][T12547] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1814'.
[  393.540689][T12551] netlink: 'syz.6.1815': attribute type 1 has an invalid length.
[  393.618267][T12556] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  393.660438][T12556] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  393.672310][T12556] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  393.689834][T12562] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1817'.
[  393.748828][T12567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1818'.
[  393.759255][T12567] device hsr_slave_0 left promiscuous mode
[  393.766256][T12567] device hsr_slave_1 left promiscuous mode
[  393.903104][T12578] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1819'.
[  393.954701][T12583] loop4: detected capacity change from 0 to 512
[  394.042091][T12583] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  394.151145][T12583] EXT4-fs (loop4): 1 truncate cleaned up
[  394.158214][T12583] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,debug_want_extra_isize=0x0000000000000068,barrier,jqfmt=vfsold,quota,. Quota mode: writeback.
[  396.976206][T12638] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  397.018481][T12636] binder: BINDER_SET_CONTEXT_MGR already set
[  397.028472][T12636] binder: 12635:12636 ioctl 4018620d 200000000040 returned -16
[  397.104654][T12636] binder: 12635:12636 ioctl c0306201 200000000240 returned -11
[  397.173914][T12642] binder: BINDER_SET_CONTEXT_MGR already set
[  397.198957][T12642] binder: 12640:12642 ioctl 4018620d 200000000040 returned -16
[  397.311245][   T26] audit: type=1804 audit(2000000135.052:25): pid=12647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.1836" name="/newroot/219/bus/bus" dev="overlay" ino=1194 res=1 errno=0
[  397.976781][ T4522] Bluetooth: hci0: command 0x0406 tx timeout
[  398.690719][T12623] device batadv_slave_0 left promiscuous mode
[  398.710344][T12623] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  398.979231][T12623] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  398.991802][T12623] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.001186][T12623] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.010581][T12623] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.249559][T12682] overlayfs: failed to clone upperpath
[  399.428727][T12686] netlink: 'syz.3.1848': attribute type 1 has an invalid length.
[  399.445193][T12686] netlink: 'syz.3.1848': attribute type 1 has an invalid length.
[  400.452433][T12700] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1853'.
[  402.066663][T12750] loop8: detected capacity change from 0 to 4096
[  402.318772][T12773] loop8: detected capacity change from 0 to 736
[  403.180873][T12762] loop4: detected capacity change from 0 to 32768
[  403.680732][T12762] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz.4.1867 (12762)
[  403.874201][T12762] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  403.900804][T12762] BTRFS info (device loop4): enabling auto defrag
[  404.590579][T12762] BTRFS info (device loop4): force clearing of disk cache
[  404.603314][T12762] BTRFS info (device loop4): enabling disk space caching
[  404.691524][T12762] BTRFS info (device loop4): max_inline at 0
[  404.787248][T12762] BTRFS info (device loop4): disk space caching is enabled
[  404.909577][T12762] BTRFS info (device loop4): has skinny extents
[  405.322276][T12762] BTRFS error (device loop4): open_ctree failed: -12
[  409.795348][T12890] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  410.108786][T12910] sock: sock_set_timeout: `syz.6.1902' (pid 12910) tries to set negative timeout
[  410.138758][T12913] netlink: 'syz.2.1901': attribute type 1 has an invalid length.
[  410.459390][   T21] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  412.371619][   T21] usb 5-1: device descriptor read/all, error -71
[  412.680803][T12948] netlink: 'syz.8.1912': attribute type 27 has an invalid length.
[  412.726560][T12948] netlink: 'syz.8.1912': attribute type 4 has an invalid length.
[  413.908225][T12948] netlink: 144 bytes leftover after parsing attributes in process `syz.8.1912'.
[  415.766922][T12991] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  416.342970][T12991] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  420.528827][T13050] team0: Port device team_slave_0 removed
[  420.585685][ T7282] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  420.855998][ T7282] usb 5-1: Using ep0 maxpacket: 8
[  421.246195][ T7282] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  421.284586][ T7282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.303683][ T7282] usb 5-1: Product: syz
[  421.335725][ T7282] usb 5-1: Manufacturer: syz
[  421.357092][ T7282] usb 5-1: SerialNumber: syz
[  421.435218][ T7282] usb 5-1: config 0 descriptor??
