last executing test programs:

19.008703511s ago: executing program 3 (id=238):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
connect$vsock_stream(r0, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff, @local}, 0x10)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2b, 0x801, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

17.14990412s ago: executing program 1 (id=242):
socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x65)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
bind$netrom(r5, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x0, 0x1, 0x0, "11010000001400000100b64c0000005c4b7c1500", 0x20303159})
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x84)
pipe2$9p(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@version_9p2000}]}})
close_range(r0, 0xffffffffffffffff, 0x0)

16.27134s ago: executing program 3 (id=245):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x80c4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
epoll_create1(0x0)
writev(r2, &(0x7f0000000840)=[{0x0}], 0x1)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
r3 = io_uring_setup(0x7a76, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x4, 0x4, 0x3e0, 0xffffffff, 0x0, 0x1f8, 0x1f8, 0xfeffffff, 0xffffffff, 0x310, 0x310, 0x310, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @loopback, [0xffffffff, 0xff000000, 0x0, 0xffffff00], [0xffffff00, 0xff, 0xffffffff, 0xff], 'wlan1\x00', 'erspan0\x00', {}, {0xff}, 0x3b, 0x3, 0x4, 0x5}, 0x2f2, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x2, 0x1, [0x0, 0xe3c1, 0x2, 0x6, 0xfffa, 0x6, 0x3, 0x4, 0x1, 0xfffb, 0x0, 0x9, 0x18, 0xef, 0x5e6d, 0x3], 0x4}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x2}}}, {{@ipv6={@mcast1, @loopback, [0x0, 0xffffff00, 0xff000000, 0xff], [0x0, 0x0, 0xff000000, 0xffffff00], 'veth1_to_bond\x00', 'wlan0\x00', {0x873054bc4ee3b02d}, {0xff}, 0x89, 0xb8, 0x5, 0x24}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x0, 0x4}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0x1, 0x2}, 0xe25, 0x664}}}, {{@uncond, 0x0, 0xd8, 0x118, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0xe}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x80, 0x3d, "52a7c9017ed5048ad31b0477f146377ff2b6d287373519532f5bff53ee26"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440)

14.588988044s ago: executing program 3 (id=249):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wg0\x00', <r1=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x70bd2c, 0x0, {0x2, 0x20, 0x20, 0x5, 0x0, 0x3, 0x0, 0x0, 0x800}, [@RTA_IIF={0x8, 0x3, r1}]}, 0x24}}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)

13.849750734s ago: executing program 4 (id=251):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0xb, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x3}}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

13.62352268s ago: executing program 2 (id=252):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x44, &(0x7f0000009000), 0x4)
r4 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$search(0xa, r4, &(0x7f0000000380)='keyring\x00', 0x0, 0x0)
bpf$ITER_CREATE(0xb, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "00ab08653904030401c50900000009c5000000efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0)
iopl(0x3)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

13.178831557s ago: executing program 4 (id=253):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil)
r5 = shmat(r4, &(0x7f0000ffd000/0x2000)=nil, 0x6000)
shmat(r4, &(0x7f0000d6f000/0x3000)=nil, 0x6000)
shmdt(r5)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfffffc99}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000)
listen(r3, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r3}, 0x20)
sendmmsg$inet6(r3, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x56, 0x10)

12.436798245s ago: executing program 2 (id=255):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
connect$vsock_stream(r0, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff, @local}, 0x10)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2b, 0x801, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

12.344383682s ago: executing program 1 (id=256):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @host}, 0x10)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000000100)={0x0, 0xea60}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0xffffffff}, 0x10)

9.506040105s ago: executing program 1 (id=258):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setgroups(0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f00000000c0)={0xa, {0x4, 0x3, 0x1, 0x401}, {0x0, 0x2, 0x4, 0x1000}, {0xa47, 0x5}})

9.478134403s ago: executing program 4 (id=260):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000440)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000380)={0x93, 0x800e, 0x40, 0x7f, <r1=>0x0}, &(0x7f00000003c0)=0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000400)={&(0x7f00000001c0)=@in6={0xa, 0x4e21, 0x7ff, @mcast2, 0x4}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000240)="0cb0bf21e6e75735fa6c28ddab04bce51b9071dfb35aae401e313790d0f487e749d78fcb003a75b930ae9c0d098d6ecbb50f4ced231ee3e3", 0x38}], 0x1, &(0x7f0000000480)=[@sndrcv={0x30, 0x84, 0x1, {0x5, 0x4, 0x800a, 0x7, 0xd, 0xa30b, 0x1, 0x9, r1}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast2}], 0x50, 0x8005}, 0x10)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

9.18509222s ago: executing program 2 (id=262):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xcb, 0x0, 0x0)
close(r1)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000003c0)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x74fb01, 0x0)
close(r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc1, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x60000)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x7fffc, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xfff2, 0xb}, {0x6, 0x5}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x0, 0x1, 0x406, 0x4, 0x7fffffff, 0xe}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0xe1f0, 0x9, 0xc1c5, 0xfffffffb}}]}]}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004060}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000000300)={'syzkaller0\x00', @random="2b0100004ec6"})

8.783324517s ago: executing program 2 (id=263):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_gettime(0x6, &(0x7f0000000000))

