last executing test programs:

1m50.227245627s ago: executing program 4 (id=62):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x800)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1m50.004021607s ago: executing program 4 (id=64):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b", 0x9d}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb", 0x10}], 0x2}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf4648e", 0xe}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x4, 0x19, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @enc_lim={0x4, 0x1, 0xf8}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x9, "e80ee304ecb784ec46"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x1c8, 0x29, 0x36, {0x5e, 0x35, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xe2, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab309f93fd8146e6672c844ca0c43cde3afb3f9b0e9c19b929779fe65f579221b81"}, @calipso={0x7, 0x20, {0x3, 0x6, 0x3, 0x7, [0x0, 0x8000, 0xffffffffffffff04]}}, @generic={0x1}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x368}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m49.499492595s ago: executing program 4 (id=68):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x800)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x884}, 0x2004c000)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_open_dev$hiddev(&(0x7f0000000300), 0xffffffffffffffff, 0x401)
ioctl$HIDIOCGCOLLECTIONINFO(r2, 0xc0104811, &(0x7f0000000580)={0x4, 0x1, 0x1})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0xa8, 0x40, 0x107, 0x70bd2d, 0x25dfdbfb, {0x4, 0x7c}, [@typed={0x4}, @typed={0x90, 0x2b, 0x0, 0x0, @binary="2702817f2c4603d1939cfd361f6b7c5365720e2b996b6361cd643b5494227f2ce5cba495880958eb65d045f75ee5bbccf7dcfdb9c01fb546dc029f6e32ad3bfddb23c12b9d9bf98394be76f88b9df2fbe67772b2f77a89fac636b2c2f9e6e13d6d3a032531c76a9edb589ed2331caae2714a0517d652881ae94042a2b9309eb9ce80e3acac4cbc281477a631"}]}, 0xa8}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1m48.371681044s ago: executing program 4 (id=71):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb}, {@bh}, {@nolazytime}, {@data_err_ignore}, {@usrjquota}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
mknodat$loop(0xffffffffffffff9c, 0x0, 0x800, 0x0) (async)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00') (async)
rmdir(&(0x7f0000000000)='./file0\x00')
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
accept4$bt_l2cap(r0, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r2, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000001d40)=[{&(0x7f0000000c40)="174f0309acc581c27c0835a541d5ace14751a6fb5991e1eabe613766930c5209d76188595688370a8db8878df98ad326d683f46b7b423a4583c043d396d52fafd67bbd19f7e86b03f0890da3e3e1ac30139e27351572c4c42e96f4dec4c0c9d710f16af63cc306aa379bad5c6e7ef0f71776f0abdddb9ba606e921bcb3ac6bbea2ab3a0823b23088bc5e39310f040dacfd595b4675421c0046d89f2840d233d1034173a0fe91900d926e8d3a481c32b4f6079741d13e2ebb782090c8f38a9daebb1dea84e78c216cd7f9f10bf4b35158e3b36df0c4e9e74b585fc66f7b1fe5305f073f6de409973543e731424ab0605f2f4dfd7efe495ea426a69b13b27b7497895984a1502bac0855ad2bb86e88efdd6c976bbd1cc04dc6b4e8d579f1aecdf38461db91d3661703dec17b9a22d66299cacd23fb463dbb3fd7d59674fa4c5ec8b36422965f55ae455ef5051d029fe657b3f6c79a2bbfe60b0d64870d4ca793ebf5054a40157f0c78c3337cb131700670bc7dfa1cfddb8eb2d85b97c56339f45c4ee490d259121cdccf7be5bbc0ab7a375d931c0365c9809756d4491c866161833663e49a310df546ed841572ca40e40faea56bb05216b3390d807f756db218749a1c9a1ee817b9e5e6a00ca98e185cd6f690cc9e9d1567788e572378f11f688d8133c58b727ae51f95787f7f9952b32ed1494ea7e55f21baea3c9edb8b4523bbef158c8c239d4a54faa5996eb1f3f1c06acf8cd273e298e44b5642b8a50369b152a67932f48bed55c1c01d9a0ad6b2a3540e753c16e3054d483baad028fe42b4e5ebe562b6350c3a093f7456dde046258b8bfe19494d19a66809b612ba8deefea6b7007460ad826313420ac8e3f889da3c9b01a3d1f76acbdafb990fbe8479ded245d750a534e61b6b5fe9914f3760cbe0434f0b1593579f9d124e7c90ef5a50b21aad14ecd0cd712164782cfd329175225d99f90df6d123dde263d9329317f501199ba87458c0ead4baddeef35da92fea8ac878fa84bebfce075cbf56fad7fe823198ef50ce9e24d6c888337cfecb65e6dc7a3bce8f7b2cf734a1bf52cc24b77045e94c39756cb4287777e6f7bdfa19c387565dcb5258c3758a6d8cf94fa2adde5454735f944f6fde3c61376bf65c4c65bf973e1bdcd646b5883098b9f00712ab947b5a45ae1949357a7ef580895e7201e36ae4ab14da32e0a55327d25278d07e102c4e45f6566f5394c2259baa6b5b9511751c35ad74364be8bcfb77b0eb0d3c182dd50ae9fa498d5595bce5201d43acf6411e8e6074bdf001d4e4ddae00133002d9af61c3d9b594a230511c77460e477ab5d9d3d2dbdad6a971c4d4911d877a6d9eae79196e95565994954a3904d473fb369983020b99466c804127e8baf8147b5d228a17608d3ab4c31c6ad03135929e35feb8d166f5f820e40f94dd8102c9ca76ac48c3d668b00ca76cff37dcd35ddbf63b62ecaf7934a8ede4980f3294365ea63f7584373f638134fba55526983dabf2f189c70ddec701b55256d383dd802b4b09b801fb6cbe3408c9eb6d1fd85bf93b60b966680485d4550a3aa3454d888d6f8e81f669d4d87914041ac313e39f0ae29f31dedba1c5964c6729045cbd010e4469a7220335f76983c7d22a53401cb25444b9103643843726bdbb28d4032f9258f8539b9a7dfd6558b2c524d38c9e2e1c23fd7a6a42bf4bb5ebdf0b75ecc547ef15865536ee1de07155bc5e6b5a227c1170a6e4e44991f0685219c417d7194a4cdbce6a1e76f830fdd07887b49a3b648772b6e1b6fda08931540cc521e44f3fb221ce86438759704ce2422653a35f62c483a21ae6b34b14e6d900172dddecf8846a9423d784341296e141423f1c1efed6a0c334430647c0408af67c54a8cad69a43bf28ebe4a650343151223969bafa661999342df2a160f45b950f258f1e444575d6251a917bfcbb4dc834bd08d4deeb3be0dabade5f46060e54bc71f137f47e4233804eb9de", 0x589}], 0x1, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}, @ip_retopts={{0x38, 0x0, 0x7, {[@noop, @generic={0x88, 0x10, "66581ddb34253c0556c786172934"}, @timestamp_prespec={0x44, 0x14, 0x67, 0x3, 0x7, [{@dev={0xac, 0x14, 0x14, 0x2f}, 0x2cb5}, {@rand_addr=0x64010102, 0x5e}]}]}}}], 0x58}, 0x4)
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201410127c0de206a0803003ff0010203010902240001000010000904020202f3bff50009050602000202000a0904"], 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201410127c0de206a0803003ff0010203010902240001000010000904020202f3bff50009050602000202000a0904"], 0x0)

1m44.906699675s ago: executing program 4 (id=84):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000001c00)=[{{&(0x7f00000000c0)=@alg, 0x0, &(0x7f0000000640)=[{&(0x7f0000000140)=""/97}, {&(0x7f0000000240)=""/121}, {&(0x7f0000000340)=""/107}, {&(0x7f00000001c0)=""/12}, {&(0x7f00000003c0)=""/124}, {&(0x7f0000001cc0)=""/213}, {&(0x7f0000000580)=""/181}], 0x0, &(0x7f00000009c0)=""/4096}, 0xbac00000}, {{&(0x7f00000006c0), 0x0, &(0x7f00000002c0)=[{&(0x7f0000000740)=""/214}, {&(0x7f0000000840)=""/201}]}, 0x100}, {{&(0x7f00000019c0)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x0, &(0x7f0000000940)=[{&(0x7f0000001a40)=""/207}], 0x0, &(0x7f0000001b40)=""/173}, 0x7a}], 0x400000000000273, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x401, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x8001, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x21, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0xea)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f00000006c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_null}]})
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1m44.2712132s ago: executing program 4 (id=89):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)}, {0x0}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb", 0x10}], 0x3}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf4648e", 0xe}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x4, 0x19, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @enc_lim={0x4, 0x1, 0xf8}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x9, "e80ee304ecb784ec46"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x1c0, 0x29, 0x36, {0x5e, 0x34, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xe2, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab309f93fd8146e6672c844ca0c43cde3afb3f9b0e9c19b929779fe65f579221b81"}, @calipso={0x7, 0x18, {0x3, 0x4, 0x3, 0x7, [0x0, 0xffffffffffffff04]}}, @generic={0x1}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x378}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m43.960650951s ago: executing program 32 (id=89):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)}, {0x0}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb", 0x10}], 0x3}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf4648e", 0xe}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x4, 0x19, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @enc_lim={0x4, 0x1, 0xf8}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x9, "e80ee304ecb784ec46"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x1c0, 0x29, 0x36, {0x5e, 0x34, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xe2, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab309f93fd8146e6672c844ca0c43cde3afb3f9b0e9c19b929779fe65f579221b81"}, @calipso={0x7, 0x18, {0x3, 0x4, 0x3, 0x7, [0x0, 0xffffffffffffff04]}}, @generic={0x1}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x378}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.856658251s ago: executing program 3 (id=689):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r3 = fcntl$getown(r2, 0x9)
syz_pidfd_open(r3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000003a80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x2}, {0x0}, &(0x7f0000003a00)=[{&(0x7f00000016c0)=""/96, 0x60}], 0x1, 0x39, 0x2}}], 0x48, 0x4000000}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'tunl0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x40}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00')
preadv(r9, &(0x7f0000000600)=[{&(0x7f0000000780)=""/219, 0xdb}], 0x1, 0x3b, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x8, '\x00', r7, r9, 0x2, 0x1, 0x2}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
sync()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000003c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@journal_dev={'journal_dev', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nouid32}]}, 0x1, 0x441, &(0x7f00000011c0)="$eJzs28tvG8UfAPDv2kn66zP5VeXRBxAoiIpH0qSl9MAFBBIHkJDgUI4hSatQt0FNkGgVQUCoHFEl7ogjEv8AnOCCgBMSV7ijShXKpYWT0dq7ie3aaZI62RR/PtK2M7tjzXw9O/bMThxAzxpO/0ki9kTE7xExWM82Fxiu/3draWHy76WFySSq1Tf/Smrlbi4tTOZF89ftzjN9EaVPkzjcpt65y1fOT1Qq05ey/Oj8hfdG5y5feXbmwsS56XPTF8dPnz55Yuz5U+PPdSXONK6bhz6cPXLw1bevvT555to7P3+T5PG3xNElw6tdfKJa7XJ1xdrbkE76CmwI61KuD9Por43/wSjHSucNxiufFNo4YFNVq9Xq/Z0vL1aB/7Akim4BUIz8iz5d/+bHFk09toUbL9YXQGnct7KjfqUvSlmZ/pb1bTcNR8SZxX++TI/YnOcQAABNvk/nP8+0m/+VovG50L5sD2UoIv4fEfsj4lREHIiI+yJqZR+IiAfXWX/rJsnt85/S9Q0Ftkbp/O+FbG+ref6Xz/5iqJzl9tbi70/OzlSmj2fvybHo35Hmx1ap44eXf/u807XG+V96pPXnc8GsHdf7djS/ZmpifuJuYm504+OIQ33t4k+WdwKSiDgYEYc2WMfMU18f6XTtzvGvogv7TNWvIp6s9/9itMSfS1bfnxz9X1Smj4/md8Xtfvn16hud6r+r+Lsg7f9dbe//5fiHksb92rn113H1j8/ar2n2bfz+H0jeajr3wcT8/KWxiIHktXqjG8+Pt5QbXymfxn/saPvxvz9W3onDEZHexA9FxMMR8UjWd49GxGMRcXSV+H966fF3O13bDv0/ta7+X0kMROuZ9ony+R+/a6p0aD3xp/1/spY6lp1Zy+ffWtq1sbsZAAAA7j2liNgTSWlkOV0qjYzU/4b/QOwqVWbn5p8+O/v+xan6bwSGor+UP+kabHgeOpYt6/P8eEv+RPbc+Ivyzlp+ZHK2MlV08NDjdncY/6k/y0W3Dth0fq8Fvcv4h95l/EPvMv6hd7UZ/zuLaAew9dp9/39UQDuArdcy/m37QQ+x/ofe1Tj+kwLbAWw93//Qk+Z2xp1/JN8DiYHt0Yx7KBGltRf+Nrvbim6zxNoTBX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMm/AQAA//8iOuPQ")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0)

3.525019883s ago: executing program 5 (id=693):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r1 = socket(0x2b, 0x80801, 0x1)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r3, &(0x7f0000001640), 0xb4, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x1, 0x8, 0x1, 0xff, 0x7}, {0x4, 0x0, 0x3, 0xa159, 0x1000, 0xbebc20}, 0x3, 0x4000000, 0x41e}}]}}]}, 0x58}}, 0x0)

2.850215155s ago: executing program 5 (id=696):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)

2.762962729s ago: executing program 3 (id=698):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x2, 0x7fe2, 0x3, 0x12}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, r3, 0x3141e0b2751b0f9b, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x68c5}, 0x80)
close_range(r0, 0xffffffffffffffff, 0x0)

2.455627399s ago: executing program 2 (id=699):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/rt_cache\x00')
r3 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r3, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r3, 0x4)
close_range(r2, r3, 0x0)

2.376566331s ago: executing program 0 (id=700):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x8}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000010000107f6ffffff000000000a0000000600010014"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2.351053729s ago: executing program 3 (id=701):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00'}, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
sendto$inet6(r1, &(0x7f0000000000)="aa", 0xffe0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

2.207727478s ago: executing program 2 (id=702):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)

2.146376936s ago: executing program 3 (id=703):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r1, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
unlinkat(0xffffffffffffff9c, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000001480)={[0xffffffffffffffff]}, 0x0, 0x8)
r3 = getpgrp(0x0)
r4 = gettid()
rt_tgsigqueueinfo(r3, r4, 0x1d, &(0x7f00000000c0)={0x24, 0x8000006, 0x1})
r5 = syz_io_uring_setup(0xec4, &(0x7f00000003c0)={0x0, 0xffffff7e, 0x2, 0x3, 0x34b}, &(0x7f0000000500), &(0x7f0000000600))
io_uring_enter(r5, 0x4, 0xe876, 0x3, &(0x7f0000000000)={[0x3]}, 0x8)
socket$inet6(0xa, 0x3, 0x8000000003c)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
dup2(r6, r7)
r8 = eventfd2(0x0, 0x0)
io_setup(0x6, &(0x7f0000000140)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x3, r8}])
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b)
ftruncate(r10, 0x403)
r11 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_inet_SIOCSIFFLAGS(r11, 0x8914, &(0x7f0000000140)={'netdevsim0\x00', 0x800})
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2001000}, {{0x18, 0x1, 0x1, 0x0, r12}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f500000000000800000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r13, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x10000, 0x2, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)

1.9525047s ago: executing program 0 (id=704):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000000040), 0x4)

1.833651219s ago: executing program 0 (id=706):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="192c2fbd7000fcdbdf2515000000080014006e666310080001006e9d"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd6)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000100), &(0x7f0000000200)=0x4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff47}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
r7 = dup2(r3, r3)
r8 = openat$cgroup_ro(r7, &(0x7f0000000340)='cpuacct.usage_all\x00', 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0x1218088, &(0x7f00000005c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae356940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c1a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b52a0352a82c794995bbb97c82fcde79d14fb20e5127150de"], 0xa, 0x2c2, &(0x7f00000008c0)="$eJzs3T+LI2UcB/DfZHOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZndk1uyayWXH382n24Xl+33meJxmySZEnH74823+Qx6OnX/wSWZZEbxzjOExiFL1ofBUnjL8JAOD/7LAo4vdiYZ1cEhHZ5pYFAGzQav//+23zp0tZFgCwQffffe/tnd3du+9kkcW92dcHk/KTffl3Mb7zKD6OaTyM12IYRxHV+4T6g3/ZvlcUxbyfl0ZxazY/mJTJ2QfP6uvv/BZR5bdjGKPjWPVuo8q/tXt3u4rng05+Xq7j+Xr+cZm/E8N48Th8In9nkc+7+Zik8eornfXfjmH8/FF8EtN4UC2izX+5nedvFt/+8fn75fLKfDI/mAyqulaxdZnPCwAAAAAAAAAAAAAAAAAAAAAAV9vtvDl8J78Zt2ZlV33+ztZRWtfUJaM2VY4vWknT1TkfqDQv4vvOkYJ5URe25/v046V+92BBAAAAAAAAAAAAAAAAAAAAuL6efPrZ/t50+vDxhTSa0wD6EfHn/Yh/e51xp+dmnF88qOfcm057dfNEzbO02xNbTU0Sce4yyk1c0MPyT43nTq+5afzwY7nBdS6YdXpeX77BG5vfV3N37e8ly+caRNOT1TfJd2lEW5PGinOlZw0Vsc7tly4dGq699/SFqjE/s6Y5B+Os67zx62K87klO7yKtHtWls9+oG534qXtjpec9skX8768VSXVax2BDr0QAAAAAAAAAAAAAAAAAAED77d8lg0/PjfYKXwUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ipof/9/jca8Dq9QnMbjJ//xFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgG/goAAP///CFRHg==")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00')
pivot_root(&(0x7f0000000080)='./file0/../file0\x00', 0x0)
write$binfmt_script(r8, &(0x7f00000004c0), 0x208e24b)
mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xc3\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q\x00'/1189, 0x42, 0x4, 0x0)

1.600793808s ago: executing program 0 (id=707):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000401000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="31832abd70000000000019000000180001801400020065727370616e30"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886)