[  422.132542][ T7282] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  422.286097][T13074] netlink: 'syz.2.1940': attribute type 1 has an invalid length.
[  422.380136][T13077] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  422.442129][T13077] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  422.489358][T13077] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  423.550776][T13111] sch_tbf: burst 2 is lower than device lo mtu (65550) !
[  423.576843][T13111] sch_tbf: burst 2 is lower than device lo mtu (65550) !
[  423.610319][T13111] sch_tbf: burst 2 is lower than device lo mtu (65550) !
[  423.844275][ T6248] Process accounting resumed
[  424.038113][T13131] batman_adv: batadv0: Adding interface: dummy0
[  424.044464][T13131] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560.
[  424.069171][T13131] batman_adv: batadv0: Interface activated: dummy0
[  424.083991][T13133] batman_adv: batadv0: Adding interface: dummy0
[  424.091779][T13134] sctp: [Deprecated]: syz.2.1952 (pid 13134) Use of struct sctp_assoc_value in delayed_ack socket option.
[  424.091779][T13134] Use struct sctp_sack_info instead
[  424.109251][T13133] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.147710][T13133] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  424.204987][T13131] batadv0: mtu less than device minimum
[  424.237304][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.250570][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.262738][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.274814][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.286868][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.299190][ T7282] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[  424.300512][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.318219][ T7282] usb 5-1: USB disconnect, device number 8
[  424.318957][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.336192][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  424.348274][T13131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  425.404720][   T26] audit: type=1326 audit(2000000163.138:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  425.482634][   T26] audit: type=1326 audit(2000000163.168:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  425.536424][   T26] audit: type=1326 audit(2000000163.168:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  425.565159][   T26] audit: type=1326 audit(2000000163.168:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  425.595769][   T26] audit: type=1326 audit(2000000163.168:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  425.666710][   T26] audit: type=1326 audit(2000000163.168:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa43a0f778e code=0x7ffc0000
[  426.392107][   T26] audit: type=1326 audit(2000000163.168:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa43a0f778e code=0x7ffc0000
[  426.442364][   T26] audit: type=1326 audit(2000000163.168:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  426.509099][   T26] audit: type=1326 audit(2000000163.168:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  426.534023][   T26] audit: type=1326 audit(2000000163.168:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.3.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fa43a136eb9 code=0x7ffc0000
[  426.534793][T13165] overlayfs: failed to clone upperpath
[  430.039289][T13245] Cannot find del_set index 4 as target
[  436.884989][T13346] bond1: (slave ip6gretap2): making interface the new active one
[  436.969761][T13346] bond1: (slave ip6gretap2): Enslaving as an active interface with an up link
[  438.265214][T13375] 9pnet: p9_errstr2errno: server reported unknown error 
[  440.893663][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  440.907916][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  442.665514][T13397] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2019'.
[  444.568140][T13477] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2036'.
[  444.758392][T13479] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  444.767056][T13479] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  444.775567][T13479] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  444.784347][T13479] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  447.083357][T13508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2042'.
[  448.503411][T13544] loop4: detected capacity change from 0 to 16
[  448.533507][T13544] erofs: (device loop4): mounted with root inode @ nid 36.
[  449.869984][T13544] handle_bad_sector: 2014 callbacks suppressed
[  449.870006][T13544] attempt to access beyond end of device
[  449.870006][T13544] loop4: rw=524288, want=48, limit=16
[  450.042047][T13544] attempt to access beyond end of device
[  450.042047][T13544] loop4: rw=524288, want=40, limit=16
[  450.419289][ T4242] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  451.102490][T13580] netlink: 'syz.6.2064': attribute type 1 has an invalid length.
[  451.411808][T13580] 8021q: adding VLAN 0 to HW filter on device bond3
[  451.441714][T13585] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2065'.