8.308961625s ago: executing program 1 (id=264):
socket(0x2, 0x80805, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x27, 0x6, 0x80000000)
socket(0x2, 0x3, 0x67)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000003a000000030000000000", @ANYBLOB="000200"/14, @ANYRES32], 0x50)

7.197407615s ago: executing program 1 (id=266):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, &(0x7f0000000280)=0x80000001, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
mkdir(0x0, 0x0)
getpgrp(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r3, &(0x7f0000000400)=""/4096, 0xc00)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

7.134385104s ago: executing program 0 (id=267):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x1, r0}, 0x38)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000002400)=[{0xd28, 0x1, 0x8, "244df5680b8203b6b985638f2545f2ac042a9aee660edf5459c22ed1ed6026739f79e286a1f42ab62b2270f719c0ea01f4cfde2afa600b46d7d34e10f60c895126a9adf4a9885156ee2178974a935091e8c514514f31db8fcb6395a59a1710c7cff57d7f512eb909c22710e93086e706d2a3e4c1a121465944394844b45ed609c9fabb4edaf37a3df4d37a5ea7e027b1c5b22dd328957ae0b6f90667ae9f43322d694eebddddf7f23f1943855002a99e58c8402393d5a7dfd8d88cd1fcb86fe7aac690f8fcffa5b9dc3fdbb4822e588b7773ff35873a5ea7cc83b006d00e70987f313f1b9ba1b1b93ed3eb0362a138f2fba123982919b7aa914be8ba9c71a8d76f7045daafabfb4a50993005e0686440e9f97cc259b5350c86a0effdea17facf052b6772c96ea5fedb6b9497e591f51bd0e02ac86402d6f3fe7d0e856a69c6e3d49d89ba91e2fe519d5ac2186091766c178f274e81493af54a02f7e0b3e47c0a862bd7af9712e65f74595e8c63c91a45ebd081ad910d95f26192ead1daf401b015eb772f4b91bbacf26157d5d6d626eff439e238a6dd9ebce65fb960ae90ec490d5014589a24d107c8b66a587166ce85e9bffd332defeee0c3333d15ed629874fb3259217911d50a1eec22b3c205b3c2068bdbe9d0145de5536049af47bea81d4cffdc45b277e8c06249510d2d429cb3e606d27f40918bd250818d0a09512ed8a2727c81a38e44366deb7ca5e30556b03305ae54b19cc17f6a543a9d397676d1d18c873c30f02a873c6fe6cb1c21d0ebf78c1bc732ef62cbc92e71d461886c9fa5f04d28dc4c7e3b3ed55fb39603c041d27017322610ac1a16c63c91ed376d9bba0df833d185fff47bad911c26a5918034211a3dbe77663f21a22b4bed8a3cbabfcd5622a1bbc3c015d1890391c5f5f57ff316718f57d7927f41724ee25f274c98a22d8cc1f7348cdd5ff604f4fe21d50f21a1638a75b39c6a5e5c0470812e9e7a663f4f61e6f8b008d31c6e9bd4686a17e0f4fb42c06a19436731d612990f7dbdc2d9b6dd4a5152b8cdbef0906e6f6dd07ad305da2d579fb968b000ad7075c91d35f1af5c3783cbeb9306de0cb3f086a0e2950f564b6e1d0ff9bc785d53ed0176c3feaa5356559ebf4508bccc9202ee45d1c20f768f98f60aed75b7da8dba4f1c36a8b668e3a9a19eb431d4759a7b6840c888774194f60f872790fb243fdb2fb1184bc6dd225bfdb447cc1cfa5277569536d051e8069185956aaa7c34217597ab9c93e3ac647542aab63a11dce2a50d9ae996bb2477afc23d2456f36c58a8ca9308aea7548ea875ed4159d2df58cc3edcc0f1afd5fbed7e8fd540a9e97009a801e6d1397670d528f6c8ebbfce8ac7196efb13d05df6d95942f3a5f7629c857e558f0f408cfe6c5d7b9b3c07ac388904b79ffa7f947c0738b1722e6c817cb87cbee4d26d29ac34205523c121677cf55e891a681e9e4a1847ff29a8f440a427ebb9fa040f212b558c0932ad7f7e1115f48c52adcfbfb13ca9fe08f5507a74b04fee211674865f4ffa3f5cfba2fa7640a055efb6e848f4b6f9222bbe3b26a3721ddabc492c0586ca63fb03cc73007bef0e35606cfc629fa1c551eee50593712449e31c730042128ecdf57b35c79d040c6c23c663c5d30e2f3e711c8a9b9949814afee7117207a2b3ee989dd8edf72d997b3baa3ad5b700a8bf3c29d347094df4864bd4f4c234d5ef682b20f2664f7af13ec91c2490b0ddaff7cb2214d84a0a4486e6c51db48c21b6ef2bccf637bd589204716b019f976491ec9eedea1e67d48521a6e42cbc77c808e597a876226ba352c79e5f485ce3dd499f7eb22831a3951b70c5c869c90596fa211a1b9844c8a80e3fccaef546d08c4599f43b08bf198d8ed3b666088b191103f477bcf885bee9e280c9c126f1a2ddff0963ef5da8136f405dd5479e121fccbfa18c290acbee162a13006fcca07773a3da5db87b29c6ee7d66d2340bc053b83d600b5aaab198965f691aa52be98fda0998bb6a330f54575429a3cb7dcca97db0cdf3a2f1003514b1c213875e5306feb23a152898fd2cd25d4b93867018f713fd5d070