1.407764406s ago: executing program 0 (id=708):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000e80)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x346}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '('}}, {@obj_user={'obj_user', 0x3d, '\x14\x11p\xbbV\xe7\xd0\xf9\xe5\t\x00\x00\x00\x00\x00\x00\x00\xe4%\xdc\x17\x142]\xbe\x12%M\xcfc\a\xad\xc5\xb7\xf1\x11\r\xdf<g\xd6\xfb\x8d\x12\xec\"ydp\xcd\xd2\xdc\xfa'}}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x588, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2Ts5Nzv3m3u/NOfcmTQAD62j6Ty7i1Yj4JokYWdeWj6zx6Opyy4+vT6W3JFZWPv09iTMbnivJ/h/OKq9ExC9fRZzIbe63trg0W6pUyvNZfaw+d2Wstrh08tJcaaY8U748MTl5+u3Jiffefadnsb55/s/vP7n34emvjy1/9/PDQ7eTOBsHs7Y0rh50cWN95Wjpn6xUiLMbFhzvQWe7SdLvFWBHhrI8L0R6DBiJoSzrgRfflxGxAgyoRP7DgGqOA5pz+x7Ng/83Hn2wOgHaHH9+9dxI7GvMjQ4sJ0/NjNL57mgP+k/7GH1w5/bdB3duR+fzEPu71AG25cbNiDiVz28+/iXZ8W/nTjVOHne2sY9Be/+BfrqXjn+SGxGb8j+3Nv6JFuOf4Ra5uxPd8z/3sAfdtJWO/95vOf5dO3SNDmW1lxpjvkJy8VKlfCoiXo6I41HYm9Y7Xc85vXx/pV1bGv/dbPyX3tL+m2PBbD0e5vc+/ZjpUr30LDGv9+hmxGstx7/J2vZPWmz/9PU4v8U+jpTvvN6urXv8z9fKTxFvtNz+T65oJZ2vT4419oex5l6x2R+3jvzarv9+x59u/wOd4x9N1l+vrW2/jx/3/VVu17bT/X9P8lmjvCe771qpXp8fj9iTfJwf3nj/xJPHNuvN5dP4jx9rnf+d9v908vX5FuO/dfhW20W7xv/3ukn6U25usffO0vint7X9t1+4/9EXP+w4/sb2f6tROp7ds5Xj31ZX8FleOwAAAAAAANhtchFxMJJcca2cyxWLhUbb4TiQq1Rr9RMXqwuXp6PxXdnRKOSaV7pH1n0eYjz7PGyzPrGhPhkRhyLi26H9jXpxqlqZ7nfwAAAAAAAAAAAAAAAAAAAAsEsMt/z+/2rbb0P9XjvguWv8sMHefq8F0A9df/K/F7/0BOxKXfMfeGFtP/+dGYAXhfd/GFzyHwaX/IfBtdX8L4w85xUB/nPe/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqfPnzqW3leXH16fS+vTVxYXZ6tWT0+XabHFuYao4VZ2/UpypVmcq5eJUda7b81Wq1SvjE7FwbaxertXHaotLF+aqC5frFy7NlWbKF8oFf2wYAAAAAAAAAAAAAAAAAAAANqktLs2WKpXyvELbwpno5RMmu++VP5Ot0o4ent8tUSj0tNDHgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBvAAAA///YBDOu")

1.370785127s ago: executing program 2 (id=709):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f00000000c0)='.\x00', 0xa4000061)
read(r2, &(0x7f0000000140)=""/68, 0x44)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)

1.199704799s ago: executing program 5 (id=711):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000b80)=[{0x6}]}, 0x10)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)

1.117669978s ago: executing program 2 (id=712):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0)

1.079229129s ago: executing program 1 (id=713):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18)
msgrcv(0x0, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000)

1.027943074s ago: executing program 5 (id=714):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x597, &(0x7f0000000680)="$eJzs3U9sFGUbAPBndmk/KP2+foTvC8qFJppoopT+AaIhJmI8iBqi4oXgwYaWP+kWaltFOKkXOaDePOhJMJp4ACIJ8UIwMRxMTJBITDzIwZMhaUgUDyYmNdPdbStMoQrtq8zvl8z2nXd3+z4zT5/tzpvdmQBKqzO/qUTcHREjWUTHrPuWROPOzvrjTved3JMvWUxObruSRRYRx/tO7mk+Pmv8XN542tKIeKwzYqj1+nHHDh4a6q/VBkcb6+vGh0fWjR08tHbvcP/uwd2D+3q6+zZsXN/du+Hh27atE3d1bzvz5eM7jg5/feK91l+P5PG2N+6bvR23S2d0Tu+TP8giem73YIlV5vm4/w++c2aBQ2Ge1o48uaPaqPOWiFgVHVFtVP1vbS/81BHfH00dI7BwJrOISaCkMvUPJdV8H5Af/zaXxXrv0btpsUZiLhOb6weAxxtzO6en87+kPjcUS6eODdt+zhpHhnVZc+7oFmzqyn/HyvGB2oUD+RILNA/D39PJH1JHQEqt61NHQEqrn00dASmdP5w6AlL6ZiJ1BKT03LbUEZDS1o2pIyCl96+kjoDPN0dEd9H8X2V6/icK5n/a60+7JQNrIjrjlRWz+8z/LK7m/N/p6+b/ZvJfnWP+79F5jnHm1Nm3i/qPjeX5f2J7c/4vX/Lxm3OBLLyJ1yNWF+Y/m85/VpD/SkQ8M88xjl3YMlrU3z6Q5//It/KfzuQHEfdFcf6bsht/PnPdrr21we76beEYH628d6io/5eWPP9bPpb/dPL6b5sj/zd7/X9xnmNcfuORjqL+i1vz/H+48cb5r1xuzZ6f+mNsfoz41f7x8dGeiNbs6ev7e//sHiiX5j5q7sM8//ffc+P//0Wv/8siYmSeYz54YPu5wliqef7Pf6r+08nzP3CT+i/Kf9732jzHeGv12i+K+tecz/O/6jv5BwAAAAAAAAAAAAAAAAAAAAAAoCwqU+fyzSpd0+1Kpaurfg3v/0VbpbZ/bPyBXftf3jdQP+fvf6Ol0jzTY0d9PcvXe6baM+u916z3RcSKiDhcXTa13rVzf20g9cZDSbVHXDr10s6CK/MDAAAAAAAAAAAAAAAAAACpLL/m+/8/Vuvf/wfuXO0Rly6e++xs3r5aTR0NsJjy+v/k6vBTof6hdNQ/lJf6h/JS/1Be6h/KS/1Deal/KC/1D+Wl/qG81D+U1+z6BwAAAO5s7XNc///fs67d3x0R/4mIr6ot/2pe6x/452qPuPTmQyfeTR0HAAAAAAAAAAAAAAAAAAAwY+zgoaH+Wm1wVENDQ2O6kfqVCQAAAAAAAAAAAAAAAAAAymfmS7+pIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdGau/79wjdTbCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/DW/BwAA//9+oy0z")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, 0x20, 0x9, 0x802, 0x25dfdbff, {0x2}, [@typed={0x8, 0x8, 0x0, 0x0, @ipv4=@local}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x29e13e1f3d647b97)
sendfile(r2, r1, 0x0, 0x3ffff)

1.027307859s ago: executing program 0 (id=715):
r0 = gettid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000004000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pI4   \x00'}, 0x20)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r8 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe})
r9 = dup3(r7, r8, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r9, 0x4004550c, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f00000001c0), &(0x7f00000005c0)=r1}, 0x20)
r10 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')
lseek(r10, 0x289e0cb5, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4)
mq_open(&(0x7f0000000ac0)='eth0\x00\xdd\xad\xff=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9%\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xcfL\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe9XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xa2@\xeb\x18\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4\x80\x00\x00\x00a\xdf\xb5\xd9\xe4\x01\xea|.\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9J\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x9e\xef\x9b\x97\xcb\xc6\x89\xba\x8e\xf2\xfb\xd5\a\xcb\xf6\xf7{\xec\xf0@\xc2\xb2\xbcAQx\xa4\x12\xf8\x9cji\"\xf7\x1a\xbd\xac\xde\xf4\x9b\xd7#\xab\\q\xd6\xdf#>}\x97\xd0U\xe4\x9e+|\xb1MT\xa0\x1bf\v9\xcdx\xab\x83\x87\xd3q3\xbeL\xd2\x1f6\x1ffL\x9eM\x0f?\'\xc3YB0\x80!\xe9Y\xf1:\xeeX\xf7G\x85K\xbb\xbdijaA\x00&\x0e\xb3\x99\xbc9\xee\x8f\aVy!d^\r\xd1\x9b\xd5<y \xff\x05o\xc2\xef\x87~\x9au\x10\xef\x89\xfb\xa2v\a\xd3\x8f\x85\xf6\xef\xc6\x92;cj\xc0\x12m\\Thf`\x1c\xc3I\xc3VY\xcf\b\x03R@\x8eI\xd7\xdf>\x06\xbc$\xc9[\x8e[', 0x1, 0x50, 0x0)

905.887918ms ago: executing program 2 (id=716):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x1b, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

813.67308ms ago: executing program 1 (id=717):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

635.540135ms ago: executing program 1 (id=718):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="192c2fbd7000fcdbdf2515000000080014006e666310080001006e9d"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd6)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000100), &(0x7f0000000200)=0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff47}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

635.165974ms ago: executing program 5 (id=719):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x6}, 0x10)

524.113849ms ago: executing program 3 (id=720):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00'}, 0x10)
mlock2(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)

422.943343ms ago: executing program 1 (id=721):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_trace', 0x400, 0x80)
finit_module(r0, &(0x7f0000000000)='*,%Z-.)-%\x00', 0x0)

266.233399ms ago: executing program 1 (id=722):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0xe84, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x4, 0x1ff, 0x20000000, 0xc, 0x6}, 0x7f, 0x5}, [{0x2a9, 0x6, 0x810, 0x4, 0x5}, {0x4a7, 0x1ff, 0x4, 0x1, 0x7, 0xdd}, {0x9, 0x7, 0x3ff, 0x97, 0xfffffffd, 0x4}, {0x8, 0x0, 0x6, 0x2, 0x7fff, 0x3}, {0x4f9a, 0x5, 0x1, 0x1, 0x2, 0x8}, {0x0, 0x5, 0x1437, 0x1, 0xee57, 0xd}, {0x77d, 0x6, 0x9, 0x6, 0x8, 0x1}, {0x5, 0x6, 0x0, 0x2, 0x1, 0x7fff}, {0x0, 0x3, 0x4235da1, 0x9, 0x7ec9, 0x8}, {0x10000, 0x2, 0x0, 0x1, 0x6, 0x9}, {0xd, 0xffff0001, 0x0, 0x6, 0x81, 0x4}, {0xfffffffc, 0x4, 0xffff, 0x2, 0xffffffff, 0xfffffffa}, {0x5, 0xd29, 0x101, 0x3, 0x7, 0xc}, {0x0, 0xfffffff7, 0x1, 0x72b2, 0xc874, 0x3}, {0x3, 0xf, 0x5, 0x1, 0x1ff, 0x6}, {0x9b9b, 0xffff, 0x6, 0xb, 0xb3d, 0x812}, {0x5, 0x7, 0x2, 0x5, 0x5, 0x4}, {0x6, 0x0, 0x9, 0x2, 0x82, 0x2}, {0xfffffff7, 0x6, 0x2, 0x9, 0xff}, {0x4, 0x1, 0x371, 0x8, 0x0, 0xeac}, {0x9, 0x2, 0xd77, 0x8, 0x113, 0x8d3f}, {0x7, 0xffffffff, 0x4, 0x92a4, 0x9, 0x10}, {0x1a4a13f0, 0x4, 0xe, 0x3, 0xad47, 0xf83b}, {0x1ff, 0x5, 0x7, 0xfff, 0x9}, {0x100, 0x4, 0x200, 0x9, 0x1, 0x9df}, {0x9, 0x1, 0x65, 0x9, 0x7}, {0x401, 0x10001, 0x9, 0x200, 0x9, 0x1}, {0x6, 0x10, 0xf, 0x2, 0x6, 0x3}, {0xf23, 0x3ff, 0x0, 0x9, 0xfffffffc}, {0x80000000, 0x6, 0x0, 0x6, 0x6, 0xd}, {0x0, 0x9, 0xd, 0x8000, 0x3, 0x2}, {0x800, 0x9, 0x6, 0x3, 0x7, 0x8}, {0x7, 0x8, 0x7358, 0x7, 0x8, 0xffffffff}, {0x4d9, 0x45db8bad, 0xb3dd, 0x1, 0xbc, 0x7ff}, {0x7, 0x1, 0x3, 0x3, 0x3, 0x7a}, {0x5a1b, 0x1, 0x1, 0x7ff, 0x3, 0x4}, {0x3, 0x7, 0x4, 0x4, 0x1c716ddc, 0x8}, {0xffffffa5, 0x7, 0x0, 0x10, 0x3, 0x5}, {0x8219, 0x0, 0x1000002, 0x6, 0x3, 0x2}, {0x62, 0xf4, 0x5, 0x4, 0x4, 0x67}, {0x5, 0x4, 0x53, 0x8, 0xc0000000, 0x7}, {0x2, 0x5, 0x2, 0xffff, 0x2, 0x2}, {0x80000001, 0x94c, 0x6, 0xfffffe00, 0x5, 0x7b27}, {0x2, 0x6, 0x1000, 0x9, 0x9}, {0xa, 0x0, 0x9, 0x4, 0xe, 0x9}, {0xdf, 0x7fff, 0x8000, 0x81, 0xff, 0xfffffff8}, {0x2, 0x10000, 0x9, 0x2, 0x2}, {0x2, 0x6, 0x9, 0x1, 0x2, 0x40}, {0xfffffe00, 0x3, 0x74d2, 0x3, 0x80000001, 0x6}, {0x2, 0x8, 0xfffffff7, 0x1, 0x6, 0xa}, {0x8, 0x9, 0x8e, 0x33, 0x10001, 0x22cb}, {0x2, 0x31f5, 0x7, 0x5, 0x7fffffff, 0x1}, {0x9, 0x10001, 0x4, 0x8, 0x7, 0x9}, {0xb, 0x1ff, 0xb, 0x3, 0x5, 0x80000001}, {0x7, 0x80, 0x69b, 0x3, 0x8, 0x339}, {0xee, 0x80000000, 0xfba6, 0x101, 0x5, 0xb}, {0x3, 0x458, 0x6, 0xf, 0x7, 0x8000}, {0x9, 0xfffffffa, 0x1000, 0x8, 0xb, 0xce5a}, {0x400, 0xffff, 0x3, 0xbcbb, 0x7, 0xb}, {0x0, 0x7fffffff, 0x8, 0x8, 0x2, 0x1}, {0x1, 0x0, 0x3, 0x9, 0x0, 0x401}, {0xd, 0x1, 0x2, 0xf, 0x81, 0x5}, {0x6, 0xfff, 0x5, 0x5, 0x4, 0x3649}, {0x7, 0x2, 0x80000000, 0x9, 0x1630, 0x9e73}, {0xb, 0x1b6, 0xc4, 0x7, 0x4, 0xca}, {0x4, 0x5, 0x401, 0x4, 0xfffffff8, 0x40}, {0x8, 0x4594, 0x8, 0x4, 0x0, 0xffff}, {0x100, 0xfffffffb, 0x6, 0x0, 0x9, 0x6}, {0x3, 0xf7b, 0x3, 0x8, 0x6, 0x3}, {0x1, 0x5, 0x3, 0xab9, 0x7, 0x9}, {0xffffffff, 0x0, 0xfc, 0x7, 0x6, 0xc}, {0xf, 0x1, 0xa000000, 0x1, 0x101, 0x1f3}, {0x7ff, 0x9, 0xfffff001, 0x8001, 0x2, 0x2}, {0x4, 0xd9, 0x6, 0x1, 0x9, 0xfffffff8}, {0x3, 0x3, 0x7, 0x9, 0x10, 0x1}, {0x8f000000, 0x100, 0xffffffff, 0x963, 0x2, 0xc}, {0x6, 0x50, 0x6, 0xa, 0x0, 0x3}, {0x649, 0x2, 0x80000001, 0x8, 0x0, 0x1}, {0x8, 0xfff, 0x6, 0x80000001, 0x7fffffff, 0x4}, {0xa3, 0x81, 0x9fcb, 0x1, 0x8, 0x7fff}, {0x0, 0x2, 0x750c, 0x0, 0x1, 0xfffffffc}, {0x7ff, 0x7, 0x10000, 0x9, 0x0, 0x88}, {0x5, 0x10001, 0x7fff, 0x81, 0xfffffff4, 0x7}, {0xfce, 0x80000001, 0x5, 0x4, 0x1ff}, {0x3, 0x3, 0x3ff, 0x7fffffff, 0x9, 0x7}, {0xdac, 0x0, 0x4, 0x80000001, 0x3, 0x8}, {0x7, 0xffffffff, 0x6, 0x8, 0x80000001, 0xa}, {0x2, 0x4, 0x4, 0x401, 0xe32}, {0x5, 0x7, 0x6, 0x8, 0x2, 0x2}, {0x10001, 0x100, 0x3, 0x4, 0x9, 0xfffffffa}, {0x2, 0x0, 0x3, 0x6, 0x800, 0x3}, {0x0, 0x0, 0x3, 0x8, 0x1, 0x3}, {0x3, 0x3, 0xffffffff, 0x3, 0x800, 0xde}, {0x5, 0x66, 0x41d0, 0x8001, 0x1, 0x3}, {0x5, 0x7, 0xfffffffc, 0x4, 0x3, 0x92c}, {0x4, 0xffff, 0x0, 0x101, 0x4, 0x1}, {0x9, 0xf667, 0x5, 0x3, 0x5, 0x4}, {0x1731, 0xa, 0x9960, 0x9, 0x1, 0x7}, {0xd, 0xfffffffa, 0x1, 0x800003, 0x40, 0x2}, {0x1, 0x4, 0x80000000, 0x80000001, 0x2, 0x6}, {0x7, 0x2, 0xffffff3a, 0x4cf, 0x800, 0x6}, {0x8000, 0x6, 0x1, 0x0, 0x100, 0x80000000}, {0x3b, 0x5562334a, 0x2, 0x2, 0x6, 0x81}, {0x4, 0x96, 0x81, 0x0, 0x101, 0xa}, {0x4, 0xff, 0x9, 0x0, 0x81, 0x29}, {0xa, 0x5, 0x0, 0x9, 0xffffffff, 0xfb4}, {0x80000000, 0x2, 0xffff, 0x39b4, 0x1, 0x6}, {0x61, 0x2d, 0x6, 0x1fe4c5d2, 0x1, 0x3}, {0x1, 0xe2, 0x7ff, 0x7ff, 0x7f, 0x29d0}, {0x0, 0x4, 0xc, 0xd594, 0x9, 0x7}, {0x6, 0x0, 0x7, 0x9, 0x7, 0x9}, {0x80e9, 0x7, 0x9, 0x1, 0x1, 0x18000}, {0x400, 0x9, 0x0, 0x6f}, {0x2, 0x1, 0x6, 0x3, 0xfffff71b, 0xce}, {0x1, 0xff, 0xb, 0x4, 0x800, 0x1}, {0x6, 0x2, 0x8, 0xfff, 0x4, 0x7fff}, {0x0, 0x0, 0x7f, 0x401, 0x7, 0x7fff}, {0x7, 0xb, 0x10000, 0x1, 0x8000, 0xfffff830}, {0x2, 0x4, 0x2, 0x1, 0x6, 0x2b4}, {0x3cd2dbce, 0x929a, 0x9dc, 0x0, 0x8, 0xfffffffc}, {0x6, 0x0, 0xe71, 0xc5c3, 0x3, 0x1}, {0x7, 0x2, 0x197a, 0x7, 0x1, 0x8}, {0xff, 0x2c, 0xfffffc01, 0x1, 0x3, 0x100}, {0x0, 0x6, 0x10001, 0xce7, 0xec, 0x1000}, {0xffffffff, 0x6, 0xffffffff, 0x9, 0x2, 0x6}, {0xfa, 0x9, 0xbf1d, 0x9, 0x80, 0x5}, {0x1c91, 0x5f27, 0x1, 0x0, 0x6, 0x6}, {0x37, 0x622, 0x2, 0x1, 0x7, 0x2}], [{0x5}, {0xccffbfc290ab3baa}, {}, {0x2}, {0x2}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x2}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0xed3229170eca159, 0x1}, {0x2, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x7, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x5}, {0x54e1b160e6ec45e8, 0x1}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x4}, {0x5, 0x1}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x2}, {}, {0x2}, {0x5, 0x1}, {0x4}, {0x2}, {0x9baeccaf277094c4, 0x1}, {}, {0x2, 0x1}, {}, {}, {0x8f9fc2e2ef57f2f0}, {0x3, 0x1}, {0x2, 0x1}, {0x2}, {0x3}, {0x3}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x1, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0xe84}, 0x1, 0x0, 0x0, 0x81}, 0x800)