[  451.457899][T13582] bond3: (slave gretap1): making interface the new active one
[  451.469054][T13582] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  451.478379][ T4225] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  452.843349][T13603] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  454.393766][   T26] kauditd_printk_skb: 32 callbacks suppressed
[  454.393780][   T26] audit: type=1800 audit(2000000192.120:68): pid=13633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2079" name="bus" dev="ramfs" ino=69555 res=0 errno=0
[  454.419534][    C0] vkms_vblank_simulate: vblank timer overrun
[  455.439648][T13662] bond4: (slave ip6gretap2): making interface the new active one
[  455.497192][T13662] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link
[  460.065635][T13713] bond0: (slave bond_slave_0): Releasing backup interface
[  460.589387][T13713] bond0: (slave bond_slave_1): Releasing backup interface
[  461.278426][T13713] team0: Port device team_slave_0 removed
[  461.391625][T13713] team0: Port device team_slave_1 removed
[  461.413107][T13713] batman_adv: batadv0: Removing interface: batadv_slave_0
[  461.478508][T13713] batman_adv: batadv0: Removing interface: batadv_slave_1
[  461.487807][T13713] bond0: (slave wlan1): Releasing backup interface
[  461.508468][T13713] bond1: (slave gretap1): Releasing active interface
[  461.534091][T13741] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2104'.
[  461.721838][T13741] 8021q: adding VLAN 0 to HW filter on device bond3
[  461.738846][T13734] device macvlan3 entered promiscuous mode
[  461.751574][T13734] device bond3 entered promiscuous mode
[  461.759827][T13734] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  461.808139][T13734] team0: Port device macvlan3 added
[  462.951664][T13776] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.960425][T13776] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.968965][T13776] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.977604][T13776] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  463.021645][T13776] device bond3 left promiscuous mode
[  463.028164][T13776] device macvlan3 left promiscuous mode
[  463.176138][T13785] 8021q: adding VLAN 0 to HW filter on device bond1
[  463.195066][T13788] device macvlan2 entered promiscuous mode
[  463.213910][T13788] device bond1 entered promiscuous mode
[  463.641495][T13788] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  463.978466][T13788] device bond1 left promiscuous mode
[  464.039042][T13786] 8021q: adding VLAN 0 to HW filter on device bond1
[  464.064584][T13786] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  464.084417][T13786] bond1: (slave vxcan3): Error -22 calling dev_set_mtu
[  464.103810][T13794] device bridge_slave_0 left promiscuous mode
[  464.116092][T13794] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.126113][T13813] xt_hashlimit: max too large, truncated to 1048576
[  464.134333][T13794] device bridge_slave_1 left promiscuous mode
[  464.141274][T13813] xt_hashlimit: overflow, try lower: 0/0
[  464.147217][T13794] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.157727][T13794] bond0: (slave bond_slave_0): Releasing backup interface
[  464.173342][T13794] team0: Port device team_slave_1 removed
[  464.179811][T13794] batman_adv: batadv0: Removing interface: batadv_slave_0
[  464.188014][T13794] batman_adv: batadv0: Removing interface: batadv_slave_1
[  464.196738][T13794] bond1: (slave macvlan2): Releasing active interface
[  464.207902][T13794] team0: Port device macvlan3 removed
[  464.334720][   T26] audit: type=1326 audit(2000000202.045:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  464.376670][   T26] audit: type=1326 audit(2000000202.045:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  464.418244][   T26] audit: type=1326 audit(2000000202.045:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  464.446648][   T26] audit: type=1326 audit(2000000202.045:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  464.893487][   T26] audit: type=1326 audit(2000000202.045:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  465.133280][   T26] audit: type=1326 audit(2000000202.045:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  465.208448][   T26] audit: type=1326 audit(2000000202.045:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.2.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f523bf57eb9 code=0x7ffc0000
[  466.445668][T13874] device vlan2 entered promiscuous mode
[  466.484670][T13874] device bond0 entered promiscuous mode
[  467.648898][T13899] loop8: detected capacity change from 0 to 512
[  468.364722][T13907] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2146'.