846cd9981a489bd1b26ddc9c55a84d2d69d2687c5119cda5dffd0f425205aad0533f1bbef18df707d80422c3ce3f41382bf63906622250d2013552d40d97f2ef8bfca77331262e2989401b7644797bad8525f93754b54ad7098bfccb80540686972f7bc6aae896cd999c7bfdef03d14c013fbe14d2664cedbee82453ce9c0353142b5f8a2914572b1e59c072149b467a52979027666a0659c2e509dd6fd542d2410c42509ceca783d663c5c3813becb351d4a6f1602e40d047fedcbcdffad0c0b37f93bdce20ab98003cb718f613b6900aa252648e54d8b311ab249dfd548f5b60d2d8694f8aa1859b3c5c05f76d3f9b2de17a4a8328c7f5db363d9d161ad3de19b99781ce192ac0082d3b798d84f4bed0dd93ebdca87a6301c68ef57934f00089d3a2b943235633e22d3df2364917738a1cd3a3d3a16c682f087e5df2a7b91eb6fb6902ae15dcf48f5ca55d50015a9013fc9176cba5e37d75bc8d6a7cc72b8ad3fa2da84b31570d100499c7cafd1627c41bc0201f0954e8a8e26e876cd1b090af8d053735298d0d07a86e6d72988ad1f50a9897dc4382a9f6d5c651006e15dddc8951d543d0500adf8112de6767b075655b359407a9492e2076bd357592eda6479e6f37e55ce92024b4f791066f4e815ca5187caaf9870c10b1cdc7484d8f86185690f09c8af0fb222bc8f48e83837525f219cc7f2cef1b66bd392800103fc047dcc2dcfbb33fb4bfd2bd67dacbf66b80b6287f682b4c6b8c0d58cf4f9e3a9f69ea56f9e27e52cd21aab42f9f04eba3317f1927fbdd500e10acc508ff158346839d7e2ec004d9d25d5f785971940a329e89c89ee7575e34060ecdd5333071defcfd84abbf5787a5db4248e312b9f4955d3c767ec218e726fa2f46fbcd75dd6966efdac1ae06013cfcdbb62cb6be19ec96d883676995fb9e325a8c7bf5658806de9c8dd9ce0a7d1bea024c1aca7c1baaf3d5b0a68a8eb75996dc5ca3327dee4794d121d08cae66e2ca9c749c4956deeed5f5a341ae324a98185918c63d09c262acbc3f3190f224a555e133e2629eb7e21db87e075a92d4b3d02c0938c9d155c4816842a6b916b0c57f2c80ca53ecd39194eede230b3c9377b39c8f8d62ab9ca9eb2463e69003c34c9833165ed3063e4541bc5ee55ecb2164784648a1741e505c8609e868b29d52fb4a7ca2bc762ea0a127fdd7f14787faa5188afc8e74557213ec261b86a80227566141885b6a27ef42bc90e9615439ba996c5a47c22812ca7e790ff5b992185cc95438118d34e4e967863a93be631a7e20356b29b8d46fccc0d80feb218d368a8aeae7a7dc7d5005abf36013498fb177e2c8776cc8d1f606ef95217e0be7e18bd75e209427a05895b26354f140e9e1870fc52913d17e09f78e7beb3ce86b3b3f424086b68b5eb7dbb76d45441b7523ac1b7b2c423440886c946b7f9dc1e7baadb434f30a70908a46bb2fc70c5a4ff234d13c3c62065d31931b200426b38fe46cc82cab2d95fcb12ce95ef3910ed0270fe40e65fa6eac628c46abd2aceb604fb64390313ac734f793764e9fd6579591b8b9a87394a2dcb5fee88deadad3b4774cba87c5f2c75a6ab0f2da04a583b1e47da363ca00c7f9a4c7593d139acbefb6f6ec341079d6c713b5fbfd8237e186f2166d6619411092b82b7cf4f45953b33cfccb8fadc4ab5cde926b5a909ec288eb7a9089b8cceb1cef2ef299881bd2a107574325116a7f72d68b641c0ba04024df088606a51c619d7dc1fc924e269f46fb1e73db8b55da8f87e68e66ff52967e66d971acccf2bbf0d6beaa53eb2f1215e23f961dc7370cb05c23606a2c1628509f04448091964cee7ed1eb9c419788f8b6d50f7da0c8ab6d3c206910d345d4e5da8c751145616a9fbf13c9958e253200f4cc65c542486cfd5444aa0f29da078e44f3867f996a04989acc14de81468f7e465737e6394df89fa04793d75c1dd60047fef04717536562e7149c273dfb3587753115e67a18e3de27fa09158bf8e987011b7f227cc1fde527604bf5e5faea8ed9ed60ea18d5b74f4369437adcf590ebade205567c3c4900cef28e91761746d4b031dbe202143712fc31eb9382f9700c6b90b39d6cd382923d44f46401b5325871985cce1822514686d5483725fc89b9c51b43ef05342a3a5c58be8e4220dfdd08e1c46954a9600bf682b21a6734aec38dc4f80d8a8018f2b73bb881e8380e09ec76626524b93695842145408d82817a7fc6aa28818246a554ba9c544dcbb110252cccfbc7c0c0127b66711ee999aa55bd104792077698e569e8b019acebb1b22c0938898a09fa9eef45ebdbeadb9681b3279364484f9b2a22cb77980e0fadca6d102bab74ad40168fc0639fb84ccb6c97594f8be0d8c5565a7e95dbc26769393d54bba05d43f6e5889daeebdc4d907c479395e47ecba27d3e3be73e55a0ba18285879db493386b3c1c1cc9336f9c93b52539595e2da1ddbda556f0f2e5ed9270347d4d41733aaa648394286abf34c347eef0e760f38c51961f3ca4c8089afc6a680aaf1b3b09108dcc7b35f2d14a9bb47a97b7d263fb65f3af91c3a2649d5a62ad0fa19780a02ff8e1b57b422285cdd02727d07819646b45780c383672cd97c88f39"}], 0xd28}, 0x40000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