99.48922ms ago: executing program 5 (id=723):
io_setup(0x400, &(0x7f0000000000)=<r0=>0x0)
io_destroy(r0)
io_destroy(r0)

90.44284ms ago: executing program 2 (id=724):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
unshare(0x42000000)

75.811961ms ago: executing program 1 (id=725):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x5e}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4}}, [@tmpl={0x84, 0x5, [{{@in6=@local, 0x0, 0x32}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x1f}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x4, 0x1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in6=@empty, 0x0, 0x5, 0x1}]}]}, 0x13c}}, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x40900, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x5ea3, 0x8, 0x8000, 0x400250}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d"], &(0x7f0000000100)='GPL\x00'}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18)
creat(0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\x00\x00\b\x00')
ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x40044591, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x800000, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff})
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0xd, 0x4, 0x0, 0xfffffffc}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40004}, 0x0)

0s ago: executing program 3 (id=726):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0)

kernel console output (not intermixed with test programs):

dge_slave_0) entered forwarding state
[   91.880116][  T997] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.887306][  T997] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.907986][  T997] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.915196][  T997] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.925696][  T997] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.932851][  T997] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.085380][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.173244][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   92.247810][  T997] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.255005][  T997] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.300004][  T997] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.307209][  T997] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.459909][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.541293][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.579269][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.667728][ T5832] veth0_vlan: entered promiscuous mode
[   92.681416][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.716710][ T5832] veth1_vlan: entered promiscuous mode
[   92.815011][ T5828] veth0_vlan: entered promiscuous mode
[   92.825785][ T5842] veth0_vlan: entered promiscuous mode
[   92.863911][ T5828] veth1_vlan: entered promiscuous mode
[   92.885890][ T5832] veth0_macvtap: entered promiscuous mode
[   92.897631][ T5842] veth1_vlan: entered promiscuous mode
[   92.921650][ T5832] veth1_macvtap: entered promiscuous mode
[   92.941464][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.004809][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.054456][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.070071][ T5828] veth0_macvtap: entered promiscuous mode
[   93.094215][   T79] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.104081][   T79] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.114155][   T79] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.124149][ T5842] veth0_macvtap: entered promiscuous mode
[   93.135281][ T5828] veth1_macvtap: entered promiscuous mode
[   93.143653][   T79] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.163852][ T5842] veth1_macvtap: entered promiscuous mode
[   93.229577][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.237514][ T5837] veth0_vlan: entered promiscuous mode
[   93.250557][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.278852][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.301039][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.321960][ T5837] veth1_vlan: entered promiscuous mode
[   93.350334][ T4111] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.359822][ T4111] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.384387][ T4111] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.393262][ T4111] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.403623][ T5836] veth0_vlan: entered promiscuous mode
[   93.425631][ T4111] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.434724][ T5831] Bluetooth: hci0: command tx timeout
[   93.440812][ T4111] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.458789][ T4111] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.470474][ T3541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.478953][ T3541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.494683][ T4111] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.509125][ T5836] veth1_vlan: entered promiscuous mode
[   93.517567][ T5831] Bluetooth: hci1: command tx timeout
[   93.587476][ T5831] Bluetooth: hci2: command tx timeout
[   93.603515][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.614396][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.648914][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.676167][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.683687][ T5831] Bluetooth: hci4: command tx timeout
[   93.683716][ T5831] Bluetooth: hci3: command tx timeout
[   93.697287][ T5837] veth0_macvtap: entered promiscuous mode
[   93.720138][ T5836] veth0_macvtap: entered promiscuous mode
[   93.756186][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.770756][ T5836] veth1_macvtap: entered promiscuous mode
[   93.780337][ T5837] veth1_macvtap: entered promiscuous mode
[   93.793044][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.809827][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.823752][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.843224][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.869052][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.916967][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.928221][ T4111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.932328][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.936071][ T4111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.952257][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.000144][  T997] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.044841][  T997] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.068881][  T997] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.083690][  T997] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.099535][  T997] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.115477][  T997] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.136738][  T997] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.161942][  T997] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.364413][ T5946] FAULT_INJECTION: forcing a failure.
[   94.364413][ T5946] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   94.404279][  T997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.415990][ T5946] CPU: 1 UID: 0 PID: 5946 Comm: syz.1.7 Not tainted syzkaller #0 PREEMPT(full) 
[   94.416017][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   94.416038][ T5946] Call Trace:
[   94.416047][ T5946]  <TASK>
[   94.416055][ T5946]  dump_stack_lvl+0x189/0x250
[   94.416084][ T5946]  ? __pfx____ratelimit+0x10/0x10
[   94.416108][ T5946]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.416133][ T5946]  ? __pfx__printk+0x10/0x10
[   94.416165][ T5946]  ? __might_fault+0xb0/0x130
[   94.416221][ T5946]  should_fail_ex+0x414/0x560
[   94.416249][ T5946]  _copy_from_user+0x2d/0xb0
[   94.416280][ T5946]  __sys_bpf+0x1e3/0x860
[   94.416315][ T5946]  ? __pfx___sys_bpf+0x10/0x10
[   94.416365][ T5946]  ? ksys_write+0x22a/0x250
[   94.416388][ T5946]  ? __pfx_ksys_write+0x10/0x10
[   94.416414][ T5946]  __x64_sys_bpf+0x7c/0x90
[   94.416441][ T5946]  do_syscall_64+0xfa/0xf80
[   94.416466][ T5946]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.416486][ T5946]  ? clear_bhb_loop+0x60/0xb0
[   94.416511][ T5946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.416530][ T5946] RIP: 0033:0x7f8ecf98f749
[   94.416554][ T5946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.416570][ T5946] RSP: 002b:00007f8ed07f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   94.416591][ T5946] RAX: ffffffffffffffda RBX: 00007f8ecfbe5fa0 RCX: 00007f8ecf98f749
[   94.416606][ T5946] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 000000000000000a
[   94.416619][ T5946] RBP: 00007f8ed07f5090 R08: 0000000000000000 R09: 0000000000000000
[   94.416631][ T5946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.416643][ T5946] R13: 00007f8ecfbe6038 R14: 00007f8ecfbe5fa0 R15: 00007ffdbd70b3e8
[   94.416676][ T5946]  </TASK>
[   94.423633][  T997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.701340][ T5952] loop0: detected capacity change from 0 to 1024
[   94.849759][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.869142][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.875488][ T5952] hfsplus: Unknown parameter 'ns/user'
[   95.179938][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.281879][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   95.676936][ T5839] Bluetooth: hci2: command tx timeout
[   95.682606][ T5831] Bluetooth: hci1: command tx timeout
[   95.688332][ T5841] Bluetooth: hci0: command tx timeout
[   95.755626][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.764163][ T5841] Bluetooth: hci4: command tx timeout
[   95.771568][ T5831] Bluetooth: hci3: command tx timeout
[   95.771572][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.771590][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.800243][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.953013][ T5948] futex_wake_op: syz.2.3 tries to shift op by 144; fix this program
[   96.103802][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.216803][  T130] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   96.247089][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.255402][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.263999][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.272966][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.389272][  T130] usb 1-1: too many configurations: 230, using maximum allowed: 8
[   96.401919][  T130] usb 1-1: unable to read config index 0 descriptor/start: -61
[   96.433817][  T130] usb 1-1: can't read configurations, error -61
[   96.754925][  T130] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   96.896844][ T5936] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   96.985896][  T130] usb 1-1: too many configurations: 230, using maximum allowed: 8
[   97.438323][  T130] usb 1-1: unable to read config index 0 descriptor/start: -61
[   97.450232][  T130] usb 1-1: can't read configurations, error -61
[   97.457518][  T130] usb usb1-port1: attempt power cycle
[   97.576412][ T5936] usb 5-1: Using ep0 maxpacket: 8
[   97.605982][ T5936] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03
[   97.628586][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.652609][ T5936] usb 5-1: Product: syz
[   97.660277][ T5978] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   97.680084][ T5936] usb 5-1: Manufacturer: syz
[   97.689544][ T5936] usb 5-1: SerialNumber: syz
[   97.696751][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.705798][ T5936] usb 5-1: config 0 descriptor??
[   97.740236][ T5936] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[   97.783367][ T5936] dvb-usb: bulk message failed: -22 (2/0)
[   97.814155][ T5936] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   97.824650][  T130] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   97.895289][ T5936] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[   97.913670][  T130] usb 1-1: too many configurations: 230, using maximum allowed: 8
[   97.940211][ T5936] usb 5-1: media controller created
[   97.955831][  T130] usb 1-1: unable to read config index 0 descriptor/start: -61
[   97.974001][  T130] usb 1-1: can't read configurations, error -61
[   98.003469][ T5936] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   98.052783][ T5969] syzkaller0: entered promiscuous mode
[   98.058952][ T5969] syzkaller0: entered allmulticast mode
[   98.069197][ T5969] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[   98.094858][ T5936] dvb-usb: bulk message failed: -22 (1/0)
[   98.121666][ T5936] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[   98.136499][  T130] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   98.182646][  T130] usb 1-1: too many configurations: 230, using maximum allowed: 8
[   98.193637][ T5936] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5
[   98.232447][  T130] usb 1-1: unable to read config index 0 descriptor/start: -61
[   98.246712][  T130] usb 1-1: can't read configurations, error -61
[   98.266984][ T5936] dvb-usb: schedule remote query interval to 50 msecs.
[   98.285340][ T5936] dvb-usb: bulk message failed: -22 (2/0)
[   98.296723][  T130] usb usb1-port1: unable to enumerate USB device
[   98.316388][ T5936] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[   98.338079][ T5886] dvb-usb: bulk message failed: -22 (1/0)
[   98.343897][ T5886] dvb-usb: error while querying for an remote control event.
[   98.383596][ T5936] usb 5-1: USB disconnect, device number 2
[   98.384954][ T5995] loop2: detected capacity change from 0 to 16
[   98.728154][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   98.766365][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!!
[   98.909481][ T5995] erofs (device loop2): mounted with root inode @ nid 36.
[   98.931076][ T5936] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  100.266380][ T6010] futex_wake_op: syz.3.20 tries to shift op by 144; fix this program
[  101.430926][ T6035] 9p: Bad value for 'wfdno'
[  101.488042][ T6041] FAULT_INJECTION: forcing a failure.
[  101.488042][ T6041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.519172][ T6041] CPU: 0 UID: 0 PID: 6041 Comm: syz.2.34 Not tainted syzkaller #0 PREEMPT(full) 
[  101.519197][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  101.519209][ T6041] Call Trace:
[  101.519217][ T6041]  <TASK>
[  101.519225][ T6041]  dump_stack_lvl+0x189/0x250
[  101.519254][ T6041]  ? __pfx____ratelimit+0x10/0x10
[  101.519275][ T6041]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.519296][ T6041]  ? __pfx__printk+0x10/0x10
[  101.519324][ T6041]  ? __might_fault+0xb0/0x130
[  101.519362][ T6041]  should_fail_ex+0x414/0x560
[  101.519389][ T6041]  _copy_from_user+0x2d/0xb0
[  101.519417][ T6041]  ___sys_sendmsg+0x158/0x2a0
[  101.519443][ T6041]  ? __pfx____sys_sendmsg+0x10/0x10
[  101.519482][ T6041]  ? rcu_read_lock_any_held+0xb3/0x120
[  101.519531][ T6041]  ? __fget_files+0x2a/0x420
[  101.519553][ T6041]  ? __fget_files+0x3a0/0x420
[  101.519586][ T6041]  __x64_sys_sendmsg+0x19b/0x260
[  101.519613][ T6041]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  101.519646][ T6041]  ? __pfx_ksys_write+0x10/0x10
[  101.519667][ T6041]  ? do_syscall_64+0xbe/0xf80
[  101.519692][ T6041]  do_syscall_64+0xfa/0xf80
[  101.519715][ T6041]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.519733][ T6041]  ? clear_bhb_loop+0x60/0xb0
[  101.519755][ T6041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.519773][ T6041] RIP: 0033:0x7fbd7798f749
[  101.519789][ T6041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.519805][ T6041] RSP: 002b:00007fbd7885c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.519824][ T6041] RAX: ffffffffffffffda RBX: 00007fbd77be5fa0 RCX: 00007fbd7798f749
[  101.519838][ T6041] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000003
[  101.519849][ T6041] RBP: 00007fbd7885c090 R08: 0000000000000000 R09: 0000000000000000
[  101.519860][ T6041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.519870][ T6041] R13: 00007fbd77be6038 R14: 00007fbd77be5fa0 R15: 00007ffec09770b8
[  101.519900][ T6041]  </TASK>
[  102.061811][ T6035] loop0: detected capacity change from 0 to 32768
[  102.078022][ T6053] loop2: detected capacity change from 0 to 512
[  102.085081][ T6053] =======================================================
[  102.085081][ T6053] WARNING: The mand mount option has been deprecated and
[  102.085081][ T6053]          and is ignored by this kernel. Remove the mand
[  102.085081][ T6053]          option from the mount to silence this warning.
[  102.085081][ T6053] =======================================================
[  102.127870][ T6035] overlayfs: failed lookup in lower (newroot/7, name='file0', err=-40): overlapping layers
[  102.177095][ T6035] overlayfs: failed lookup in lower (newroot/7, name='file0', err=-40): overlapping layers
[  102.216892][ T6053] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.38: bad orphan inode 15
[  102.255314][ T6053] ext4_test_bit(bit=14, block=18) = 1
[  102.260798][ T6053] is_bad_inode(inode)=0
[  102.264975][ T6053] NEXT_ORPHAN(inode)=1023
[  102.270082][ T6053] max_ino=32
[  102.273303][ T6053] i_nlink=0
[  102.290733][ T6053] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2971: inode #15: comm syz.2.38: corrupted xattr block 19: invalid header
[  102.377931][ T6053] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -117)
[  102.414115][ T6053] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  102.456527][ T6053] ext4 filesystem being mounted at /6/�q�Y�3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  103.155016][ T6068] evm: overlay not supported
[  103.393670][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  104.843487][ T6114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.56'.
[  104.987343][ T6116] process 'syz.1.57' launched '/dev/fd/3' with NULL argv: empty string added
[  105.111142][ T6120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.58'.
[  105.885654][ T6090] loop3: detected capacity change from 0 to 32768
[  106.145909][ T6090] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  106.263273][ T6090] XFS (loop3): Ending clean mount
[  106.576560][ T6152] futex_wake_op: syz.0.63 tries to shift op by 144; fix this program
[  106.639377][ T5837] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  108.130878][ T6170] loop4: detected capacity change from 0 to 512
[  108.203640][ T6170] EXT4-fs: Ignoring removed bh option
[  108.234664][ T6170] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  108.323439][ T6170] EXT4-fs (loop4): 1 truncate cleaned up
[  108.366974][ T6170] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.881932][ T6179] loop3: detected capacity change from 0 to 512
[  108.906706][ T6179] EXT4-fs: Ignoring removed mblk_io_submit option
[  108.960716][ T6179] ext4: Unknown parameter 'hash'
[  109.185728][ T6171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.718404][ T6171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.766384][   T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  110.006386][   T24] usb 5-1: Using ep0 maxpacket: 32
[  110.023974][   T24] usb 5-1: config 0 has an invalid interface number: 2 but max is 0
[  110.053157][   T24] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  110.258234][   T24] usb 5-1: config 0 has no interface number 1
[  110.264380][   T24] usb 5-1: config 0 interface 2 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  110.277722][   T24] usb 5-1: config 0 interface 2 has no altsetting 0
[  110.287094][   T24] usb 5-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  110.296434][ T6019] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  110.306290][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.373202][   T24] usb 5-1: Product: syz
[  110.599257][ T6019] usb 3-1: Using ep0 maxpacket: 32
[  110.611525][   T24] usb 5-1: Manufacturer: syz
[  110.839384][   T24] usb 5-1: SerialNumber: syz
[  110.900156][ T6019] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  110.927677][   T24] usb 5-1: config 0 descriptor??