[  468.464902][T13896] bio_check_ro: 3 callbacks suppressed
[  468.464919][T13896] Trying to write to read-only block-device loop8
[  468.556315][T13896] Trying to write to read-only block-device loop8
[  468.617691][T13896] Trying to write to read-only block-device loop8
[  468.641902][T13896] Trying to write to read-only block-device loop8
[  470.616603][T13955] Malformed UNC in devname
[  470.616603][T13955] 
[  470.623819][T13955] CIFS: VFS: Malformed UNC in devname
[  471.470954][T13964] netlink: 'syz.8.2156': attribute type 10 has an invalid length.
[  471.536259][T13964] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  472.961146][T13993] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  473.079546][T13999] loop4: detected capacity change from 0 to 512
[  473.192190][T13999] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  473.968556][T13999] EXT4-fs (loop4): 1 truncate cleaned up
[  474.005798][T13999] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,auto_da_alloc=0x0000000000000eb0,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,noload,noquota,,errors=continue. Quota mode: none.
[  475.181598][T14035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2173'.
[  475.346658][T13999] EXT4-fs error (device loop4): ext4_xattr_set_entry:1612: inode #18: comm syz.4.2165: corrupted xattr entries
[  477.251911][T14057] overlayfs: failed to clone upperpath
[  477.345220][T14062] device syzkaller0 entered promiscuous mode
[  482.430333][T14163] loop4: detected capacity change from 0 to 64
[  482.559414][T14163] hfs: invalid btree extent records
[  482.565677][T14163] hfs: unable to open extent tree
[  483.640566][T14163] hfs: can't find a HFS filesystem on dev loop4
[  484.126348][T14191] loop8: detected capacity change from 0 to 16
[  484.247744][T14191] /dev/loop8: Can't open blockdev
[  485.532898][T14220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2221'.
[  488.308563][T14291] xt_TCPMSS: Only works on TCP SYN packets
[  490.244535][T14306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2241'.
[  490.255034][T14307] loop4: detected capacity change from 0 to 512
[  490.417464][T14205] syz.8.2217 (14205): drop_caches: 2
[  490.479639][T14319] overlayfs: failed to clone upperpath
[  490.573857][T14306] 8021q: adding VLAN 0 to HW filter on device bond2
[  490.592690][T14312] device macvlan2 entered promiscuous mode
[  490.644282][T14312] device bond2 entered promiscuous mode
[  490.709418][T14307] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  490.735224][T14312] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  490.755356][T14307] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  490.780883][T14312] team0: Port device macvlan2 added
[  491.193515][   T26] audit: type=1326 audit(4147484132.900:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14348 comm="syz.8.2253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65e9f3eb9 code=0x7ffc0000
[  491.216425][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.019332][   T26] audit: type=1326 audit(4147484133.650:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14348 comm="syz.8.2253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb65e9f3eb9 code=0x7ffc0000
[  492.204014][   T26] audit: type=1326 audit(4147484133.650:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14348 comm="syz.8.2253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65e9f3eb9 code=0x7ffc0000
[  493.526970][   T26] audit: type=1326 audit(4147484133.650:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14348 comm="syz.8.2253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb65e9f3eb9 code=0x7ffc0000
[  494.435851][   T13] Bluetooth: hci5: command 0x0406 tx timeout
[  499.930018][T14430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2275'.
[  500.089770][T14434] netlink: 'syz.8.2273': attribute type 16 has an invalid length.
[  500.108229][T14434] netlink: 'syz.8.2273': attribute type 17 has an invalid length.
[  500.134727][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  500.163116][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  500.186420][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  500.209155][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  500.225113][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  500.233157][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  500.241330][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  500.249858][T14434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  500.315333][T14439] 8021q: adding VLAN 0 to HW filter on device bond0
[  500.339678][T14439] bond0: (slave rose0): Enslaving as an active interface with an up link
[  500.440739][ T4225] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  500.957289][T14473] loop4: detected capacity change from 0 to 164
[  501.584515][T14483] loop4: detected capacity change from 0 to 256
[  501.667665][   T27] INFO: task syz-executor:9885 blocked for more than 144 seconds.