6.855305549s ago: executing program 0 (id=268):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @host}, 0x10)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000000100)={0x0, 0xea60}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0xffffffff}, 0x10)

5.416783s ago: executing program 0 (id=269):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000019340), 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), r4)
sendmsg$TIPC_NL_NET_SET(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000740)={0x34, r5, 0x1, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3a}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000019380)={{0x2, 0x3, 0x2, 0x1, 0x5}, 0xb, 0x7fffffff, 'id1\x00', 'timer0\x00', 0x0, 0x10, 0xf, 0x401, 0x7})

4.541459381s ago: executing program 2 (id=270):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil)
r5 = shmat(r4, &(0x7f0000ffd000/0x2000)=nil, 0x6000)
shmat(r4, &(0x7f0000d6f000/0x3000)=nil, 0x6000)
shmdt(r5)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfffffc99}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000)
listen(r3, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="12000000040000"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r3}, 0x20)
sendmmsg$inet6(r3, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x56, 0x10)

4.49593461s ago: executing program 3 (id=271):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x80c4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
epoll_create1(0x0)
writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
r3 = io_uring_setup(0x7a76, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x4, 0x4, 0x3e0, 0xffffffff, 0x0, 0x1f8, 0x1f8, 0xfeffffff, 0xffffffff, 0x310, 0x310, 0x310, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @loopback, [0xffffffff, 0xff000000, 0x0, 0xffffff00], [0xffffff00, 0xff, 0xffffffff, 0xff], 'wlan1\x00', 'erspan0\x00', {}, {0xff}, 0x3b, 0x3, 0x4, 0x5}, 0x2f2, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x2, 0x1, [0x0, 0xe3c1, 0x2, 0x6, 0xfffa, 0x6, 0x3, 0x4, 0x1, 0xfffb, 0x0, 0x9, 0x18, 0xef, 0x5e6d, 0x3], 0x4}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x2}}}, {{@ipv6={@mcast1, @loopback, [0x0, 0xffffff00, 0xff000000, 0xff], [0x0, 0x0, 0xff000000, 0xffffff00], 'veth1_to_bond\x00', 'wlan0\x00', {0x873054bc4ee3b02d}, {0xff}, 0x89, 0xb8, 0x5, 0x24}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x0, 0x4}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0x1, 0x2}, 0xe25, 0x664}}}, {{@uncond, 0x0, 0xd8, 0x118, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0xe}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x80, 0x3d, "52a7c9017ed5048ad31b0477f146377ff2b6d287373519532f5bff53ee26"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440)

4.419677008s ago: executing program 0 (id=272):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2b, 0x801, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

4.245229697s ago: executing program 4 (id=273):
socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x80c4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
epoll_create1(0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x80080)
r2 = io_uring_setup(0x7a76, &(0x7f0000000180)={0x0, 0xaefa, 0x0, 0x40})
r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

3.200531006s ago: executing program 1 (id=274):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
setgroups(0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f00000000c0)={0xa, {0x4, 0x3, 0x1, 0x401}, {0x0, 0x2, 0x4, 0x1000}, {0xa47, 0x5}})

2.302912695s ago: executing program 4 (id=275):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
listen(0xffffffffffffffff, 0xda90)
socket$netlink(0x10, 0x3, 0x0)

2.203256756s ago: executing program 3 (id=276):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xf, 0x0, &(0x7f0000001a40)="c1dfb080cd217b283fd3080986dd88", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.893307053s ago: executing program 0 (id=277):
epoll_create(0x3)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
epoll_create1(0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)

1.873343786s ago: executing program 2 (id=278):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080))
setitimer(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000080)={[{@orlov}, {@usrjquota}]}, 0x3, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x1)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./bus\x00', 0x0, 0x1c10, 0x0)
r0 = open(&(0x7f0000000400)='./bus\x00', 0xc40, 0x0)
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
lsetxattr$security_capability(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080), &(0x7f0000000000)=@v3={0x3000000, [{0x7fffffff, 0xabda}, {0x3, 0x2}], 0xee00}, 0x18, 0x1)
open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc)