[  110.933021][ T6019] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.974219][ T6019] usb 3-1: config 0 descriptor??
[  111.162095][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  111.203480][   T24] usb 5-1: invalid MIDI in EP 0
[  111.226824][   T24] snd-usb-audio 5-1:0.2: probe with driver snd-usb-audio failed with error -22
[  111.264159][   T24] usb 5-1: USB disconnect, device number 3
[  111.311848][ T6019] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  111.343855][ T6019] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  111.381421][ T6019] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  111.400512][ T5836] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[  111.413125][ T6019] usb 3-1: media controller created
[  111.425516][ T5836] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[  111.437722][  T130] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  111.460145][ T6019] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  111.513188][ T6194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.536881][ T6194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.588690][  T130] usb 1-1: device descriptor read/64, error -71
[  111.683320][ T6019] DVB: Unable to find symbol dib7000p_attach()
[  111.702460][ T6019] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  111.808087][ T6019] rc_core: IR keymap rc-dib0700-rc5 not found
[  111.814948][ T6019] Registered IR keymap rc-empty
[  111.820399][ T6019] dvb-usb: could not initialize remote control.
[  111.831065][ T6019] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  111.856758][  T130] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  111.908493][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.980018][ T6019] usb 3-1: USB disconnect, device number 2
[  111.996628][  T130] usb 1-1: device descriptor read/64, error -71
[  112.042616][ T6044] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.090032][ T6019] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  112.126769][  T130] usb usb1-port1: attempt power cycle
[  112.157013][ T6234] Illegal XDP return value 4294967274 on prog  (id 16) dev syz_tun, expect packet loss!
[  112.206012][ T6044] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.298862][ T6044] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.380745][ T6044] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.486399][  T130] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  112.508242][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  112.517959][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  112.525523][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  112.533644][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  112.541316][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  112.549964][  T130] usb 1-1: device descriptor read/8, error -71
[  112.767338][ T6044] bridge_slave_1: left allmulticast mode
[  112.782233][ T6044] bridge_slave_1: left promiscuous mode
[  112.786973][  T130] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  112.796215][ T5839] Bluetooth: hci4: command 0x0405 tx timeout
[  112.816913][ T6044] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.847028][  T130] usb 1-1: device descriptor read/8, error -71
[  112.859974][ T6251] loop2: detected capacity change from 0 to 512
[  112.870686][ T6251] ext3: Unknown parameter 'permit_directio'
[  112.884613][   T30] audit: type=1326 audit(1764344109.951:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  112.950279][ T6044] bridge_slave_0: left allmulticast mode
[  112.966417][   T30] audit: type=1326 audit(1764344109.981:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  112.988672][  T130] usb usb1-port1: unable to enumerate USB device
[  112.997089][ T6044] bridge_slave_0: left promiscuous mode
[  113.002937][ T6044] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.066460][   T30] audit: type=1326 audit(1764344109.981:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  113.142008][   T30] audit: type=1326 audit(1764344109.981:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  113.237056][   T30] audit: type=1326 audit(1764344109.981:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbd7798f783 code=0x7ffc0000
[  113.329528][   T30] audit: type=1326 audit(1764344110.341:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbd7798e1ff code=0x7ffc0000
[  113.703086][   T30] audit: type=1326 audit(1764344110.771:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fbd7798f7d7 code=0x7ffc0000
[  113.755516][ T6251] loop2: detected capacity change from 0 to 32768
[  113.794805][ T6274] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  113.970156][   T30] audit: type=1326 audit(1764344110.821:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbd7798df90 code=0x7ffc0000
[  114.052367][ T6251] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.94 (6251)
[  114.266885][   T30] audit: type=1326 audit(1764344110.821:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbd7798f34b code=0x7ffc0000
[  114.289412][   T30] audit: type=1326 audit(1764344110.981:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fbd7798e3aa code=0x7ffc0000
[  114.370917][ T6251] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  114.428788][ T6251] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  114.626894][ T5839] Bluetooth: hci2: command tx timeout
[  114.781474][ T6044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  114.783740][ T6251] BTRFS info (device loop2): enabling ssd optimizations
[  114.808600][ T6296] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  114.822815][ T6251] BTRFS info (device loop2): turning on async discard
[  114.909582][ T6251] BTRFS info (device loop2): enabling free space tree
[  114.921542][ T6044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  115.059715][ T6251] program syz.2.94 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  115.069549][ T6044] bond0 (unregistering): Released all slaves
[  115.570485][ T5842] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  115.709498][ T6310] loop0: detected capacity change from 0 to 512
[  115.731535][ T6310] EXT4-fs: Ignoring removed mblk_io_submit option
[  115.771380][ T6310] ext4: Unknown parameter 'hash'
[  116.703325][ T6318] futex_wake_op: syz.1.106 tries to shift op by 144; fix this program
[  116.711682][ T5839] Bluetooth: hci2: command tx timeout
[  117.001966][ T6331] loop2: detected capacity change from 0 to 128
[  117.855065][ T6044] hsr_slave_0: left promiscuous mode
[  117.883427][ T6044] hsr_slave_1: left promiscuous mode
[  117.915653][ T6044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.930096][ T6044] batman_adv: batadv0: Removing interface: batadv_slave_0
[  117.945481][ T6044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.954356][ T6044] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.032684][ T6044] veth1_macvtap: left promiscuous mode
[  118.234203][ T6044] veth0_macvtap: left promiscuous mode
[  118.253257][ T6044] veth1_vlan: left promiscuous mode
[  118.265597][ T6044] veth0_vlan: left promiscuous mode
[  118.786838][ T5839] Bluetooth: hci2: command tx timeout
[  119.121735][ T6382] futex_wake_op: syz.1.118 tries to shift op by 144; fix this program
[  119.277606][ T6044] team0 (unregistering): Port device team_slave_1 removed
[  119.322179][ T6044] team0 (unregistering): Port device team_slave_0 removed
[  119.797827][ T6242] chnl_net:caif_netlink_parms(): no params data found
[  120.435354][ T6242] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.480070][ T6242] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.496554][ T6242] bridge_slave_0: entered allmulticast mode
[  120.519670][ T6242] bridge_slave_0: entered promiscuous mode
[  120.547471][ T6242] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.570690][ T6242] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.580155][ T6403] xt_CT: No such helper "pptp"
[  120.601307][ T6242] bridge_slave_1: entered allmulticast mode
[  120.635387][ T6242] bridge_slave_1: entered promiscuous mode
[  120.839422][ T6411] FAULT_INJECTION: forcing a failure.
[  120.839422][ T6411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.854439][ T6242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.867162][ T5839] Bluetooth: hci2: command tx timeout
[  120.930581][ T6411] CPU: 0 UID: 0 PID: 6411 Comm: syz.1.126 Not tainted syzkaller #0 PREEMPT(full) 
[  120.930608][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  120.930620][ T6411] Call Trace:
[  120.930628][ T6411]  <TASK>
[  120.930636][ T6411]  dump_stack_lvl+0x189/0x250
[  120.930664][ T6411]  ? __pfx____ratelimit+0x10/0x10
[  120.930686][ T6411]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.930708][ T6411]  ? __pfx__printk+0x10/0x10
[  120.930736][ T6411]  ? __might_fault+0xb0/0x130
[  120.930775][ T6411]  should_fail_ex+0x414/0x560
[  120.930802][ T6411]  _copy_from_user+0x2d/0xb0
[  120.930834][ T6411]  ___sys_sendmsg+0x158/0x2a0
[  120.930863][ T6411]  ? __pfx____sys_sendmsg+0x10/0x10
[  120.930894][ T6411]  ? rcu_read_lock_any_held+0xb3/0x120
[  120.930977][ T6411]  ? __fget_files+0x2a/0x420
[  120.931002][ T6411]  ? __fget_files+0x3a0/0x420
[  120.931038][ T6411]  __x64_sys_sendmsg+0x19b/0x260
[  120.931068][ T6411]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  120.931123][ T6411]  ? __pfx_ksys_write+0x10/0x10
[  120.931149][ T6411]  ? do_syscall_64+0xbe/0xf80
[  120.931178][ T6411]  do_syscall_64+0xfa/0xf80
[  120.931203][ T6411]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.931224][ T6411]  ? clear_bhb_loop+0x60/0xb0
[  120.931250][ T6411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.931270][ T6411] RIP: 0033:0x7f8ecf98f749
[  120.931296][ T6411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.931314][ T6411] RSP: 002b:00007f8ed07f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  120.931341][ T6411] RAX: ffffffffffffffda RBX: 00007f8ecfbe5fa0 RCX: 00007f8ecf98f749
[  120.931356][ T6411] RDX: 000000002c0408d0 RSI: 0000200000000400 RDI: 0000000000000003
[  120.931369][ T6411] RBP: 00007f8ed07f5090 R08: 0000000000000000 R09: 0000000000000000
[  120.931382][ T6411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.931394][ T6411] R13: 00007f8ecfbe6038 R14: 00007f8ecfbe5fa0 R15: 00007ffdbd70b3e8
[  120.931427][ T6411]  </TASK>
[  120.932426][ T6242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.338242][ T6416] futex_wake_op: syz.2.125 tries to shift op by 144; fix this program
[  121.487957][ T6242] team0: Port device team_slave_0 added
[  121.510724][ T6242] team0: Port device team_slave_1 added
[  121.593581][ T6242] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.602433][ T6242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.631329][ T6242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.692960][ T6242] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.722241][ T6242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.758554][ T6242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.125536][ T6242] hsr_slave_0: entered promiscuous mode
[  122.144873][ T6242] hsr_slave_1: entered promiscuous mode
[  122.165804][ T6242] debugfs: 'hsr0' already exists in 'hsr'
[  122.195148][ T6242] Cannot create hsr debugfs directory
[  122.455667][ T6449] loop3: detected capacity change from 0 to 512
[  122.484959][ T6449] EXT4-fs: Ignoring removed mblk_io_submit option
[  122.534798][ T6449] ext4: Unknown parameter 'hash'
[  124.110679][ T6242] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  124.175570][ T6242] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  124.222973][ T6242] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  124.273558][ T6242] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  124.563324][ T6503] loop2: detected capacity change from 0 to 512
[  124.612991][ T6503] EXT4-fs: Ignoring removed mblk_io_submit option
[  124.651378][ T6503] ext4: Unknown parameter 'hash'
[  124.880087][ T6242] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.131926][ T6242] 8021q: adding VLAN 0 to HW filter on device team0
[  126.205539][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.212802][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.348679][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.355958][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.276179][ T6242] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.372346][ T6552] loop2: detected capacity change from 0 to 512
[  127.417204][ T6552] EXT4-fs: Ignoring removed mblk_io_submit option
[  127.467406][ T6552] ext4: Unknown parameter 'hash'
[  128.808408][ T6583] loop1: detected capacity change from 0 to 512
[  128.864429][ T6583] __quota_error: 96 callbacks suppressed
[  128.864447][ T6583] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  128.867777][ T6242] veth0_vlan: entered promiscuous mode
[  128.886662][ T6583] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  128.916948][ T6583] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.169: Failed to acquire dquot type 1
[  128.935365][ T6562] loop3: detected capacity change from 0 to 32768
[  128.946964][ T6583] EXT4-fs (loop1): 1 truncate cleaned up
[  128.955289][ T6583] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.963104][ T6242] veth1_vlan: entered promiscuous mode
[  128.977682][ T6562] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.161 (6562)
[  129.007850][ T6583] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.038033][ T6562] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  129.085371][ T6583] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  129.097290][ T6562] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  129.102607][ T6242] veth0_macvtap: entered promiscuous mode
[  129.112812][ T6583] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  129.138201][ T6583] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.169: Failed to acquire dquot type 1
[  129.153895][ T6596] FAULT_INJECTION: forcing a failure.
[  129.153895][ T6596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.179812][ T6596] CPU: 1 UID: 0 PID: 6596 Comm: syz.1.169 Not tainted syzkaller #0 PREEMPT(full) 
[  129.179837][ T6596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  129.179850][ T6596] Call Trace:
[  129.179857][ T6596]  <TASK>
[  129.179865][ T6596]  dump_stack_lvl+0x189/0x250
[  129.179893][ T6596]  ? __pfx____ratelimit+0x10/0x10
[  129.179914][ T6596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.179937][ T6596]  ? __pfx__printk+0x10/0x10
[  129.179964][ T6596]  ? __might_fault+0xb0/0x130
[  129.180005][ T6596]  should_fail_ex+0x414/0x560
[  129.180031][ T6596]  _copy_from_user+0x2d/0xb0
[  129.180060][ T6596]  do_ipv6_setsockopt+0x23e/0x2eb0
[  129.180093][ T6596]  ? get_pid_task+0x20/0x1f0
[  129.180118][ T6596]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  129.180149][ T6596]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  129.180188][ T6596]  ? __lock_acquire+0x6b6/0x2cf0
[  129.180218][ T6596]  ? __pfx___might_resched+0x10/0x10
[  129.180242][ T6596]  ? ksys_write+0x1cb/0x250
[  129.180265][ T6596]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  129.180287][ T6596]  ? aa_sk_perm+0x15f/0x920
[  129.180316][ T6596]  ? aa_sk_perm+0x7ee/0x920
[  129.180348][ T6596]  ? __pfx_aa_sk_perm+0x10/0x10
[  129.180376][ T6596]  ? aa_sock_opt_perm+0xff/0x1a0
[  129.180409][ T6596]  ipv6_setsockopt+0x59/0x170
[  129.180434][ T6596]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  129.180456][ T6596]  do_sock_setsockopt+0x17c/0x1b0
[  129.180484][ T6596]  __x64_sys_setsockopt+0x13f/0x1b0
[  129.180513][ T6596]  do_syscall_64+0xfa/0xf80
[  129.180536][ T6596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.180555][ T6596]  ? clear_bhb_loop+0x60/0xb0
[  129.180578][ T6596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.180597][ T6596] RIP: 0033:0x7f8ecf98f749
[  129.180613][ T6596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.180629][ T6596] RSP: 002b:00007f8ed07d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  129.180650][ T6596] RAX: ffffffffffffffda RBX: 00007f8ecfbe6090 RCX: 00007f8ecf98f749
[  129.180664][ T6596] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006
[  129.180675][ T6596] RBP: 00007f8ed07d4090 R08: 0000000000000468 R09: 0000000000000000
[  129.180686][ T6596] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000001
[  129.180698][ T6596] R13: 00007f8ecfbe6128 R14: 00007f8ecfbe6090 R15: 00007ffdbd70b3e8
[  129.180729][ T6596]  </TASK>
[  129.181619][ T6242] veth1_macvtap: entered promiscuous mode
[  129.514357][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.551790][ T6242] batman_adv: batadv0: Interface activated: batadv_slave_0
[  129.568270][ T6242] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.607304][ T6020] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.618086][ T6020] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.672344][ T6562] BTRFS info (device loop3): enabling ssd optimizations
[  129.673223][ T6020] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.700563][ T6615] loop0: detected capacity change from 0 to 512
[  129.707366][ T6562] BTRFS info (device loop3): turning on async discard
[  129.723797][ T6562] BTRFS info (device loop3): enabling free space tree
[  129.738625][ T6020] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.763932][ T6615] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  129.803694][ T6615] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  129.871883][ T6615] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.173: Failed to acquire dquot type 1
[  129.939566][ T6615] EXT4-fs (loop0): 1 truncate cleaned up
[  129.949880][ T6615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.973252][ T6044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.990771][ T6615] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  130.010036][ T3541] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  130.037384][ T6044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.150237][ T5837] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  130.187932][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.231813][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.240705][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.022412][ T6631] loop1: detected capacity change from 0 to 1024
[  131.175775][ T6631] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  131.209595][ T6631] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  131.221754][ T6631] JBD2: no valid journal superblock found
[  131.252358][ T6631] EXT4-fs (loop1): Could not load journal inode
[  131.686375][   T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  131.866518][   T24] usb 2-1: Using ep0 maxpacket: 8
[  131.922702][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  131.939504][   T24] usb 2-1: config 8 has an invalid interface number: 61 but max is 0
[  131.976416][   T24] usb 2-1: config 8 has no interface number 0
[  131.982566][   T24] usb 2-1: config 8 interface 61 altsetting 8 endpoint 0x8 has invalid wMaxPacketSize 0
[  132.017049][   T24] usb 2-1: config 8 interface 61 has no altsetting 0
[  132.018587][ T6666] FAULT_INJECTION: forcing a failure.
[  132.018587][ T6666] name failslab, interval 1, probability 0, space 0, times 1
[  132.044767][   T24] usb 2-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=e9.1f
[  132.060275][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.074830][ T6666] CPU: 0 UID: 0 PID: 6666 Comm: syz.2.188 Not tainted syzkaller #0 PREEMPT(full) 
[  132.074855][ T6666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  132.074867][ T6666] Call Trace:
[  132.074875][ T6666]  <TASK>
[  132.074883][ T6666]  dump_stack_lvl+0x189/0x250
[  132.074912][ T6666]  ? __pfx____ratelimit+0x10/0x10
[  132.074933][ T6666]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.074956][ T6666]  ? __pfx__printk+0x10/0x10
[  132.074989][ T6666]  ? __pfx___might_resched+0x10/0x10
[  132.075015][ T6666]  should_fail_ex+0x414/0x560
[  132.075042][ T6666]  should_failslab+0xa8/0x100
[  132.075067][ T6666]  __kmalloc_noprof+0xdf/0x800