[  501.675517][   T27]       Not tainted syzkaller #0
[  501.696883][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  501.715662][   T27] task:syz-executor    state:D stack:21968 pid: 9885 ppid:     1 flags:0x00004004
[  502.145132][   T27] Call Trace:
[  502.165586][   T27]  <TASK>
[  502.175024][   T27]  __schedule+0x11ef/0x43c0
[  502.179832][   T27]  ? verify_lock_unused+0x140/0x140
[  502.185308][   T27]  ? mark_lock+0x94/0x320
[  502.189915][   T27]  ? release_firmware_map_entry+0x190/0x190
[  502.195998][   T27]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  502.202368][   T27]  ? lock_chain_count+0x20/0x20
[  502.207432][   T27]  ? _raw_spin_lock_irq+0xb7/0xf0
[  502.212750][   T27]  schedule+0x11b/0x1e0
[  502.217109][   T27]  io_schedule+0x7c/0xd0
[  502.221592][   T27]  wait_on_page_bit_common+0x83b/0xe50
[  502.227296][   T27]  ? wait_on_page_bit+0x50/0x50
[  502.232258][   T27]  ? rcu_lock_release+0x20/0x20
[  502.237456][   T27]  truncate_inode_pages_range+0xa24/0xfe0
[  502.243311][   T27]  ? invalidate_inode_page+0x360/0x360
[  502.248972][   T27]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  502.255111][   T27]  ? _raw_spin_unlock_irq+0x1f/0x40
[  502.260626][   T27]  ? lockdep_hardirqs_on+0x94/0x140
[  502.265922][   T27]  evict+0x4dc/0x8d0
[  502.269941][   T27]  ? proc_nr_inodes+0x320/0x320
[  502.275071][   T27]  ? do_raw_spin_unlock+0x11d/0x230
[  502.294998][   T27]  evict_inodes+0x60c/0x6a0
[  502.302805][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  502.303237][   T27]  ? __dentry_kill+0x530/0x650
[  502.313881][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  502.314143][   T27]  ? clear_inode+0x150/0x150
[  502.325546][   T27]  generic_shutdown_super+0x93/0x300
[  502.332125][   T27]  kill_block_super+0x7c/0xe0
[  502.337433][   T27]  deactivate_locked_super+0x93/0xf0
[  502.342810][   T27]  cleanup_mnt+0x42d/0x4e0
[  502.351179][   T27]  ? lockdep_hardirqs_on+0x94/0x140
[  502.356987][   T27]  task_work_run+0x125/0x1a0
[  502.361671][   T27]  exit_to_user_mode_loop+0x10f/0x130
[  502.370862][   T27]  exit_to_user_mode_prepare+0xee/0x180
[  502.376575][   T27]  syscall_exit_to_user_mode+0x16/0x40
[  502.382120][   T27]  do_syscall_64+0x58/0xa0
[  502.390549][   T27]  ? clear_bhb_loop+0x30/0x80
[  502.395421][   T27]  ? clear_bhb_loop+0x30/0x80
[  502.402163][   T27]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  502.411966][   T27] RIP: 0033:0x7f41ff4bf117
[  502.416584][   T27] RSP: 002b:00007ffd4423a528 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  502.425739][   T27] RAX: 0000000000000000 RBX: 00007f41ff52771f RCX: 00007f41ff4bf117
[  502.434461][   T27] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd4423a5e0
[  502.442589][   T27] RBP: 00007ffd4423a5e0 R08: 00007ffd4423b5e0 R09: 00000000ffffffff
[  502.450750][   T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd4423b670
[  502.459136][   T27] R13: 00007f41ff52771f R14: 0000000000055cad R15: 00007ffd4423b6b0
[  502.467408][   T27]  </TASK>
[  502.470634][   T27] 
[  502.470634][   T27] Showing all locks held in the system:
[  502.486846][   T27] 1 lock held by khungtaskd/27:
[  502.493890][   T27]  #0: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  502.527137][   T27] 2 locks held by dhcpcd/3851:
[  502.532197][   T27]  #0: ffffffff8d424c48 (vlan_ioctl_mutex){+.+.}-{3:3}, at: sock_ioctl+0x25a/0x710