833.022253ms ago: executing program 3 (id=279):
socket$inet6(0xa, 0x80002, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x240000, 0x0)
ioctl$PPPIOCSPASS(r9, 0x40107447, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r10, 0x0, 0x0)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r12 = socket$inet_udp(0x2, 0x2, 0x0)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r12], 0x78}}, 0x0)
bind$inet(r12, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r14 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r14, 0x8914, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=@newqdisc={0x4c, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfa, {0x0, 0x0, 0x0, r4, {0x4}, {0xffff, 0xffff}, {0xe, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x1c, 0x2, [@TCA_FQ_PIE_BETA={0x8, 0x6, 0xb}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0xc}, @TCA_FQ_PIE_DQ_RATE_ESTIMATOR={0x8, 0xc, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
close_range(r0, 0xffffffffffffffff, 0x0)

225.30059ms ago: executing program 4 (id=280):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_gettime(0x6, &(0x7f0000000000))

0s ago: executing program 0 (id=281):
r0 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r0, 0x114, 0x271b, &(0x7f0000000440)=""/102392, &(0x7f00000000c0)=0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x2e}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x2000c000)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000200), 0x21)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$packet(0x11, 0x3, 0x300)
close(r3)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
futex_waitv(&(0x7f0000001480)=[{0x2, 0x0, 0x82}], 0x1, 0x0, &(0x7f00000014c0)={0x77359400}, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000400)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]})
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200088e, &(0x7f0000000280)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@nombcache}, {@nogrpid}]}, 0x3, 0x448, &(0x7f0000000780)="$eJzs279vG1UcAPDv2UlKf5FQlR/9AQQKoghImrSUDixFIDGAhARDGUOSVqVuA02QaFVBQKiMqBITC2LnL2CCBQETEivsqFKEsrQwGZ19lziO7capE6fx5yOd+57vue/79d2z392LA+hZw+lDErEnIv6MiMFqdWWD4eo/txevTf67eG0yiXL57X+SSrtbi9cm86b563bnlb6IwhdJHGrQ7+yVqxcmSqXpy1l9dO7iB6OzV66+cP7ixLnpc9OXxk+dOnF87KWT4y92JM80r1sHP5k5fOD1d2+8OXnmxnu/fp/k+dfl0SHDrXY+XS53uLvu2ltTTvq6GAhtKVaHafRXxv9gFGP54A3Ga593NThgQ5XL5fJDzXfPl4FtLIluRwB0R/5Fn17/5tsmTT22hIXT1QugNO/b2Vbd0xeFrE1/3fVtJw1HxJn5/75Nt9iY+xAAACv8mM5/nm80/ytE7X2h+7M1lKGIeCAi9kXEyYjYHxEPRlTaPhwRj7TZf/0iyer5T+HmuhJbo4XTH8bL2drWyvlfPvuLoWJW21vJvz85e740fSx7T45G/460Ptaij59e/eOrZvtq53/plvafzwWzOG727Vj5mqmJuYm7ybnWwmcRB/sa5Z8srQQkEXEgIg6us4/zxTjcbN+d82+hA+tM5e8inqke//moyz+XtF6fHL0vStPHRvOzYrXffr/+VrP+7yr/DkiP/66G5/9S/kNJ7XrtbDv/+zfPpo/X//qy6TXNes//geSd5REaER9PzM1dHosYSN6oBl37/Hhdu/Hl9mn+R480Hv/7YvmdOBRROYkfjYjHIuLxLPYnIuLJiDjS4l345ZWn3l9//hsrzX+qreO/XBiI+mcaF4oXfv5hRadD7eSfHv8TldLR7Jm1fP6tJa52z2YAAAC4VxUiYk8khZGlcqEwMlL9G/79satQmpmde+7szEeXpqq/ERiK/kJ+p2uw5n7oWHZZn9fH6+rHs/vGXxd3VuojkzOlqW4nDz1ud5Pxn/q72O3ogA23eh3NyIde4fea0LuMf+hdxj/0rgbjf2c34gA2X6Pv/0+7EAew+erGv5v/0ENc/0PvWs/495kB20PLsTyweXEAm2p2Z9z5R/L3dmHH1ghjuxWisCXCUNigQrc/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj/wAAAP//bW3m1Q==")