[  132.075086][ T6666]  ? kfree+0x4d/0x660
[  132.075110][ T6666]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  132.075135][ T6666]  tomoyo_realpath_from_path+0xe3/0x5d0
[  132.075156][ T6666]  ? tomoyo_domain+0xd8/0x130
[  132.075180][ T6666]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  132.075207][ T6666]  tomoyo_path_number_perm+0x1e8/0x5a0
[  132.075236][ T6666]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  132.075279][ T6666]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  132.075322][ T6666]  ? __fget_files+0x2a/0x420
[  132.075352][ T6666]  ? __fget_files+0x3a0/0x420
[  132.075375][ T6666]  ? __fget_files+0x2a/0x420
[  132.075403][ T6666]  security_file_ioctl+0xcb/0x2d0
[  132.075430][ T6666]  __se_sys_ioctl+0x47/0x170
[  132.075451][ T6666]  do_syscall_64+0xfa/0xf80
[  132.075474][ T6666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.075493][ T6666]  ? clear_bhb_loop+0x60/0xb0
[  132.075517][ T6666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.075536][ T6666] RIP: 0033:0x7fbd7798f749
[  132.075553][ T6666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.075569][ T6666] RSP: 002b:00007fbd7885c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  132.075589][ T6666] RAX: ffffffffffffffda RBX: 00007fbd77be5fa0 RCX: 00007fbd7798f749
[  132.075603][ T6666] RDX: 0000200000000340 RSI: 00000000c100565c RDI: 0000000000000003
[  132.075615][ T6666] RBP: 00007fbd7885c090 R08: 0000000000000000 R09: 0000000000000000
[  132.075627][ T6666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.075638][ T6666] R13: 00007fbd77be6038 R14: 00007fbd77be5fa0 R15: 00007ffec09770b8
[  132.075669][ T6666]  </TASK>
[  132.075677][ T6666] ERROR: Out of memory at tomoyo_realpath_from_path.
[  132.114834][   T24] usb 2-1: Product: syz
[  132.422774][   T24] usb 2-1: Manufacturer: syz
[  132.435008][   T24] usb 2-1: SerialNumber: syz
[  132.554849][ T6677] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  132.573594][ T6677] overlayfs: failed to set xattr on upper
[  132.618126][ T6677] overlayfs: ...falling back to redirect_dir=nofollow.
[  132.630483][ T6677] overlayfs: ...falling back to index=off.
[  132.649506][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.660083][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  132.761832][ T6677] overlayfs: maximum fs stacking depth exceeded
[  132.878074][ T6645] loop1: detected capacity change from 0 to 4096
[  132.899907][ T6645] ntfs3: Unknown parameter '00000000000000000000000PO�%F�$�b�O;@�|(�UNu(�|���1�|��@��'j?}I�C��Y��k�7�EΦ��9L�3R-S'�E|�&���!{�� ����Ć�<u��y�_��j�
��؝e?�P��>i�r��Ou-�'
[  132.991339][   T24] bfusb 2-1:8.61: probe with driver bfusb failed with error -5
[  133.036980][   T24] usb 2-1: USB disconnect, device number 2
[  133.305640][ T6698] loop5: detected capacity change from 0 to 256
[  133.347189][ T6698] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  133.394543][ T6698] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  133.635933][ T6706] loop2: detected capacity change from 0 to 4096
[  133.671430][ T6706] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  133.690427][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  133.808580][ T6706] ntfs3(loop2): MFT: r=b, expect seq=0 instead of b!
[  133.886969][   T24] usb 6-1: Using ep0 maxpacket: 32
[  133.895883][   T24] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  133.933025][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  133.994614][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  134.229656][   T24] usb 6-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  134.246342][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.254410][   T24] usb 6-1: Product: syz
[  134.276448][   T24] usb 6-1: Manufacturer: syz
[  134.281089][   T24] usb 6-1: SerialNumber: syz
[  134.303475][   T24] usb 6-1: config 0 descriptor??
[  134.845959][   T24] rndis_host 6-1:0.0: skipping garbage
[  134.866486][   T24] usb 6-1: bad CDC descriptors
[  134.876770][   T24] cdc_acm 6-1:0.0: skipping garbage
[  134.988123][   T24] cdc_acm 6-1:0.0: Control and data interfaces are not separated!
[  134.995992][   T24] cdc_acm 6-1:0.0: This needs exactly 3 endpoints
[  135.003435][   T24] cdc_acm 6-1:0.0: probe with driver cdc_acm failed with error -22
[  135.053826][ T6698] netlink: 27 bytes leftover after parsing attributes in process `syz.5.199'.
[  136.269058][ T6742] loop2: detected capacity change from 0 to 32768
[  136.303900][ T6742] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.360394][ T6742] XFS (loop2): Ending clean mount
[  136.460888][ T5842] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.975410][ T5886] usb 6-1: USB disconnect, device number 2
[  137.055403][ T6772] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  137.133604][ T6772] overlayfs: failed to set xattr on upper
[  137.243218][ T6772] overlayfs: ...falling back to redirect_dir=nofollow.
[  137.335409][ T6772] overlayfs: ...falling back to index=off.
[  137.412977][ T6772] overlayfs: maximum fs stacking depth exceeded
[  138.966984][ T6816] FAULT_INJECTION: forcing a failure.
[  138.966984][ T6816] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.053462][ T6816] CPU: 1 UID: 0 PID: 6816 Comm: syz.0.232 Not tainted syzkaller #0 PREEMPT(full) 
[  139.053488][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.053498][ T6816] Call Trace:
[  139.053506][ T6816]  <TASK>
[  139.053513][ T6816]  dump_stack_lvl+0x189/0x250
[  139.053539][ T6816]  ? __pfx____ratelimit+0x10/0x10
[  139.053559][ T6816]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.053580][ T6816]  ? __pfx__printk+0x10/0x10
[  139.053607][ T6816]  ? __might_fault+0xb0/0x130
[  139.053644][ T6816]  should_fail_ex+0x414/0x560
[  139.053670][ T6816]  _copy_from_user+0x2d/0xb0
[  139.053696][ T6816]  ___sys_sendmsg+0x158/0x2a0
[  139.053723][ T6816]  ? __pfx____sys_sendmsg+0x10/0x10
[  139.053752][ T6816]  ? rcu_read_lock_any_held+0xb3/0x120
[  139.053800][ T6816]  ? __fget_files+0x2a/0x420
[  139.053821][ T6816]  ? __fget_files+0x3a0/0x420
[  139.053852][ T6816]  __x64_sys_sendmsg+0x19b/0x260
[  139.053878][ T6816]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  139.053909][ T6816]  ? __pfx_ksys_write+0x10/0x10
[  139.053931][ T6816]  ? do_syscall_64+0xbe/0xf80
[  139.053955][ T6816]  do_syscall_64+0xfa/0xf80
[  139.053976][ T6816]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.053994][ T6816]  ? clear_bhb_loop+0x60/0xb0
[  139.054013][ T6816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.054028][ T6816] RIP: 0033:0x7fb04e78f749
[  139.054052][ T6816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.054084][ T6816] RSP: 002b:00007fb04f66d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.054103][ T6816] RAX: ffffffffffffffda RBX: 00007fb04e9e5fa0 RCX: 00007fb04e78f749
[  139.054116][ T6816] RDX: 0000000000000000 RSI: 0000200000000d40 RDI: 0000000000000004
[  139.054128][ T6816] RBP: 00007fb04f66d090 R08: 0000000000000000 R09: 0000000000000000
[  139.054140][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.054151][ T6816] R13: 00007fb04e9e6038 R14: 00007fb04e9e5fa0 R15: 00007ffcd718fbc8
[  139.054181][ T6816]  </TASK>
[  139.283138][ T6821] sctp: [Deprecated]: syz.3.233 (pid 6821) Use of struct sctp_assoc_value in delayed_ack socket option.
[  139.283138][ T6821] Use struct sctp_sack_info instead
[  142.521421][ T6902] sctp: [Deprecated]: syz.0.254 (pid 6902) Use of struct sctp_assoc_value in delayed_ack socket option.
[  142.521421][ T6902] Use struct sctp_sack_info instead
[  143.415473][ T6916] futex_wake_op: syz.3.253 tries to shift op by 144; fix this program
[  144.191102][ T6937] input: syz1 as /devices/virtual/input/input7
[  144.627408][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  144.907146][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  145.686991][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  145.802258][ T6955] loop1: detected capacity change from 0 to 4096
[  145.969241][ T6967] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  146.761992][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  146.983543][ T6987] FAULT_INJECTION: forcing a failure.
[  146.983543][ T6987] name failslab, interval 1, probability 0, space 0, times 0
[  147.029387][ T6987] CPU: 1 UID: 0 PID: 6987 Comm: syz.5.276 Not tainted syzkaller #0 PREEMPT(full) 
[  147.029413][ T6987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  147.029425][ T6987] Call Trace:
[  147.029432][ T6987]  <TASK>
[  147.029440][ T6987]  dump_stack_lvl+0x189/0x250
[  147.029467][ T6987]  ? __pfx____ratelimit+0x10/0x10
[  147.029488][ T6987]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.029511][ T6987]  ? __pfx__printk+0x10/0x10
[  147.029544][ T6987]  ? __pfx___might_resched+0x10/0x10
[  147.029571][ T6987]  should_fail_ex+0x414/0x560
[  147.029604][ T6987]  should_failslab+0xa8/0x100
[  147.029630][ T6987]  __kmalloc_noprof+0xdf/0x800
[  147.029648][ T6987]  ? kfree+0x4d/0x660
[  147.029672][ T6987]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  147.029696][ T6987]  tomoyo_realpath_from_path+0xe3/0x5d0
[  147.029715][ T6987]  ? tomoyo_domain+0xd8/0x130
[  147.029739][ T6987]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  147.029764][ T6987]  tomoyo_path_number_perm+0x1e8/0x5a0
[  147.029792][ T6987]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  147.029834][ T6987]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  147.029875][ T6987]  ? __fget_files+0x2a/0x420
[  147.029904][ T6987]  ? __fget_files+0x3a0/0x420
[  147.029927][ T6987]  ? __fget_files+0x2a/0x420
[  147.029955][ T6987]  security_file_ioctl+0xcb/0x2d0
[  147.029981][ T6987]  __se_sys_ioctl+0x47/0x170
[  147.030005][ T6987]  do_syscall_64+0xfa/0xf80
[  147.030030][ T6987]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.030049][ T6987]  ? clear_bhb_loop+0x60/0xb0
[  147.030072][ T6987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.030090][ T6987] RIP: 0033:0x7fe53dd8f749
[  147.030108][ T6987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.030124][ T6987] RSP: 002b:00007fe53bff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  147.030144][ T6987] RAX: ffffffffffffffda RBX: 00007fe53dfe5fa0 RCX: 00007fe53dd8f749
[  147.030158][ T6987] RDX: 0000200000000000 RSI: 00000000c0745645 RDI: 0000000000000003
[  147.030170][ T6987] RBP: 00007fe53bff6090 R08: 0000000000000000 R09: 0000000000000000
[  147.030182][ T6987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.030193][ T6987] R13: 00007fe53dfe6038 R14: 00007fe53dfe5fa0 R15: 00007ffc1374ce98
[  147.030223][ T6987]  </TASK>
[  147.461192][ T6987] ERROR: Out of memory at tomoyo_realpath_from_path.
[  148.096265][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  148.137670][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  148.458948][ T7017] loop1: detected capacity change from 0 to 512
[  148.622771][ T7017] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.691470][ T7017] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.953377][ T7004] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  149.146475][ T7004] usb 2-1: Using ep0 maxpacket: 16
[  149.194659][ T7004] usb 2-1: config 1 has an invalid descriptor of length 36, skipping remainder of the config
[  149.210440][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  149.226709][ T7004] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  149.240597][ T7004] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[  149.254349][ T7004] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping
[  149.281857][ T7004] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  149.296065][ T7004] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.319918][ T7004] usb 2-1: Product: syz
[  149.341657][ T7004] usb 2-1: Manufacturer: syz
[  149.370730][ T7004] usb 2-1: SerialNumber: syz
[  149.495793][ T7044] batadv_slave_1: entered promiscuous mode
[  149.519620][ T7043] batadv_slave_1: left promiscuous mode
[  149.603394][ T7004] usb 2-1: 0:2 : does not exist
[  149.685403][ T7004] usb 2-1: USB disconnect, device number 3
[  150.124863][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.227235][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  150.294761][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.294'.
[  150.348220][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.294'.
[  150.390257][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.294'.
[  150.455336][ T7061] Zero length message leads to an empty skb
[  151.173495][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  151.759102][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  151.895845][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  151.904229][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  152.238462][ T7097] FAULT_INJECTION: forcing a failure.
[  152.238462][ T7097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.272526][ T7097] CPU: 1 UID: 0 PID: 7097 Comm: syz.1.307 Not tainted syzkaller #0 PREEMPT(full) 
[  152.272551][ T7097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  152.272562][ T7097] Call Trace:
[  152.272569][ T7097]  <TASK>
[  152.272577][ T7097]  dump_stack_lvl+0x189/0x250
[  152.272603][ T7097]  ? __pfx____ratelimit+0x10/0x10
[  152.272624][ T7097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.272645][ T7097]  ? __pfx__printk+0x10/0x10
[  152.272671][ T7097]  ? __might_fault+0xb0/0x130
[  152.272725][ T7097]  should_fail_ex+0x414/0x560
[  152.272752][ T7097]  _copy_from_user+0x2d/0xb0
[  152.272780][ T7097]  do_sock_getsockopt+0x15c/0x3d0
[  152.272808][ T7097]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  152.272831][ T7097]  ? do_syscall_64+0x80/0xf80
[  152.272853][ T7097]  ? __fget_files+0x2a/0x420
[  152.272889][ T7097]  ? __fget_files+0x3a0/0x420
[  152.272912][ T7097]  ? __fget_files+0x2a/0x420
[  152.272942][ T7097]  __x64_sys_getsockopt+0x1a5/0x250
[  152.272966][ T7097]  ? do_syscall_64+0x80/0xf80
[  152.272989][ T7097]  ? do_syscall_64+0x80/0xf80
[  152.273015][ T7097]  do_syscall_64+0xfa/0xf80
[  152.273038][ T7097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.273057][ T7097]  ? clear_bhb_loop+0x60/0xb0
[  152.273080][ T7097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.273099][ T7097] RIP: 0033:0x7f8ecf98f749
[  152.273115][ T7097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.273132][ T7097] RSP: 002b:00007f8ed07f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  152.273152][ T7097] RAX: ffffffffffffffda RBX: 00007f8ecfbe5fa0 RCX: 00007f8ecf98f749
[  152.273165][ T7097] RDX: 000000000000004b RSI: 0000000000000001 RDI: 0000000000000003
[  152.273176][ T7097] RBP: 00007f8ed07f5090 R08: 0000200000004b40 R09: 0000000000000000
[  152.273188][ T7097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.273199][ T7097] R13: 00007f8ecfbe6038 R14: 00007f8ecfbe5fa0 R15: 00007ffdbd70b3e8
[  152.273230][ T7097]  </TASK>
[  152.521913][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  152.787172][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  153.798238][ T7129] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  153.806842][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.689981][ T7004] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  155.768761][ T5907] net_ratelimit: 1 callbacks suppressed
[  155.768777][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  156.043303][ T7171] loop3: detected capacity change from 0 to 256
[  156.128865][ T7173] loop2: detected capacity change from 0 to 256
[  156.155625][ T7173] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  156.183651][ T7173] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  156.197154][ T7175] FAULT_INJECTION: forcing a failure.
[  156.197154][ T7175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.213284][ T7171] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  156.246562][ T7171] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  156.258742][ T7175] CPU: 1 UID: 0 PID: 7175 Comm: syz.0.332 Not tainted syzkaller #0 PREEMPT(full) 
[  156.258765][ T7175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  156.258777][ T7175] Call Trace:
[  156.258784][ T7175]  <TASK>
[  156.258792][ T7175]  dump_stack_lvl+0x189/0x250
[  156.258820][ T7175]  ? __pfx____ratelimit+0x10/0x10
[  156.258841][ T7175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.258863][ T7175]  ? __pfx__printk+0x10/0x10
[  156.258901][ T7175]  should_fail_ex+0x414/0x560
[  156.258928][ T7175]  _copy_to_user+0x31/0xb0
[  156.258956][ T7175]  simple_read_from_buffer+0xe1/0x170
[  156.258984][ T7175]  proc_fail_nth_read+0x1b3/0x220
[  156.259007][ T7175]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  156.259030][ T7175]  ? rw_verify_area+0x2a6/0x4d0
[  156.259046][ T7175]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  156.259067][ T7175]  vfs_read+0x200/0xa30
[  156.259083][ T7175]  ? fdget_pos+0x247/0x320
[  156.259111][ T7175]  ? __pfx___mutex_lock+0x10/0x10
[  156.259134][ T7175]  ? __pfx_vfs_read+0x10/0x10
[  156.259154][ T7175]  ? __fget_files+0x2a/0x420
[  156.259181][ T7175]  ? __fget_files+0x3a0/0x420
[  156.259203][ T7175]  ? __fget_files+0x2a/0x420
[  156.259234][ T7175]  ksys_read+0x145/0x250
[  156.259255][ T7175]  ? __pfx_ksys_read+0x10/0x10
[  156.259277][ T7175]  ? do_syscall_64+0xbe/0xf80
[  156.259303][ T7175]  do_syscall_64+0xfa/0xf80
[  156.259333][ T7175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.259351][ T7175]  ? clear_bhb_loop+0x60/0xb0
[  156.259374][ T7175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.259392][ T7175] RIP: 0033:0x7fb04e78e15c
[  156.259410][ T7175] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  156.259425][ T7175] RSP: 002b:00007fb04f66d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  156.259445][ T7175] RAX: ffffffffffffffda RBX: 00007fb04e9e5fa0 RCX: 00007fb04e78e15c
[  156.259459][ T7175] RDX: 000000000000000f RSI: 00007fb04f66d0a0 RDI: 0000000000000004
[  156.259470][ T7175] RBP: 00007fb04f66d090 R08: 0000000000000000 R09: 0000000000000000
[  156.259481][ T7175] R10: 0000200000000740 R11: 0000000000000246 R12: 0000000000000001
[  156.259493][ T7175] R13: 00007fb04e9e6038 R14: 00007fb04e9e5fa0 R15: 00007ffcd718fbc8
[  156.259532][ T7175]  </TASK>
[  156.787292][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  156.827198][ T5827] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  156.951652][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  156.960506][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  156.998055][ T5827] usb 4-1: Using ep0 maxpacket: 32
[  157.005030][ T5827] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  157.014120][ T5827] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.024787][ T5827] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  157.039756][  T795] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  157.046443][ T5839] Bluetooth: hci2: command 0x0405 tx timeout
[  157.047472][ T5908] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  157.067087][ T5827] usb 4-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  157.085575][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.120153][ T7193] futex_wake_op: syz.5.336 tries to shift op by 144; fix this program
[  157.142028][ T5827] usb 4-1: Product: syz
[  157.157643][ T5827] usb 4-1: Manufacturer: syz
[  157.196939][ T5827] usb 4-1: SerialNumber: syz
[  157.205852][ T5827] usb 4-1: config 0 descriptor??
[  157.213943][ T5827] rndis_host 4-1:0.0: skipping garbage
[  157.219582][  T795] usb 3-1: Using ep0 maxpacket: 32
[  157.226093][ T5908] usb 2-1: config index 0 descriptor too short (expected 28771, got 18)
[  157.240005][  T795] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  157.251145][ T5908] usb 2-1: config 99 has too many interfaces: 95, using maximum allowed: 32
[  157.260503][ T5827] usb 4-1: bad CDC descriptors
[  157.265369][  T795] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.276924][ T5827] cdc_acm 4-1:0.0: skipping garbage
[  157.282163][ T5908] usb 2-1: config 99 has an invalid descriptor of length 101, skipping remainder of the config
[  157.293126][ T5827] cdc_acm 4-1:0.0: Control and data interfaces are not separated!