[  502.542120][   T27]  #1: ffffffff8d43c548 (rtnl_mutex){+.+.}-{3:3}, at: vlan_ioctl_handler+0xef/0x5d0
[  502.544097][T14483] FAT-fs (loop4): Directory bread(block 64) failed
[  502.552275][   T27] 2 locks held by getty/3947:
[  502.583317][T14483] FAT-fs (loop4): Directory bread(block 65) failed
[  502.606725][   T27]  #0: ffff88807e821098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  502.621947][T14483] FAT-fs (loop4): Directory bread(block 66) failed
[  502.633119][T14483] FAT-fs (loop4): Directory bread(block 67) failed
[  502.636645][   T27]  #1: ffffc900021ce2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70
[  502.645713][T14483] FAT-fs (loop4): Directory bread(block 68) failed
[  502.650364][   T27] 3 locks held by kworker/1:9/6248:
[  502.661988][   T27]  #0: ffff88802c091538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x761/0x1010
[  502.662419][T14483] FAT-fs (loop4): Directory bread(block 69) failed
[  502.673244][   T27]  #1: ffffc9000368fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010
[  502.686009][T14483] FAT-fs (loop4): Directory bread(block 70) failed
[  502.692792][   T27]  #2: ffffffff8d43c548 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xca/0x1540
[  502.704692][T14483] FAT-fs (loop4): Directory bread(block 71) failed
[  502.708983][   T27] 2 locks held by kworker/1:13/7276:
[  502.715725][T14483] FAT-fs (loop4): Directory bread(block 72) failed
[  502.725885][   T27]  #0: ffff888016c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x761/0x1010
[  502.726932][T14483] FAT-fs (loop4): Directory bread(block 73) failed
[  502.743528][   T27]  #1: ffffc900042bfd00 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010
[  502.755459][T14483] vfat filesystem being mounted at /82/file0 supports timestamps until 2107-12-31 (0x10391447e)
[  502.755648][   T27] 1 lock held by syz-executor/9885:
[  502.775028][   T27]  #0: ffff88801e2c20e0 (&type->s_umount_key#119){+.+.}-{3:3}, at: deactivate_super+0xa0/0xd0
[  502.884157][   T27] 1 lock held by syz.6.2286/14486:
[  502.890922][   T27]  #0: ffffffff8c323528 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d1/0x750
[  502.903097][   T27] 4 locks held by syz.3.2287/14488:
[  502.908673][   T27]  #0: ffffffff8d498f10 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40
[  502.920060][   T27]  #1: ffffffff8d43c548 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x28/0x540
[  502.930924][   T27]  #2: ffff8880642e8628 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0x11c/0x350
[  502.942301][   T27]  #3: ffffffff8c323528 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a5/0x750
[  502.957182][   T27] 
[  502.959651][   T27] =============================================
[  502.959651][   T27] 
[  502.968904][   T27] NMI backtrace for cpu 0
[  502.973240][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
[  502.980440][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  502.990511][   T27] Call Trace:
[  502.993798][   T27]  <TASK>
[  502.996744][   T27]  dump_stack_lvl+0x188/0x250
[  503.001452][   T27]  ? show_regs_print_info+0x20/0x20
[  503.007747][   T27]  ? load_image+0x400/0x400
[  503.012265][   T27]  ? tick_nohz_tick_stopped+0x7b/0xb0
[  503.017650][   T27]  ? nmi_cpu_backtrace+0x1b2/0x3d0
[  503.022776][   T27]  nmi_cpu_backtrace+0x3a2/0x3d0