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.219' (ED25519) to the list of known hosts.
[   66.635157][ T5809] cgroup: Unknown subsys name 'net'
[   66.729919][ T5809] cgroup: Unknown subsys name 'cpuset'
[   66.738436][ T5809] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   68.128832][ T5809] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   70.137023][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.145820][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.154920][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.154932][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.156335][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.164519][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.170425][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.176958][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.186774][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.207567][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.228497][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.238813][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.246930][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.255507][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.263295][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.288433][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   70.301312][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   70.312682][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   70.321977][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   70.329600][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   70.338423][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   70.346337][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   70.355861][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   70.364194][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   70.364307][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   70.975394][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   71.044876][ T5820] chnl_net:caif_netlink_parms(): no params data found
[   71.137587][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   71.214375][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   71.271412][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   71.361879][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[   71.368976][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[   71.403564][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.411899][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.419274][ T5830] bridge_slave_0: entered allmulticast mode
[   71.426979][ T5830] bridge_slave_0: entered promiscuous mode
[   71.483033][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.490778][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.498151][ T5830] bridge_slave_1: entered allmulticast mode
[   71.505577][ T5830] bridge_slave_1: entered promiscuous mode
[   71.513661][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.521042][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.528413][ T5820] bridge_slave_0: entered allmulticast mode
[   71.535951][ T5820] bridge_slave_0: entered promiscuous mode
[   71.549715][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.557046][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.564525][ T5821] bridge_slave_0: entered allmulticast mode
[   71.572398][ T5821] bridge_slave_0: entered promiscuous mode
[   71.596359][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.604603][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.612008][ T5820] bridge_slave_1: entered allmulticast mode
[   71.619580][ T5820] bridge_slave_1: entered promiscuous mode
[   71.632947][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.640290][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.647917][ T5821] bridge_slave_1: entered allmulticast mode
[   71.655313][ T5821] bridge_slave_1: entered promiscuous mode
[   71.686072][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.756589][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.792107][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.828433][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.837931][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.845222][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.853002][ T5834] bridge_slave_0: entered allmulticast mode
[   71.860997][ T5834] bridge_slave_0: entered promiscuous mode
[   71.872287][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.881745][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.889180][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.896446][ T5833] bridge_slave_0: entered allmulticast mode
[   71.903909][ T5833] bridge_slave_0: entered promiscuous mode
[   71.928896][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.951049][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.958423][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.965640][ T5834] bridge_slave_1: entered allmulticast mode
[   71.973357][ T5834] bridge_slave_1: entered promiscuous mode
[   71.990236][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.997732][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.004949][ T5833] bridge_slave_1: entered allmulticast mode
[   72.012774][ T5833] bridge_slave_1: entered promiscuous mode
[   72.025523][ T5830] team0: Port device team_slave_0 added
[   72.079487][ T5830] team0: Port device team_slave_1 added
[   72.087976][ T5820] team0: Port device team_slave_0 added
[   72.107294][ T5821] team0: Port device team_slave_0 added
[   72.137805][ T5820] team0: Port device team_slave_1 added
[   72.148162][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.160660][ T5821] team0: Port device team_slave_1 added
[   72.170311][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.205845][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.229447][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.237545][ T5829] Bluetooth: hci0: command tx timeout
[   72.239836][ T5147] Bluetooth: hci1: command tx timeout
[   72.262933][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.270034][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.295997][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.316541][ T5147] Bluetooth: hci2: command tx timeout
[   72.355639][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.362651][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.388722][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.399356][ T5147] Bluetooth: hci4: command tx timeout
[   72.406698][ T5147] Bluetooth: hci3: command tx timeout
[   72.411828][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.419174][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.445226][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.468469][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.475429][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.501535][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.515524][ T5833] team0: Port device team_slave_0 added
[   72.525648][ T5833] team0: Port device team_slave_1 added
[   72.534657][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.541710][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.567915][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.581812][ T5834] team0: Port device team_slave_0 added
[   72.589520][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.596552][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.622718][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.669886][ T5834] team0: Port device team_slave_1 added
[   72.696227][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.703476][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.729472][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.777377][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.784366][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.810344][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.850155][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.857187][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.883359][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.900191][ T5830] hsr_slave_0: entered promiscuous mode
[   72.907285][ T5830] hsr_slave_1: entered promiscuous mode
[   72.940154][ T5820] hsr_slave_0: entered promiscuous mode
[   72.947216][ T5820] hsr_slave_1: entered promiscuous mode
[   72.953849][ T5820] debugfs: 'hsr0' already exists in 'hsr'
[   72.960177][ T5820] Cannot create hsr debugfs directory
[   72.967546][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.974493][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.000783][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.033741][ T5821] hsr_slave_0: entered promiscuous mode
[   73.040586][ T5821] hsr_slave_1: entered promiscuous mode