[  157.302608][  T795] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  157.316629][ T5908] usb 2-1: config 99 has 0 interfaces, different from the descriptor's value: 95
[  157.325777][ T5827] cdc_acm 4-1:0.0: This needs exactly 3 endpoints
[  157.332736][ T5827] cdc_acm 4-1:0.0: probe with driver cdc_acm failed with error -22
[  157.345700][  T795] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  157.356909][ T5908] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  157.370520][  T795] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.381463][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.391046][  T795] usb 3-1: Product: syz
[  157.396760][ T5908] usb 2-1: Product: syz
[  157.400967][ T5908] usb 2-1: Manufacturer: syz
[  157.408024][  T795] usb 3-1: Manufacturer: syz
[  157.416487][  T795] usb 3-1: SerialNumber: syz
[  157.422195][ T7171] netlink: 27 bytes leftover after parsing attributes in process `syz.3.330'.
[  157.424120][ T5908] usb 2-1: SerialNumber: syz
[  157.448207][  T795] usb 3-1: config 0 descriptor??
[  157.647518][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  157.690104][  T795] rndis_host 3-1:0.0: skipping garbage
[  157.695602][  T795] usb 3-1: bad CDC descriptors
[  157.813032][ T7197] sctp: [Deprecated]: syz.3.330 (pid 7197) Use of struct sctp_assoc_value in delayed_ack socket option.
[  157.813032][ T7197] Use struct sctp_sack_info instead
[  157.848979][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  157.928410][ T7182] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  158.365106][ T7173] netlink: 27 bytes leftover after parsing attributes in process `syz.2.331'.
[  158.382395][  T795] cdc_acm 3-1:0.0: skipping garbage
[  158.397177][ T5908] usb 2-1: USB disconnect, device number 4
[  158.410952][  T795] cdc_acm 3-1:0.0: Control and data interfaces are not separated!
[  158.437745][  T795] cdc_acm 3-1:0.0: This needs exactly 3 endpoints
[  158.452749][  T795] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  158.797000][ T7203] sctp: [Deprecated]: syz.2.331 (pid 7203) Use of struct sctp_assoc_value in delayed_ack socket option.
[  158.797000][ T7203] Use struct sctp_sack_info instead
[  158.876564][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  159.191375][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  159.471328][ T5926] usb 4-1: USB disconnect, device number 2
[  159.850983][ T7214] sp0: Synchronizing with TNC
[  159.942948][ T7214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'.
[  159.965158][ T7214] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.986614][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.066155][ T7214] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.295420][   T48] usb 3-1: USB disconnect, device number 3
[  160.318716][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.412670][ T7223] futex_wake_op: syz.5.344 tries to shift op by 144; fix this program
[  161.350940][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  162.031782][ T7256] futex_wake_op: syz.3.354 tries to shift op by 144; fix this program
[  162.387829][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  162.829596][ T7277] loop5: detected capacity change from 0 to 256
[  162.843311][ T7277] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  162.867343][ T7277] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  162.908750][ T7277] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  162.989070][ T7277] exFAT-fs (loop5): failed to load alloc-bitmap
[  163.037579][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  163.058952][ T7277] exFAT-fs (loop5): failed to recognize exfat type
[  163.130475][ T7286] netlink: 8 bytes leftover after parsing attributes in process `syz.5.362'.
[  163.131480][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.5.362'.
[  163.189901][ T7287] FAULT_INJECTION: forcing a failure.
[  163.189901][ T7287] name failslab, interval 1, probability 0, space 0, times 0
[  163.212635][ T7287] CPU: 1 UID: 0 PID: 7287 Comm: syz.2.364 Not tainted syzkaller #0 PREEMPT(full) 
[  163.212658][ T7287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  163.212667][ T7287] Call Trace:
[  163.212673][ T7287]  <TASK>
[  163.212679][ T7287]  dump_stack_lvl+0x189/0x250
[  163.212698][ T7287]  ? __pfx____ratelimit+0x10/0x10
[  163.212712][ T7287]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.212728][ T7287]  ? __pfx__printk+0x10/0x10
[  163.212748][ T7287]  ? __pfx___might_resched+0x10/0x10
[  163.212762][ T7287]  ? fs_reclaim_acquire+0x7d/0x100
[  163.212778][ T7287]  should_fail_ex+0x414/0x560
[  163.212795][ T7287]  should_failslab+0xa8/0x100
[  163.212812][ T7287]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  163.212836][ T7287]  ? __alloc_skb+0x255/0x430
[  163.212850][ T7287]  ? napi_skb_cache_get+0x4a5/0x780
[  163.212867][ T7287]  ? napi_skb_cache_get+0x151/0x780
[  163.212884][ T7287]  __alloc_skb+0x255/0x430
[  163.212900][ T7287]  ? __pfx___alloc_skb+0x10/0x10
[  163.212920][ T7287]  alloc_skb_with_frags+0xca/0x890
[  163.212937][ T7287]  ? __lock_acquire+0x6b6/0x2cf0
[  163.212949][ T7287]  ? aa_label_sk_perm+0x4c4/0x610
[  163.212975][ T7287]  sock_alloc_send_pskb+0x84d/0x980
[  163.213004][ T7287]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  163.213024][ T7287]  ? aa_file_perm+0x139/0x1530
[  163.213039][ T7287]  ? aa_file_perm+0x44c/0x1530
[  163.213050][ T7287]  ? aa_sk_perm+0x15f/0x920
[  163.213069][ T7287]  hci_sock_sendmsg+0x1fe/0xf30
[  163.213086][ T7287]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  163.213100][ T7287]  ? __pfx_aa_file_perm+0x10/0x10
[  163.213114][ T7287]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  163.213126][ T7287]  sock_sendmsg_nosec+0x18f/0x1d0
[  163.213148][ T7287]  sock_write_iter+0x2d9/0x3d0
[  163.213169][ T7287]  ? __pfx_sock_write_iter+0x10/0x10
[  163.213194][ T7287]  ? bpf_lsm_file_permission+0x9/0x20
[  163.213207][ T7287]  ? security_file_permission+0x75/0x290
[  163.213228][ T7287]  vfs_write+0x5c9/0xb30
[  163.213244][ T7287]  ? __pfx_sock_write_iter+0x10/0x10
[  163.213263][ T7287]  ? __pfx_vfs_write+0x10/0x10
[  163.213281][ T7287]  ? __fget_files+0x2a/0x420
[  163.213303][ T7287]  ksys_write+0x145/0x250
[  163.213317][ T7287]  ? __pfx_ksys_write+0x10/0x10
[  163.213331][ T7287]  ? do_syscall_64+0xbe/0xf80
[  163.213349][ T7287]  do_syscall_64+0xfa/0xf80
[  163.213364][ T7287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.213376][ T7287]  ? clear_bhb_loop+0x60/0xb0
[  163.213392][ T7287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.213404][ T7287] RIP: 0033:0x7fbd7798f749
[  163.213415][ T7287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.213426][ T7287] RSP: 002b:00007fbd7885c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  163.213440][ T7287] RAX: ffffffffffffffda RBX: 00007fbd77be5fa0 RCX: 00007fbd7798f749
[  163.213449][ T7287] RDX: 000000000000000d RSI: 0000200000000000 RDI: 0000000000000012
[  163.213457][ T7287] RBP: 00007fbd7885c090 R08: 0000000000000000 R09: 0000000000000000
[  163.213465][ T7287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.213472][ T7287] R13: 00007fbd77be6038 R14: 00007fbd77be5fa0 R15: 00007ffec09770b8
[  163.213491][ T7287]  </TASK>
[  163.558500][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  163.602489][ T7286] netlink: 'syz.5.362': attribute type 1 has an invalid length.
[  163.610525][ T7286] netlink: 'syz.5.362': attribute type 2 has an invalid length.
[  163.626369][ T7277] netlink: 'syz.5.362': attribute type 1 has an invalid length.
[  163.634051][ T7277] netlink: 'syz.5.362': attribute type 2 has an invalid length.
[  164.104050][ T7299] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  164.111197][ T7299] overlayfs: failed to set xattr on upper
[  164.117097][ T7299] overlayfs: ...falling back to redirect_dir=nofollow.
[  164.123999][ T7299] overlayfs: ...falling back to index=off.
[  164.129989][ T7299] overlayfs: maximum fs stacking depth exceeded
[  164.627787][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  165.486676][ T7327] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  165.493781][ T7327] overlayfs: failed to set xattr on upper
[  165.499614][ T7327] overlayfs: ...falling back to redirect_dir=nofollow.
[  165.506546][ T7327] overlayfs: ...falling back to index=off.
[  165.512469][ T7327] overlayfs: maximum fs stacking depth exceeded
[  165.903041][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.080581][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.476478][ T7335] loop1: detected capacity change from 0 to 256
[  166.513449][ T7335] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  166.638296][ T7341] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.648038][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.660581][ T7341] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.673983][ T7341] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.682470][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.693607][ T7341] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.701959][ T7341] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  166.746574][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  167.387904][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  167.481116][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  167.950018][ T7335] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  168.316702][ T7353] futex_wake_op: syz.3.381 tries to shift op by 144; fix this program
[  168.556375][ T5887] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  170.200739][ T5887] usb 2-1: device not accepting address 5, error -71
[  170.850326][ T7384] loop2: detected capacity change from 0 to 256
[  171.158032][ T7390] loop1: detected capacity change from 0 to 64
[  171.377019][ T7390] Trying to free block not in datazone
[  171.682279][ T5894] net_ratelimit: 422 callbacks suppressed
[  171.682297][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  172.037475][ T7423] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  172.045791][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  172.721303][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.508002][ T7441] futex_wake_op: syz.0.404 tries to shift op by 144; fix this program
[  173.526033][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.746614][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.882419][ T7451] futex_wake_op: syz.5.408 tries to shift op by 144; fix this program
[  174.342872][ T7458] loop1: detected capacity change from 0 to 256
[  174.400501][ T7458] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  174.465575][ T7458] netlink: 12 bytes leftover after parsing attributes in process `syz.1.412'.
[  174.727410][ T7469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.416'.
[  174.787540][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  175.846998][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  176.479691][ T7465] loop3: detected capacity change from 0 to 32768
[  176.531846][ T7465] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.415 (7465)
[  176.548862][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  176.622923][ T7465] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  176.654389][ T7465] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  176.867232][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  176.910456][ T7465] BTRFS info (device loop3): rebuilding free space tree
[  177.016826][ T7465] BTRFS info (device loop3): enabling ssd optimizations
[  177.026387][ T7465] BTRFS info (device loop3): using spread ssd allocation scheme
[  177.056388][ T7465] BTRFS info (device loop3): turning on async discard
[  177.063214][ T7465] BTRFS info (device loop3): enabling free space tree
[  177.076511][ T7523] loop1: detected capacity change from 0 to 256
[  177.090340][ T7465] BTRFS info (device loop3): force clearing of disk cache
[  177.116959][ T7523] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  177.161730][ T7464] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  177.178874][ T7523] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  177.423322][ T5837] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  177.436566][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.466418][  T795] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  177.495433][ T7531] mmap: syz.2.431 (7531) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  177.590737][ T7531] loop2: detected capacity change from 0 to 1024
[  177.636360][  T795] usb 2-1: Using ep0 maxpacket: 32
[  177.646491][  T795] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  177.692210][  T795] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  177.757949][  T795] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  177.866741][  T795] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  177.908850][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.946833][  T795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.011034][ T5974] hfsplus: b-tree write err: -5, ino 4
[  178.064919][  T795] usb 2-1: Product: syz
[  178.140824][  T795] usb 2-1: Manufacturer: syz
[  178.217445][  T795] usb 2-1: SerialNumber: syz
[  178.442542][ T7543] nvme_fabrics: missing parameter 'transport=%s'
[  178.449099][ T7543] nvme_fabrics: missing parameter 'nqn=%s'
[  178.558408][  T795] usb 2-1: config 0 descriptor??
[  178.587435][  T795] rndis_host 2-1:0.0: skipping garbage
[  178.593002][  T795] usb 2-1: bad CDC descriptors
[  178.694597][  T795] cdc_acm 2-1:0.0: skipping garbage
[  178.717352][  T795] cdc_acm 2-1:0.0: Control and data interfaces are not separated!
[  178.725209][  T795] cdc_acm 2-1:0.0: This needs exactly 3 endpoints
[  178.778246][  T795] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  178.796883][ T7523] netlink: 27 bytes leftover after parsing attributes in process `syz.1.428'.
[  178.958140][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  179.238127][ T7569] sctp: [Deprecated]: syz.1.428 (pid 7569) Use of struct sctp_assoc_value in delayed_ack socket option.
[  179.238127][ T7569] Use struct sctp_sack_info instead
[  179.595559][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  179.990158][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.110621][   T30] audit: type=1326 audit(1764344178.151:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  181.187558][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.429577][ T6019] usb 2-1: USB disconnect, device number 7
[  181.479728][   T30] audit: type=1326 audit(1764344178.161:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  181.603384][   T30] audit: type=1326 audit(1764344178.161:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90ad78df90 code=0x7ffc0000
[  181.664654][   T30] audit: type=1326 audit(1764344178.161:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90ad78df90 code=0x7ffc0000
[  181.687425][   T30] audit: type=1326 audit(1764344178.161:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  181.717116][   T30] audit: type=1326 audit(1764344178.161:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  181.801841][   T30] audit: type=1326 audit(1764344178.161:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  182.236638][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  182.296382][   T30] audit: type=1326 audit(1764344178.161:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  182.397005][   T30] audit: type=1326 audit(1764344178.161:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  182.534632][   T30] audit: type=1326 audit(1764344178.161:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7593 comm="syz.3.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  182.642042][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  183.262082][ T7644] __vm_enough_memory: pid: 7644, comm: syz.0.462, bytes: 4115879641088 not enough memory for the allocation
[  183.287216][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  184.093509][ T7659] loop0: detected capacity change from 0 to 32768
[  184.137957][ T7659] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.466 (7659)
[  184.222714][ T7659] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  184.258444][ T7659] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  184.326929][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  184.514106][ T7659] BTRFS info (device loop0): enabling ssd optimizations
[  184.564057][ T7659] BTRFS info (device loop0): turning on async discard
[  184.591418][ T7659] BTRFS info (device loop0): enabling free space tree
[  184.765694][ T5832] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  185.952372][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  186.270822][ T5936] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  186.618321][ T7734] FAULT_INJECTION: forcing a failure.
[  186.618321][ T7734] name failslab, interval 1, probability 0, space 0, times 0
[  186.634226][ T7734] CPU: 0 UID: 0 PID: 7734 Comm: syz.1.484 Not tainted syzkaller #0 PREEMPT(full) 
[  186.634251][ T7734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  186.634262][ T7734] Call Trace:
[  186.634270][ T7734]  <TASK>
[  186.634278][ T7734]  dump_stack_lvl+0x189/0x250
[  186.634304][ T7734]  ? __pfx____ratelimit+0x10/0x10
[  186.634324][ T7734]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.634345][ T7734]  ? __pfx__printk+0x10/0x10
[  186.634373][ T7734]  ? __pfx___might_resched+0x10/0x10
[  186.634393][ T7734]  ? fs_reclaim_acquire+0x7d/0x100
[  186.634417][ T7734]  should_fail_ex+0x414/0x560
[  186.634442][ T7734]  should_failslab+0xa8/0x100
[  186.634465][ T7734]  kmem_cache_alloc_lru_noprof+0x8d/0x6e0
[  186.634494][ T7734]  ? sock_alloc_inode+0x28/0xc0
[  186.634521][ T7734]  ? rcu_read_lock_any_held+0xb3/0x120
[  186.634547][ T7734]  ? __pfx_sock_alloc_inode+0x10/0x10
[  186.634573][ T7734]  sock_alloc_inode+0x28/0xc0
[  186.634599][ T7734]  alloc_inode+0x6a/0x1b0
[  186.634621][ T7734]  do_accept+0x114/0x7f0
[  186.634648][ T7734]  ? __pfx_do_accept+0x10/0x10
[  186.634687][ T7734]  __sys_accept4+0x127/0x210
[  186.634708][ T7734]  ? __pfx___sys_accept4+0x10/0x10
[  186.634725][ T7734]  ? ksys_write+0x22a/0x250
[  186.634745][ T7734]  ? __pfx_ksys_write+0x10/0x10
[  186.634768][ T7734]  __x64_sys_accept4+0x9a/0xb0
[  186.634789][ T7734]  do_syscall_64+0xfa/0xf80
[  186.634811][ T7734]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.634829][ T7734]  ? clear_bhb_loop+0x60/0xb0
[  186.634850][ T7734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.634868][ T7734] RIP: 0033:0x7f8ecf98f749
[  186.634883][ T7734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.634898][ T7734] RSP: 002b:00007f8ed07f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  186.634917][ T7734] RAX: ffffffffffffffda RBX: 00007f8ecfbe5fa0 RCX: 00007f8ecf98f749
[  186.634930][ T7734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  186.634940][ T7734] RBP: 00007f8ed07f5090 R08: 0000000000000000 R09: 0000000000000000
[  186.634951][ T7734] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  186.634961][ T7734] R13: 00007f8ecfbe6038 R14: 00007f8ecfbe5fa0 R15: 00007ffdbd70b3e8
[  186.634990][ T7734]  </TASK>
[  187.031472][  T795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  187.041583][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  187.050024][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  187.090255][ T7742] loop2: detected capacity change from 0 to 1024
[  187.154786][ T7742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.206433][ T5936] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  187.252432][ T7753] loop3: detected capacity change from 0 to 128
[  187.265549][ T7753] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  187.282316][ T7753] hpfs: filesystem error: improperly stopped
[  187.288911][ T7753] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  187.299586][ T7753] hpfs: You really don't want any checks? You are crazy...
[  187.307389][ T7753] hpfs: hpfs_map_sector(): read error
[  187.312950][ T7753] hpfs: code page support is disabled
[  187.320263][ T7753] hpfs: hpfs_map_4sectors(): unaligned read