[  503.027802][   T27]  ? nmi_trigger_cpumask_backtrace+0x280/0x280
[  503.033981][   T27]  ? _printk+0xda/0x130
[  503.038148][   T27]  ? load_image+0x400/0x400
[  503.042662][   T27]  ? load_image+0x400/0x400
[  503.047349][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  503.053483][   T27]  nmi_trigger_cpumask_backtrace+0x163/0x280
[  503.059574][   T27]  watchdog+0xe0f/0xe50
[  503.063728][   T27]  kthread+0x436/0x520
[  503.067881][   T27]  ? hungtask_pm_notify+0x40/0x40
[  503.072902][   T27]  ? kthread_blkcg+0xd0/0xd0
[  503.077508][   T27]  ret_from_fork+0x1f/0x30
[  503.081941][   T27]  </TASK>
[  503.085035][    C0] vkms_vblank_simulate: vblank timer overrun
[  503.091544][   T27] Sending NMI from CPU 0 to CPUs 1:
[  503.096763][    C1] NMI backtrace for cpu 1
[  503.096774][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[  503.096789][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  503.096796][    C1] RIP: 0010:kasan_check_range+0x1b0/0x290
[  503.096819][    C1] Code: f3 4d 01 f3 49 89 df 49 8d 5f 07 4d 85 ff 49 0f 49 df 48 83 e3 f8 49 29 df 74 0e 41 80 3b 00 75 69 49 ff c3 49 ff cf 75 f2 5b <41> 5c 41 5e 41 5f 5d c3 45 84 ff 0f 85 91 00 00 00 41 f7 c7 00 ff
[  503.096831][    C1] RSP: 0018:ffffc90000dd0718 EFLAGS: 00000056
[  503.096843][    C1] RAX: 0000000000000001 RBX: ffff88813fe70000 RCX: ffffffff815dbb94
[  503.096853][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff901d10d0
[  503.096861][    C1] RBP: 0000000000000000 R08: ffffffff901d10d7 R09: 1ffffffff203a21a
[  503.096869][    C1] R10: dffffc0000000000 R11: fffffbfff203a21b R12: dffffc0000000001
[  503.096878][    C1] R13: dffffc0000000000 R14: 1ffffffff203a21a R15: 0000000000000001
[  503.096887][    C1] FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  503.096899][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  503.096909][    C1] CR2: 00007f7767a0a2f8 CR3: 0000000023366000 CR4: 00000000003506e0
[  503.096922][    C1] Call Trace:
[  503.096927][    C1]  <IRQ>
[  503.096933][    C1]  mark_lock+0x94/0x320
[  503.096948][    C1]  __lock_acquire+0xc20/0x7d10
[  503.096971][    C1]  ? mark_lock+0x94/0x320
[  503.096983][    C1]  ? verify_lock_unused+0x140/0x140
[  503.096999][    C1]  ? __lock_acquire+0x13bc/0x7d10
[  503.097014][    C1]  ? verify_lock_unused+0x140/0x140
[  503.097038][    C1]  lock_acquire+0x19e/0x400
[  503.097053][    C1]  ? enqueue_task+0x26d/0x2b0
[  503.097072][    C1]  ? read_lock_is_recursive+0x10/0x10
[  503.097090][    C1]  ? psi_group_change+0xb40/0x1150
[  503.097106][    C1]  psi_group_change+0x113/0x1150
[  503.097119][    C1]  ? enqueue_task+0x26d/0x2b0
[  503.097137][    C1]  ? psi_task_change+0x1db/0x370
[  503.097150][    C1]  ? enqueue_task+0x26d/0x2b0
[  503.097165][    C1]  enqueue_task+0x26d/0x2b0
[  503.097180][    C1]  ttwu_do_activate+0x1b7/0x370
[  503.097197][    C1]  try_to_wake_up+0x618/0x1050
[  503.097211][    C1]  ? _raw_spin_unlock+0x40/0x40
[  503.097230][    C1]  hrtimer_wakeup+0x4a/0x60
[  503.097248][    C1]  ? __remove_hrtimer+0x3a0/0x3a0
[  503.097262][    C1]  __hrtimer_run_queues+0x4eb/0xb70
[  503.097284][    C1]  ? hrtimer_interrupt+0x8d0/0x8d0
[  503.097300][    C1]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[  503.097317][    C1]  hrtimer_interrupt+0x3bb/0x8d0
[  503.097340][    C1]  __sysvec_apic_timer_interrupt+0x137/0x4a0
[  503.097356][    C1]  sysvec_apic_timer_interrupt+0x9b/0xc0