[   73.047672][ T5821] debugfs: 'hsr0' already exists in 'hsr'
[   73.053431][ T5821] Cannot create hsr debugfs directory
[   73.129340][ T5833] hsr_slave_0: entered promiscuous mode
[   73.136105][ T5833] hsr_slave_1: entered promiscuous mode
[   73.142897][ T5833] debugfs: 'hsr0' already exists in 'hsr'
[   73.148848][ T5833] Cannot create hsr debugfs directory
[   73.272535][ T5834] hsr_slave_0: entered promiscuous mode
[   73.281371][ T5834] hsr_slave_1: entered promiscuous mode
[   73.288459][ T5834] debugfs: 'hsr0' already exists in 'hsr'
[   73.294219][ T5834] Cannot create hsr debugfs directory
[   73.867026][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   73.880983][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   73.891664][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   73.914312][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   73.990720][ T5820] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   74.011051][ T5820] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.025594][ T5820] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.039650][ T5820] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.143386][ T5821] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   74.156097][ T5821] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   74.179898][ T5821] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   74.191026][ T5821] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   74.317096][ T5147] Bluetooth: hci1: command tx timeout
[   74.317495][ T5829] Bluetooth: hci0: command tx timeout
[   74.334837][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   74.347226][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   74.360279][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   74.371403][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   74.396636][ T5829] Bluetooth: hci2: command tx timeout
[   74.459384][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.477163][ T5829] Bluetooth: hci3: command tx timeout
[   74.478024][ T5147] Bluetooth: hci4: command tx timeout
[   74.523540][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   74.553872][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.561297][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   74.583587][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   74.595412][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   74.649565][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   74.692952][  T170] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.700676][  T170] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.713991][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   74.743562][  T170] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.750744][  T170] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.782289][  T170] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.789473][  T170] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.816328][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.823493][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.886976][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.003845][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.015702][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   75.069330][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.076582][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.133473][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   75.155308][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.162575][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.210784][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.218045][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.272340][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.279592][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.360288][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.463138][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   75.482657][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.498709][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.547927][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.555181][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.566025][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.573287][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.868883][ T5830] veth0_vlan: entered promiscuous mode
[   75.883830][ T5820] veth0_vlan: entered promiscuous mode
[   75.922734][ T5820] veth1_vlan: entered promiscuous mode
[   75.948375][ T5830] veth1_vlan: entered promiscuous mode
[   75.996298][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.036316][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.162038][ T5820] veth0_macvtap: entered promiscuous mode
[   76.182018][ T5830] veth0_macvtap: entered promiscuous mode
[   76.214457][ T5830] veth1_macvtap: entered promiscuous mode
[   76.234644][ T5820] veth1_macvtap: entered promiscuous mode
[   76.281341][ T5821] veth0_vlan: entered promiscuous mode
[   76.311102][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.327437][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.365837][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.381162][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.391838][ T5833] veth0_vlan: entered promiscuous mode
[   76.396737][ T5147] Bluetooth: hci1: command tx timeout
[   76.403385][ T5147] Bluetooth: hci0: command tx timeout
[   76.421026][ T5821] veth1_vlan: entered promiscuous mode
[   76.458437][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.471795][  T114] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.483366][ T5147] Bluetooth: hci2: command tx timeout
[   76.509792][  T114] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.521172][  T114] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.543697][  T114] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.554750][ T5833] veth1_vlan: entered promiscuous mode
[   76.556669][ T5147] Bluetooth: hci4: command tx timeout
[   76.562317][ T5829] Bluetooth: hci3: command tx timeout
[   76.628444][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.643335][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.689355][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.699084][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.821891][ T5821] veth0_macvtap: entered promiscuous mode
[   76.861006][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.870433][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.884011][ T5821] veth1_macvtap: entered promiscuous mode
[   76.902389][ T5833] veth0_macvtap: entered promiscuous mode
[   76.941159][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.954703][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.976957][ T5833] veth1_macvtap: entered promiscuous mode
[   77.020923][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.029686][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.064079][ T5834] veth0_vlan: entered promiscuous mode
[   77.085143][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.102881][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.112802][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.124639][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.150674][ T5834] veth1_vlan: entered promiscuous mode
[   77.166577][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.185663][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.213568][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.223623][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.233926][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.263079][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.272127][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.301108][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.322638][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.343553][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.407020][  T114] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.460161][   T29] audit: type=1800 audit(1773213601.890:2): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[   77.516829][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   77.727241][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   77.832391][ T5834] veth0_macvtap: entered promiscuous mode
[   77.937587][    T9] usb 2-1: Using ep0 maxpacket: 16
[   78.010009][    T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[   78.021536][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.032632][    T9] usb 2-1: Product: syz
[   78.038478][    T9] usb 2-1: Manufacturer: syz
[   78.048741][    T9] usb 2-1: SerialNumber: syz
[   78.395057][ T5834] veth1_macvtap: entered promiscuous mode
[   78.521626][ T5829] Bluetooth: hci0: command tx timeout
[   78.522914][ T5147] Bluetooth: hci1: command tx timeout
[   78.557456][ T5147] Bluetooth: hci2: command tx timeout