[  187.329998][ T7742] netlink: 24 bytes leftover after parsing attributes in process `syz.2.487'.
[  187.344740][ T7753] hpfs: hpfs_map_4sectors(): unaligned read
[  187.351933][ T7731] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  187.360440][ T5936] usb 1-1: Using ep0 maxpacket: 16
[  187.377625][ T5936] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  187.396166][ T7753] hpfs: filesystem error: unable to find root dir
[  187.402770][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.418388][ T7753] FAULT_INJECTION: forcing a failure.
[  187.418388][ T7753] name failslab, interval 1, probability 0, space 0, times 0
[  187.440280][ T5936] usb 1-1: Product: syz
[  187.461287][ T5936] usb 1-1: Manufacturer: syz
[  187.466149][ T5936] usb 1-1: SerialNumber: syz
[  187.478761][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.488130][ T7753] CPU: 1 UID: 0 PID: 7753 Comm: syz.3.492 Not tainted syzkaller #0 PREEMPT(full) 
[  187.488152][ T7753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  187.488163][ T7753] Call Trace:
[  187.488171][ T7753]  <TASK>
[  187.488178][ T7753]  dump_stack_lvl+0x189/0x250
[  187.488205][ T7753]  ? __pfx____ratelimit+0x10/0x10
[  187.488225][ T7753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.488247][ T7753]  ? __pfx__printk+0x10/0x10
[  187.488277][ T7753]  ? __pfx___might_resched+0x10/0x10
[  187.488297][ T7753]  ? fs_reclaim_acquire+0x7d/0x100
[  187.488321][ T7753]  should_fail_ex+0x414/0x560
[  187.488346][ T7753]  should_failslab+0xa8/0x100
[  187.488370][ T7753]  kmem_cache_alloc_noprof+0x88/0x710
[  187.488398][ T7753]  ? getname_flags+0xb8/0x540
[  187.488423][ T7753]  getname_flags+0xb8/0x540
[  187.488449][ T7753]  __x64_sys_mkdirat+0x7a/0xa0
[  187.488469][ T7753]  do_syscall_64+0xfa/0xf80
[  187.488492][ T7753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.488509][ T7753]  ? clear_bhb_loop+0x60/0xb0
[  187.488531][ T7753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.488548][ T7753] RIP: 0033:0x7f90ad78f749
[  187.488564][ T7753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.488579][ T7753] RSP: 002b:00007f90ae61e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  187.488598][ T7753] RAX: ffffffffffffffda RBX: 00007f90ad9e5fa0 RCX: 00007f90ad78f749
[  187.488611][ T7753] RDX: 0000000000000000 RSI: 0000200000000200 RDI: ffffffffffffff9c
[  187.488623][ T7753] RBP: 00007f90ae61e090 R08: 0000000000000000 R09: 0000000000000000
[  187.488633][ T7753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.488643][ T7753] R13: 00007f90ad9e6038 R14: 00007f90ad9e5fa0 R15: 00007ffc55c3ce68
[  187.488680][ T7753]  </TASK>
[  187.697510][ T5936] r8152-cfgselector 1-1: Unknown version 0x0000
[  187.703890][ T5936] r8152-cfgselector 1-1: config 0 descriptor??
[  188.125720][ T7773] futex_wake_op: syz.5.497 tries to shift op by 144; fix this program
[  188.197729][ T5936] r8152-cfgselector 1-1: USB disconnect, device number 10
[  188.387945][ T5936] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  188.671204][ T7785] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  188.678414][ T7785] overlayfs: failed to set xattr on upper
[  188.684191][ T7785] overlayfs: ...falling back to redirect_dir=nofollow.
[  188.691149][ T7785] overlayfs: ...falling back to index=off.
[  188.697092][ T7785] overlayfs: maximum fs stacking depth exceeded
[  189.427372][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  189.586976][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  189.754215][ T7801] loop2: detected capacity change from 0 to 256
[  189.776128][ T7800] loop1: detected capacity change from 0 to 256
[  189.782422][ T7801] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  189.795140][ T7801] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  189.852703][ T7800] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  189.908286][ T7800] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  190.068895][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.147276][ T5926] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  190.222474][ T7810] loop7: detected capacity change from 0 to 7
[  190.236926][ T5894] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  190.238834][  T795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.316603][ T5926] usb 3-1: Using ep0 maxpacket: 32
[  190.331317][ T5926] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  190.356396][ T5926] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.406407][ T5926] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  190.426674][ T5894] usb 2-1: Using ep0 maxpacket: 32
[  190.435268][ T5894] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  190.444271][ T5894] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.454707][ T5894] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  190.469755][ T7731] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.480840][ T5894] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  190.490545][ T5926] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  190.510771][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.521144][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.538924][ T5894] usb 2-1: Product: syz
[  190.555030][ T5926] usb 3-1: Product: syz
[  190.563860][ T5894] usb 2-1: Manufacturer: syz
[  190.570761][ T5926] usb 3-1: Manufacturer: syz
[  190.575387][ T5926] usb 3-1: SerialNumber: syz
[  190.577190][ T5894] usb 2-1: SerialNumber: syz
[  190.602750][ T5894] usb 2-1: config 0 descriptor??
[  190.611381][ T7810] Dev loop7: unable to read RDB block 7
[  190.619347][ T5926] usb 3-1: config 0 descriptor??
[  190.632593][ T5926] rndis_host 3-1:0.0: skipping garbage
[  190.638226][ T5926] usb 3-1: bad CDC descriptors
[  190.641325][ T7810]  loop7: unable to read partition table
[  190.644557][ T5926] cdc_acm 3-1:0.0: skipping garbage
[  190.654366][ T5926] cdc_acm 3-1:0.0: Control and data interfaces are not separated!
[  190.662534][ T5926] cdc_acm 3-1:0.0: This needs exactly 3 endpoints
[  190.663663][ T5894] rndis_host 2-1:0.0: skipping garbage
[  190.669441][ T5926] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  190.674570][ T7810] loop7: partition table beyond EOD, truncated
[  190.692216][ T7810] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  190.740691][ T5894] usb 2-1: bad CDC descriptors
[  190.760442][ T5894] cdc_acm 2-1:0.0: skipping garbage
[  190.765697][ T5894] cdc_acm 2-1:0.0: Control and data interfaces are not separated!
[  190.792940][ T5894] cdc_acm 2-1:0.0: This needs exactly 3 endpoints
[  190.816338][ T5894] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  190.830214][ T7801] netlink: 27 bytes leftover after parsing attributes in process `syz.2.507'.
[  190.858208][ T7800] netlink: 27 bytes leftover after parsing attributes in process `syz.1.506'.
[  191.268342][ T7828] sctp: [Deprecated]: syz.2.507 (pid 7828) Use of struct sctp_assoc_value in delayed_ack socket option.
[  191.268342][ T7828] Use struct sctp_sack_info instead
[  191.638291][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  192.095864][ T7838] sctp: [Deprecated]: syz.1.506 (pid 7838) Use of struct sctp_assoc_value in delayed_ack socket option.
[  192.095864][ T7838] Use struct sctp_sack_info instead
[  192.710900][ T7731] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  192.842914][ T7731] usb 3-1: USB disconnect, device number 4
[  193.250970][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.227423][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.233870][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.297246][ T5980] usb 2-1: USB disconnect, device number 8
[  194.323210][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.608363][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  194.608380][   T30] audit: type=1326 audit(1764344191.681:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7868 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ecf98f749 code=0x7ffc0000
[  194.672365][   T30] audit: type=1326 audit(1764344191.711:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7868 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f8ecf98f749 code=0x7ffc0000
[  194.681798][ T7865] loop5: detected capacity change from 0 to 4096
[  194.759928][   T30] audit: type=1326 audit(1764344191.711:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7868 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ecf98f749 code=0x7ffc0000
[  194.816874][ T7865] EXT4-fs (loop5): Test dummy encryption mode enabled
[  194.875279][   T30] audit: type=1326 audit(1764344191.711:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7868 comm="syz.1.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ecf98f749 code=0x7ffc0000
[  194.913617][ T7865] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.047876][ T7865] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  195.084629][ T7885] EXT4-fs (loop5): shut down requested (1)
[  195.153326][ T6242] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.472656][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  196.336111][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  196.492305][ T7917] syz.0.543 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  196.540125][   T30] audit: type=1326 audit(1764344193.581:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.5.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe53dd8f749 code=0x7ffc0000
[  196.566669][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  196.635144][   T30] audit: type=1326 audit(1764344193.591:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.5.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe53dd8f749 code=0x7ffc0000
[  196.675033][ T7922] loop1: detected capacity change from 0 to 512
[  196.726893][ T7922] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  196.746782][   T30] audit: type=1326 audit(1764344193.661:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7923 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  196.828686][   T30] audit: type=1326 audit(1764344193.661:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7923 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  196.864078][ T7935] loop5: detected capacity change from 0 to 164
[  196.903496][ T7922] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  196.908447][   T30] audit: type=1326 audit(1764344193.661:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7923 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  196.934334][   T30] audit: type=1326 audit(1764344193.661:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7923 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  196.962293][ T7922] EXT4-fs (loop1): orphan cleanup on readonly fs
[  196.989215][ T7922] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.544: corrupted inode contents
[  197.007046][ T7922] EXT4-fs (loop1): Remounting filesystem read-only
[  197.062468][ T7922] EXT4-fs (loop1): 1 truncate cleaned up
[  197.102429][ T3541] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  197.143269][ T3541] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  197.176613][ T7938] Falling back ldisc for ttyS3.
[  197.198701][ T3541] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  197.249610][ T7922] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  197.267009][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  197.447527][ T7948] loop0: detected capacity change from 0 to 128
[  197.462621][ T7948] FAT-fs (loop0): Directory bread(block 162) failed
[  197.472851][ T7950] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  197.481306][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  197.491520][ T7948] FAT-fs (loop0): Directory bread(block 163) failed
[  197.498868][ T7948] FAT-fs (loop0): Directory bread(block 164) failed
[  197.523103][ T7948] FAT-fs (loop0): Directory bread(block 165) failed
[  197.546037][ T7948] FAT-fs (loop0): Directory bread(block 166) failed
[  197.574901][ T7948] FAT-fs (loop0): Directory bread(block 167) failed
[  197.596053][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  197.612604][ T7948] FAT-fs (loop0): Directory bread(block 168) failed
[  197.624967][ T7948] FAT-fs (loop0): Directory bread(block 169) failed
[  197.656228][ T7948] FAT-fs (loop0): Directory bread(block 162) failed
[  197.692828][ T7948] FAT-fs (loop0): Directory bread(block 163) failed
[  197.740669][ T7948] syz.0.558: attempt to access beyond end of device
[  197.740669][ T7948] loop0: rw=3, sector=226, nr_sectors = 6 limit=128
[  197.784963][ T7948] syz.0.558: attempt to access beyond end of device
[  197.784963][ T7948] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128
[  197.882647][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.029425][ T7963] loop3: detected capacity change from 0 to 4096
[  198.189764][ T7963] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.415458][ T7983] loop0: detected capacity change from 0 to 1024
[  198.497347][ T7983] EXT4-fs: inline encryption not supported
[  198.572125][ T7983] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.588332][ T7985] EXT4-fs (loop3): shut down requested (2)
[  198.636884][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  198.791600][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.791667][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.940621][ T8004] loop0: detected capacity change from 0 to 512
[  198.989090][ T8004] EXT4-fs (loop0): can't read group descriptor 0
[  199.152293][ T8012] loop5: detected capacity change from 0 to 512
[  199.209455][ T8012] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  199.272941][ T8012] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  199.304017][ T8012] EXT4-fs (loop5): 1 truncate cleaned up
[  199.350227][ T8012] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.436955][ T8024] 8021q: VLANs not supported on ip_vti0
[  199.502481][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.5.577'.
[  199.621478][   T30] kauditd_printk_skb: 234 callbacks suppressed
[  199.621495][   T30] audit: type=1326 audit(1764344196.691:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  199.677450][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  199.694078][ T6242] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.716705][   T30] audit: type=1326 audit(1764344196.731:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  199.768203][ T8035] loop3: detected capacity change from 0 to 512
[  199.796698][   T30] audit: type=1326 audit(1764344196.731:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  199.850244][ T8035] EXT4-fs (loop3): orphan cleanup on readonly fs
[  199.859040][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  199.877212][   T30] audit: type=1326 audit(1764344196.731:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  199.916033][   T30] audit: type=1326 audit(1764344196.731:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  199.917248][ T8035] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.582: bad orphan inode 13
[  199.940171][   T30] audit: type=1326 audit(1764344196.731:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  199.972261][   T30] audit: type=1326 audit(1764344196.731:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  200.069310][ T8035] ext4_test_bit(bit=12, block=18) = 1
[  200.089334][ T8037] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.110223][ T8035] is_bad_inode(inode)=0
[  200.116856][   T30] audit: type=1326 audit(1764344196.731:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  200.136046][ T8035] NEXT_ORPHAN(inode)=2130706432
[  200.148983][ T8035] max_ino=32
[  200.152333][ T8035] i_nlink=1
[  200.167940][ T8035] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  200.202483][   T30] audit: type=1326 audit(1764344196.731:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  200.276382][   T30] audit: type=1326 audit(1764344196.731:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.0.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb04e7c2005 code=0x7ffc0000
[  200.306659][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  200.333497][ T8037] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.367993][ T8035] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  200.401109][ T8035] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  200.467628][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  200.542493][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.548235][ T8037] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.707739][ T7731] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  200.761811][ T8037] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.909643][ T7402] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.920257][ T7402] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.965487][ T7402] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.020842][   T49] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  201.110997][ T8078] loop3: detected capacity change from 0 to 1024
[  201.172068][ T8078] EXT4-fs: Ignoring removed nomblk_io_submit option
[  201.228797][ T8078] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.263010][ T8078] netlink: 28 bytes leftover after parsing attributes in process `syz.3.590'.
[  201.280476][ T8078] netlink: 28 bytes leftover after parsing attributes in process `syz.3.590'.
[  201.295145][ T8078] netlink: 28 bytes leftover after parsing attributes in process `syz.3.590'.
[  201.306037][ T8078] netlink: 28 bytes leftover after parsing attributes in process `syz.3.590'.
[  201.390109][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.756843][ T5894] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  201.791585][ T8105] loop1: detected capacity change from 0 to 764
[  201.850661][ T8105] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  202.169822][ T8119] netlink: 'syz.1.597': attribute type 7 has an invalid length.
[  202.706023][ T8135] loop2: detected capacity change from 0 to 1024
[  202.763941][ T8135] EXT4-fs: Ignoring removed nobh option
[  202.789790][ T6019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  202.811719][ T8135] EXT4-fs: Ignoring removed bh option
[  202.860376][ T8135] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.976033][ T8135] EXT4-fs error (device loop2): mb_free_blocks:2037: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  203.059664][ T8135] EXT4-fs (loop2): Remounting filesystem read-only
[  203.210691][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.347172][ T5980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  203.670864][ T8161] sch_fq: defrate 0 ignored.
[  204.050894][ T8186] pim6reg: entered allmulticast mode
[  204.082957][ T8186] pim6reg: left allmulticast mode
[  204.399184][ T8196] netlink: 4 bytes leftover after parsing attributes in process `syz.0.633'.
[  205.955859][ T8204] loop0: detected capacity change from 0 to 764
[  206.004842][ T8206] netlink: 56 bytes leftover after parsing attributes in process `syz.2.637'.
[  206.038739][ T8204] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  206.435879][ T8214] loop0: detected capacity change from 0 to 512
[  206.471346][ T8214] EXT4-fs (loop0): 1 truncate cleaned up
[  206.481088][ T8214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  206.550623][ T8218] loop1: detected capacity change from 0 to 512
[  206.611034][ T8218] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  206.662802][ T8218] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  206.739537][ T8218] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4215: comm syz.1.641: Allocating blocks 41-42 which overlap fs metadata
[  206.815988][ T8218] __quota_error: 1179 callbacks suppressed
[  206.816007][ T8218] Quota error (device loop1): write_blk: dquota write failed
[  206.830866][ T8218] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5
[  206.841618][ T8218] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  206.852486][ T8218] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.641: Failed to acquire dquot type 1