[  503.097372][    C1]  </IRQ>
[  503.097375][    C1]  <TASK>
[  503.097380][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  503.097394][    C1] RIP: 0010:finish_lock_switch+0x134/0x280
[  503.097409][    C1] Code: be ff ff ff ff e8 4c 80 67 08 85 c0 74 4a 4d 85 ff 75 66 0f 1f 44 00 00 48 89 df e8 b6 eb 70 08 e8 41 e0 2a 00 fb 48 83 c4 08 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 48 89 df e8 c9 09 fe ff 43 80 3c
[  503.097420][    C1] RSP: 0018:ffffc90000d67ac8 EFLAGS: 00000282
[  503.097432][    C1] RAX: 10e44c90151c5600 RBX: ffff8880b913a340 RCX: 10e44c90151c5600
[  503.097442][    C1] RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: ffffffff8a79f780
[  503.097458][    C1] RBP: 1ffff11017227613 R08: ffff8880b913a343 R09: 1ffff11017227468
[  503.097469][    C1] R10: dffffc0000000000 R11: ffffed1017227469 R12: 1ffff110172275c1
[  503.097480][    C1] R13: dffffc0000000000 R14: ffff8880b913ae08 R15: 0000000000000000
[  503.097497][    C1]  finish_task_switch+0x12f/0x640
[  503.097513][    C1]  ? __switch_to_asm+0x34/0x60
[  503.097529][    C1]  __schedule+0x11f7/0x43c0
[  503.097544][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  503.097561][    C1]  ? lock_chain_count+0x20/0x20
[  503.097576][    C1]  ? lock_chain_count+0x20/0x20
[  503.097592][    C1]  ? tick_nohz_idle_exit+0x40e/0x540
[  503.097606][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  503.097622][    C1]  ? release_firmware_map_entry+0x190/0x190
[  503.097635][    C1]  ? flush_smp_call_function_from_idle+0x11a/0x240
[  503.097652][    C1]  ? generic_smp_call_function_single_interrupt+0x10/0x10
[  503.097669][    C1]  ? tick_nohz_restart_sched_tick+0x1f0/0x1f0
[  503.097687][    C1]  schedule_idle+0x4a/0x90
[  503.097700][    C1]  do_idle+0x533/0x580
[  503.097717][    C1]  ? idle_inject_timer_fn+0x60/0x60
[  503.097731][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  503.097745][    C1]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  503.097761][    C1]  ? schedule_idle+0x57/0x90
[  503.097775][    C1]  cpu_startup_entry+0x14/0x20
[  503.097790][    C1]  start_secondary+0x330/0x430
[  503.097808][    C1]  ? arch_scale_freq_tick+0x120/0x120
[  503.097826][    C1]  secondary_startup_64_no_verify+0xb1/0xbb
[  503.097846][    C1]  </TASK>
[  503.101642][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  503.562493][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
[  503.569682][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  503.579812][   T27] Call Trace:
[  503.583412][   T27]  <TASK>
[  503.586339][   T27]  dump_stack_lvl+0x188/0x250
[  503.591009][   T27]  ? show_regs_print_info+0x20/0x20
[  503.596193][   T27]  ? load_image+0x400/0x400
[  503.600710][   T27]  panic+0x2e5/0x810
[  503.604614][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  503.611540][   T27]  ? bpf_jit_dump+0xd0/0xd0
[  503.616062][   T27]  ? __irq_work_queue_local+0x12c/0x190
[  503.621620][   T27]  ? nmi_trigger_cpumask_backtrace+0x260/0x280
[  503.627796][   T27]  watchdog+0xe4e/0xe50
[  503.631945][   T27]  kthread+0x436/0x520
[  503.635998][   T27]  ? hungtask_pm_notify+0x40/0x40
[  503.641029][   T27]  ? kthread_blkcg+0xd0/0xd0
[  503.645607][   T27]  ret_from_fork+0x1f/0x30
[  503.650032][   T27]  </TASK>
[  503.653434][   T27] Kernel Offset: disabled
[  503.657780][   T27] Rebooting in 86400 seconds..