[  206.864835][ T8218] EXT4-fs error (device loop1): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  206.909116][ T8218] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.641: corrupted inode contents
[  206.967274][ T8218] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #12: comm syz.1.641: mark_inode_dirty error
[  207.019682][ T8218] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.641: corrupted inode contents
[  207.089090][ T8218] EXT4-fs error (device loop1): __ext4_ext_dirty:211: inode #12: comm syz.1.641: mark_inode_dirty error
[  207.145171][ T8218] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.641: corrupted inode contents
[  207.191291][ T8218] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem
[  207.216903][ T8218] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.641: corrupted inode contents
[  207.255238][ T8218] EXT4-fs error (device loop1): ext4_truncate:4635: inode #12: comm syz.1.641: mark_inode_dirty error
[  207.317913][ T8218] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem
[  207.349245][ T8218] EXT4-fs (loop1): 1 truncate cleaned up
[  207.367606][ T8218] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.506003][ T8218] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  207.538893][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.647669][ T8243] netlink: 24 bytes leftover after parsing attributes in process `syz.2.651'.
[  207.659171][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.697383][ T8243] IPVS: Error connecting to the multicast addr
[  207.911109][ T8249] netlink: 28 bytes leftover after parsing attributes in process `syz.2.653'.
[  207.967153][ T8249] netlink: 28 bytes leftover after parsing attributes in process `syz.2.653'.
[  208.006783][ T8250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.653'.
[  208.055738][ T8250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.653'.
[  208.141944][ T8256] loop1: detected capacity change from 0 to 128
[  208.335942][ T8258] batadv1: entered promiscuous mode
[  208.362492][ T8258] batadv1: entered allmulticast mode
[  208.596403][   T30] audit: type=1326 audit(1764344205.651:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  208.596658][   T30] audit: type=1326 audit(1764344205.651:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  208.596893][   T30] audit: type=1326 audit(1764344205.651:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  208.597116][   T30] audit: type=1326 audit(1764344205.651:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  208.597442][   T30] audit: type=1326 audit(1764344205.651:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  208.597649][   T30] audit: type=1326 audit(1764344205.651:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  208.597760][   T30] audit: type=1326 audit(1764344205.651:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8259 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  209.378390][ T8273] wireguard0: entered promiscuous mode
[  209.383911][ T8273] wireguard0: entered allmulticast mode
[  209.786069][ T8283] loop0: detected capacity change from 0 to 164
[  209.828257][ T8283] rock: directory entry would overflow storage
[  209.834460][ T8283] rock: sig=0x66, size=4, remaining=3
[  209.907934][ T8283] rock: directory entry would overflow storage
[  209.942080][ T8283] rock: sig=0x66, size=4, remaining=3
[  210.235392][ T8291] netlink: 'syz.1.669': attribute type 16 has an invalid length.
[  210.295985][ T8291] netlink: 'syz.1.669': attribute type 17 has an invalid length.
[  210.412499][ T8291] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  210.677767][ T8314] loop0: detected capacity change from 0 to 512
[  210.690462][ T8312] netlink: 76 bytes leftover after parsing attributes in process `syz.1.678'.
[  210.710856][ T8311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.677'.
[  210.742962][ T8314] EXT4-fs (loop0): 1 truncate cleaned up
[  210.774323][ T8314] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.798148][ T8319] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  211.045123][ T8326] delete_channel: no stack
[  211.053867][ T8329] loop5: detected capacity change from 0 to 128
[  211.075915][ T8329] msdos: Bad value for 'gid'
[  211.080935][ T8329] msdos: Bad value for 'gid'
[  211.191060][ T8311] team0 (unregistering): Port device team_slave_0 removed
[  211.250530][ T8311] team0 (unregistering): Port device team_slave_1 removed
[  211.535201][   T52] Bluetooth: hci3: command 0x0406 tx timeout
[  211.541479][   T52] Bluetooth: hci0: command 0x0406 tx timeout
[  211.546705][ T8339] Bluetooth: hci1: command 0x0406 tx timeout
[  211.554317][ T8339] Bluetooth: hci4: command 0x0405 tx timeout
[  211.713725][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.5.686'.
[  212.259782][ T8344] netlink: 48 bytes leftover after parsing attributes in process `syz.1.687'.
[  212.299081][ T8341] syz.5.686 (8341) used greatest stack depth: 15320 bytes left
[  212.318194][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  212.318211][   T30] audit: type=1326 audit(1764344209.391:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  212.350087][   T30] audit: type=1326 audit(1764344209.421:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  212.434808][   T30] audit: type=1326 audit(1764344209.471:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  212.462607][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.472836][   T30] audit: type=1326 audit(1764344209.471:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.2.688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7798f749 code=0x7ffc0000
[  212.674486][   T30] audit: type=1326 audit(1764344209.741:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8350 comm="syz.3.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  212.700690][ T8356] loop2: detected capacity change from 0 to 1024
[  212.728644][ T8356] EXT4-fs: Ignoring removed orlov option
[  212.756739][   T30] audit: type=1326 audit(1764344209.741:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8350 comm="syz.3.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  212.781766][   T30] audit: type=1326 audit(1764344209.741:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8350 comm="syz.3.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  212.806148][   T30] audit: type=1326 audit(1764344209.741:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8350 comm="syz.3.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  212.829556][   T30] audit: type=1326 audit(1764344209.741:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8350 comm="syz.3.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  212.853819][   T30] audit: type=1326 audit(1764344209.741:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8350 comm="syz.3.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90ad78f749 code=0x7ffc0000
[  212.887791][ T8354] wireguard0: entered promiscuous mode
[  212.893301][ T8354] wireguard0: entered allmulticast mode
[  212.960531][ T8365] loop3: detected capacity change from 0 to 512
[  212.992474][ T8356] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.031002][ T8365] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  213.096529][ T8365] EXT4-fs (loop3): 1 truncate cleaned up
[  213.119915][ T8365] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.154113][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.298885][ T8369] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  213.344357][ T8374] loop1: detected capacity change from 0 to 512
[  213.399879][ T8374] EXT4-fs: Ignoring removed nomblk_io_submit option
[  213.449770][ T8374] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  213.495682][ T8374] EXT4-fs (loop1): invalid inodes per group: 196640
[  213.495682][ T8374] 
[  213.539590][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.618475][ T8377] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  214.254133][ T8391] smc: net device bond0 applied user defined pnetid SYZ0
[  214.277653][ T8391] smc: net device bond0 erased user defined pnetid SYZ0
[  214.278461][ T8379] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  214.587660][ T8403] loop0: detected capacity change from 0 to 128
[  214.975993][ T8410] loop0: detected capacity change from 0 to 1024
[  215.088369][ T8410] ext4: Unknown parameter 'no'
[  215.373418][ T8424] loop5: detected capacity change from 0 to 1024
[  215.401273][ T8426] netlink: 4 bytes leftover after parsing attributes in process `syz.0.715'.
[  215.443797][ T8424] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.609143][ T8435] syz.2.716 uses obsolete (PF_INET,SOCK_PACKET)
[  215.627728][ T6242] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.699836][ T8438] loop1: detected capacity change from 0 to 128
[  216.027977][ T8442] vlan2: entered allmulticast mode
[  216.238685][ T8426] ==================================================================
[  216.246800][ T8426] BUG: KASAN: slab-use-after-free in locks_remove_posix+0x10f/0x630
[  216.254802][ T8426] Read of size 8 at addr ffff888078bcde10 by task syz.0.715/8426
[  216.262523][ T8426] 
[  216.264851][ T8426] CPU: 0 UID: 0 PID: 8426 Comm: syz.0.715 Not tainted syzkaller #0 PREEMPT(full) 
[  216.264868][ T8426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  216.264877][ T8426] Call Trace:
[  216.264884][ T8426]  <TASK>
[  216.264891][ T8426]  dump_stack_lvl+0x189/0x250
[  216.264911][ T8426]  ? __kasan_check_byte+0x12/0x40
[  216.264930][ T8426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.264947][ T8426]  ? lock_release+0x4b/0x3b0
[  216.264964][ T8426]  ? __virt_addr_valid+0x4a5/0x5c0
[  216.264985][ T8426]  print_report+0xca/0x240
[  216.265000][ T8426]  ? locks_remove_posix+0x10f/0x630
[  216.265017][ T8426]  kasan_report+0x118/0x150
[  216.265035][ T8426]  ? locks_remove_posix+0x10f/0x630
[  216.265060][ T8426]  locks_remove_posix+0x10f/0x630
[  216.265079][ T8426]  ? __pfx_locks_remove_posix+0x10/0x10
[  216.265107][ T8426]  ? do_raw_spin_unlock+0x122/0x240
[  216.265127][ T8426]  ? dnotify_flush+0x1db/0x5e0
[  216.265141][ T8426]  ? mqueue_flush_file+0x21c/0x270
[  216.265159][ T8426]  ? filp_flush+0xae/0x190
[  216.265181][ T8426]  filp_flush+0x113/0x190
[  216.265201][ T8426]  filp_close+0x1d/0x40
[  216.265221][ T8426]  put_files_struct+0x1ba/0x350
[  216.265242][ T8426]  do_exit+0x67f/0x2310
[  216.265264][ T8426]  ? irqentry_exit+0x5dd/0x660
[  216.265282][ T8426]  ? __pfx_do_exit+0x10/0x10
[  216.265301][ T8426]  ? preempt_schedule_common+0x83/0xd0
[  216.265317][ T8426]  ? preempt_schedule+0xae/0xc0
[  216.265331][ T8426]  ? __pfx_preempt_schedule+0x10/0x10
[  216.265350][ T8426]  do_group_exit+0x21c/0x2d0
[  216.265372][ T8426]  get_signal+0x1285/0x1340
[  216.265394][ T8426]  arch_do_signal_or_restart+0x9a/0x7a0
[  216.265417][ T8426]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  216.265443][ T8426]  ? exit_to_user_mode_loop+0x55/0x4f0
[  216.265460][ T8426]  exit_to_user_mode_loop+0x87/0x4f0
[  216.265474][ T8426]  ? rcu_is_watching+0x15/0xb0
[  216.265493][ T8426]  do_syscall_64+0x2e3/0xf80
[  216.265511][ T8426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.265530][ T8426]  ? clear_bhb_loop+0x60/0xb0
[  216.265547][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.265562][ T8426] RIP: 0033:0x7fb04e78f749
[  216.265574][ T8426] Code: Unable to access opcode bytes at 0x7fb04e78f71f.
[  216.265582][ T8426] RSP: 002b:00007fb04f66d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  216.265598][ T8426] RAX: fffffffffffffe00 RBX: 00007fb04e9e5fa8 RCX: 00007fb04e78f749
[  216.265610][ T8426] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb04e9e5fa8
[  216.265619][ T8426] RBP: 00007fb04e9e5fa0 R08: 0000000000000000 R09: 0000000000000000
[  216.265629][ T8426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  216.265641][ T8426] R13: 00007fb04e9e6038 R14: 00007ffcd718fae0 R15: 00007ffcd718fbc8
[  216.265660][ T8426]  </TASK>
[  216.265665][ T8426] 
[  216.529329][ T8426] Allocated by task 8426:
[  216.533655][ T8426]  kasan_save_track+0x3e/0x80
[  216.538334][ T8426]  __kasan_slab_alloc+0x6c/0x80
[  216.543183][ T8426]  kmem_cache_alloc_noprof+0x37d/0x710
[  216.548646][ T8426]  locks_get_lock_context+0x134/0x3b0
[  216.554023][ T8426]  generic_setlease+0x528/0x1280
[  216.558957][ T8426]  do_fcntl_add_lease+0x34d/0x460
[  216.563975][ T8426]  fcntl_setlease+0x123/0x180
[  216.568647][ T8426]  do_fcntl+0x867/0x1a50
[  216.572894][ T8426]  __se_sys_fcntl+0xc8/0x150
[  216.577499][ T8426]  do_syscall_64+0xfa/0xf80
[  216.582014][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.587904][ T8426] 
[  216.590223][ T8426] Freed by task 8425:
[  216.594193][ T8426]  kasan_save_track+0x3e/0x80
[  216.598956][ T8426]  kasan_save_free_info+0x46/0x50
[  216.603980][ T8426]  __kasan_slab_free+0x5c/0x80
[  216.608740][ T8426]  kmem_cache_free+0x197/0x620
[  216.613507][ T8426]  __destroy_inode+0x2ea/0x670
[  216.618263][ T8426]  evict+0x87d/0xae0
[  216.622156][ T8426]  __dentry_kill+0x209/0x660
[  216.626746][ T8426]  finish_dput+0xc9/0x480
[  216.631088][ T8426]  __fput+0x68e/0xa70
[  216.635066][ T8426]  task_work_run+0x1d4/0x260
[  216.639655][ T8426]  exit_to_user_mode_loop+0xff/0x4f0
[  216.644935][ T8426]  do_syscall_64+0x2e3/0xf80
[  216.649529][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.655431][ T8426] 
[  216.657750][ T8426] The buggy address belongs to the object at ffff888078bcddc0
[  216.657750][ T8426]  which belongs to the cache file_lock_ctx of size 112
[  216.671972][ T8426] The buggy address is located 80 bytes inside of
[  216.671972][ T8426]  freed 112-byte region [ffff888078bcddc0, ffff888078bcde30)
[  216.685670][ T8426] 
[  216.687991][ T8426] The buggy address belongs to the physical page:
[  216.694409][ T8426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078bcdc60 pfn:0x78bcd
[  216.704467][ T8426] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  216.711582][ T8426] page_type: f5(slab)
[  216.715561][ T8426] raw: 00fff00000000000 ffff888140aee140 dead000000000122 0000000000000000
[  216.724139][ T8426] raw: ffff888078bcdc60 0000000080170015 00000000f5000000 0000000000000000
[  216.732715][ T8426] page dumped because: kasan: bad access detected
[  216.739124][ T8426] page_owner tracks the page as allocated
[  216.744828][ T8426] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5206, tgid 5206 (udevd), ts 48331295252, free_ts 48320454887
[  216.763487][ T8426]  post_alloc_hook+0x234/0x290
[  216.768249][ T8426]  get_page_from_freelist+0x2365/0x2440
[  216.773795][ T8426]  __alloc_frozen_pages_noprof+0x181/0x370
[  216.779595][ T8426]  alloc_pages_mpol+0x232/0x4a0
[  216.784452][ T8426]  allocate_slab+0x86/0x3b0
[  216.788961][ T8426]  ___slab_alloc+0xf2b/0x1960
[  216.793657][ T8426]  __slab_alloc+0x65/0x100
[  216.798072][ T8426]  kmem_cache_alloc_noprof+0x40f/0x710
[  216.803537][ T8426]  locks_get_lock_context+0x134/0x3b0
[  216.808910][ T8426]  flock_lock_inode+0xf2/0x1410
[  216.813766][ T8426]  locks_lock_inode_wait+0x107/0x410
[  216.819046][ T8426]  __se_sys_flock+0x467/0x5b0
[  216.823718][ T8426]  do_syscall_64+0xfa/0xf80
[  216.828218][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.834105][ T8426] page last free pid 5206 tgid 5206 stack trace:
[  216.840422][ T8426]  __free_frozen_pages+0xbc8/0xd30
[  216.845532][ T8426]  __put_partials+0x146/0x170
[  216.850209][ T8426]  put_cpu_partial+0x1f2/0x2d0
[  216.854985][ T8426]  __slab_free+0x288/0x2a0
[  216.859433][ T8426]  qlist_free_all+0x97/0x100
[  216.864022][ T8426]  kasan_quarantine_reduce+0x148/0x160
[  216.869482][ T8426]  __kasan_slab_alloc+0x22/0x80
[  216.874332][ T8426]  __kmalloc_noprof+0x3cf/0x800
[  216.879177][ T8426]  tomoyo_realpath_from_path+0xe3/0x5d0
[  216.884721][ T8426]  tomoyo_path2_perm+0x288/0x680
[  216.889660][ T8426]  tomoyo_path_rename+0x141/0x190
[  216.894678][ T8426]  security_path_rename+0x250/0x490
[  216.899872][ T8426]  do_renameat2+0x4c4/0x8e0
[  216.904375][ T8426]  __x64_sys_rename+0x82/0x90
[  216.909047][ T8426]  do_syscall_64+0xfa/0xf80
[  216.913549][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.919437][ T8426] 
[  216.921756][ T8426] Memory state around the buggy address:
[  216.927389][ T8426]  ffff888078bcdd00: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[  216.935464][ T8426]  ffff888078bcdd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  216.943525][ T8426] >ffff888078bcde00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  216.951600][ T8426]                          ^
[  216.956199][ T8426]  ffff888078bcde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  216.964271][ T8426]  ffff888078bcdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  216.972323][ T8426] ==================================================================
[  217.031754][ T8426] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  217.038989][ T8426] CPU: 1 UID: 0 PID: 8426 Comm: syz.0.715 Not tainted syzkaller #0 PREEMPT(full) 
[  217.048221][ T8426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  217.058278][ T8426] Call Trace:
[  217.061561][ T8426]  <TASK>
[  217.064497][ T8426]  dump_stack_lvl+0x99/0x250
[  217.069094][ T8426]  ? __asan_memcpy+0x40/0x70
[  217.073698][ T8426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.078904][ T8426]  ? __pfx__printk+0x10/0x10
[  217.083507][ T8426]  vpanic+0x237/0x6d0
[  217.087494][ T8426]  ? __pfx_vpanic+0x10/0x10
[  217.092002][ T8426]  ? preempt_schedule+0xae/0xc0
[  217.096846][ T8426]  ? __pfx_preempt_schedule+0x10/0x10
[  217.102218][ T8426]  panic+0xb9/0xc0
[  217.105936][ T8426]  ? __pfx_panic+0x10/0x10
[  217.110356][ T8426]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  217.116250][ T8426]  ? locks_remove_posix+0x10f/0x630
[  217.121452][ T8426]  check_panic_on_warn+0x89/0xb0
[  217.126396][ T8426]  ? locks_remove_posix+0x10f/0x630
[  217.131603][ T8426]  end_report+0x6f/0x140
[  217.135845][ T8426]  kasan_report+0x129/0x150
[  217.140352][ T8426]  ? locks_remove_posix+0x10f/0x630
[  217.145562][ T8426]  locks_remove_posix+0x10f/0x630
[  217.150588][ T8426]  ? __pfx_locks_remove_posix+0x10/0x10
[  217.156160][ T8426]  ? do_raw_spin_unlock+0x122/0x240
[  217.161372][ T8426]  ? dnotify_flush+0x1db/0x5e0
[  217.166129][ T8426]  ? mqueue_flush_file+0x21c/0x270
[  217.171242][ T8426]  ? filp_flush+0xae/0x190
[  217.175660][ T8426]  filp_flush+0x113/0x190
[  217.179995][ T8426]  filp_close+0x1d/0x40
[  217.184154][ T8426]  put_files_struct+0x1ba/0x350
[  217.189006][ T8426]  do_exit+0x67f/0x2310
[  217.193162][ T8426]  ? irqentry_exit+0x5dd/0x660
[  217.197926][ T8426]  ? __pfx_do_exit+0x10/0x10
[  217.202518][ T8426]  ? preempt_schedule_common+0x83/0xd0
[  217.207969][ T8426]  ? preempt_schedule+0xae/0xc0
[  217.212818][ T8426]  ? __pfx_preempt_schedule+0x10/0x10
[  217.218189][ T8426]  do_group_exit+0x21c/0x2d0
[  217.222786][ T8426]  get_signal+0x1285/0x1340
[  217.227295][ T8426]  arch_do_signal_or_restart+0x9a/0x7a0
[  217.232842][ T8426]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  217.239006][ T8426]  ? exit_to_user_mode_loop+0x55/0x4f0
[  217.244467][ T8426]  exit_to_user_mode_loop+0x87/0x4f0
[  217.249752][ T8426]  ? rcu_is_watching+0x15/0xb0
[  217.254519][ T8426]  do_syscall_64+0x2e3/0xf80
[  217.259107][ T8426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.265182][ T8426]  ? clear_bhb_loop+0x60/0xb0
[  217.269860][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.275749][ T8426] RIP: 0033:0x7fb04e78f749
[  217.280167][ T8426] Code: Unable to access opcode bytes at 0x7fb04e78f71f.
[  217.287188][ T8426] RSP: 002b:00007fb04f66d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  217.295599][ T8426] RAX: fffffffffffffe00 RBX: 00007fb04e9e5fa8 RCX: 00007fb04e78f749
[  217.303567][ T8426] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb04e9e5fa8
[  217.311531][ T8426] RBP: 00007fb04e9e5fa0 R08: 0000000000000000 R09: 0000000000000000
[  217.319494][ T8426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.327462][ T8426] R13: 00007fb04e9e6038 R14: 00007ffcd718fae0 R15: 00007ffcd718fbc8
[  217.335448][ T8426]  </TASK>
[  217.338778][ T8426] Kernel Offset: disabled
[  217.343098][ T8426] Rebooting in 86400 seconds..