[   78.638259][ T5147] Bluetooth: hci4: command tx timeout
[   78.654089][ T5829] Bluetooth: hci3: command tx timeout
[   78.927361][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.039911][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.048597][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.058241][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.088556][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.100700][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.121234][  T114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.131911][  T114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.174955][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.254634][   T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.263888][   T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.282076][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.291780][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.300868][   T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.313079][   T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.333185][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.344332][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.448794][    T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71
[   79.469419][ T5955] Zero length message leads to an empty skb
[   79.470929][    T9] usb 2-1: USB disconnect, device number 2
[   79.798189][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.858093][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.865001][ T5962] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   80.362770][  T114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.381949][  T114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.958190][ T5973] loop0: detected capacity change from 0 to 2048
[   81.036870][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   81.045396][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   81.094049][ T5973] EXT4-fs warning (device loop0): ext4_init_metadata_csum:4649: metadata_csum and uninit_bg are redundant flags; please run fsck.
[   81.108569][ T5973] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[   81.278131][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   81.287112][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.295412][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.304012][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.738960][ T5974] syzkaller1: entered promiscuous mode
[   81.798853][ T5974] syzkaller1: entered allmulticast mode
[   83.764057][ T5987] syz.4.5 (5987): drop_caches: 2
[   88.104943][   T10] cfg80211: failed to load regulatory.db
[   88.497492][ T6012] =======================================================
[   88.497492][ T6012] WARNING: The mand mount option has been deprecated and
[   88.497492][ T6012]          and is ignored by this kernel. Remove the mand
[   88.497492][ T6012]          option from the mount to silence this warning.
[   88.497492][ T6012] =======================================================
[   88.535498][ T6012] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   88.545129][ T6012] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   88.594587][ T6012] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[   88.602804][ T6012] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[   88.611468][ T6012] overlayfs: d_ino too big (5, ino=9223372036854775848, xinobits=3)
[   88.619884][ T6012] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[   88.629847][ T6012] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[   88.641691][ T6012] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[   88.650864][ T6012] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[   88.659669][ T6012] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[   88.668911][ T6012] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[   88.677708][ T6012] overlayfs: d_ino too big (kernel, ino=4611686018427389298, xinobits=3)
[   90.697204][ T6029] loop1: detected capacity change from 0 to 128
[   90.881317][ T6031] syz.4.25 uses obsolete (PF_INET,SOCK_PACKET)
[   90.944420][   T29] audit: type=1800 audit(90.898:3): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.24" name="file1" dev="loop1" ino=1048606 res=0 errno=0
[   91.049643][ T6032] syz.1.24: attempt to access beyond end of device
[   91.049643][ T6032] loop1: rw=2049, sector=234, nr_sectors = 8 limit=128
[   91.068785][ T6032] syz.1.24: attempt to access beyond end of device
[   91.068785][ T6032] loop1: rw=2049, sector=242, nr_sectors = 6 limit=128
[   91.228871][ T6037] loop3: detected capacity change from 0 to 256
[   91.236478][ T6037] vfat: Unknown parameter 's!$ފhortname'
[   91.267388][ T6032] syz.1.24: attempt to access beyond end of device
[   91.267388][ T6032] loop1: rw=8390657, sector=246, nr_sectors = 2 limit=128
[   91.289400][ T6029] syz.1.24: attempt to access beyond end of device
[   91.289400][ T6029] loop1: rw=2049, sector=138, nr_sectors = 96 limit=128
[   91.303269][ T6032] Buffer I/O error on dev loop1, logical block 123, lost async page write
[   91.925973][ T6032] syz.1.24: attempt to access beyond end of device
[   91.925973][ T6032] loop1: rw=8390657, sector=248, nr_sectors = 2 limit=128
[   91.991417][ T6032] Buffer I/O error on dev loop1, logical block 124, lost async page write
[   95.727239][ T6053] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   95.737238][ T6053] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   96.111505][ T6053] ovl_remap_lower_ino: 8 callbacks suppressed
[   96.111517][ T6053] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[   96.125648][ T6053] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[   96.133900][ T6053] overlayfs: d_ino too big (4, ino=9223372036854775843, xinobits=3)
[   96.142203][ T6053] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[   96.151066][ T6053] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[   96.160211][ T6053] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[   96.168606][ T6053] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[   96.177335][ T6053] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[   96.185895][ T6053] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[   96.194613][ T6053] overlayfs: d_ino too big (kernel, ino=4611686018427389298, xinobits=3)
[   96.314263][ T6055] binder: 6051:6055 ioctl c0306201 0 returned -14
[   98.007489][ T6077] overlayfs: missing 'workdir'
[   98.146287][ T6073] xt_l2tp: missing protocol rule (udp|l2tpip)
[   98.334693][ T6084] netlink: 68 bytes leftover after parsing attributes in process `syz.0.43'.
[   98.393974][ T6087] loop1: detected capacity change from 0 to 512
[   98.409776][ T6084] tipc: Started in network mode
[   98.430011][ T6087] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   98.443908][ T6084] tipc: Node identity ac14140f, cluster identity 4711
[   98.465816][ T6087] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   98.482696][ T6084] tipc: Enabled bearer <udp:syz2>, priority 10
[   98.513883][ T6087] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[   98.523333][ T6087] System zones: 1-12
[   98.575783][ T6087] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   98.685034][ T6095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.45'.
[   98.687767][ T6087] EXT4-fs (loop1): 1 truncate cleaned up
[   98.730300][ T6087] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.512792][ T6106] loop2: detected capacity change from 0 to 256
[   99.521937][ T6106] vfat: Unknown parameter 's!$ފhortname'
[   99.608893][   T10] tipc: Node number set to 2886997007
[   99.775161][ T6110] xt_connbytes: Forcing CT accounting to be enabled
[   99.782140][ T6110] Cannot find set identified by id 1 to match
[  100.352019][ T5830] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.568308][ T6113] fuse: Unknown parameter 'user_id00000000000000000000'
[  101.483422][ T6118] overlayfs: missing 'workdir'
[  102.854202][ T6124] tipc: Started in network mode
[  102.913335][ T6124] tipc: Node identity fe99b98c66a, cluster identity 4711
[  102.921308][ T6124] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  102.975966][ T6138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.56'.
[  102.995010][ T6124] syzkaller0: entered promiscuous mode
[  103.028012][ T6124] syzkaller0: entered allmulticast mode
[  103.119609][ T6139] xt_l2tp: missing protocol rule (udp|l2tpip)
[  103.220097][ T6123] tipc: Resetting bearer <eth:syzkaller0>
[  104.343528][ T6123] tipc: Disabling bearer <eth:syzkaller0>
[  104.765885][ T6161] fuse: Unknown parameter 'user_id00000000000000000000'
[  104.840672][ T5904] tipc: Node number set to 2553919884
[  106.377472][ T6169] overlayfs: missing 'workdir'
[  106.463206][ T6177] netlink: 12 bytes leftover after parsing attributes in process `syz.1.68'.
[  106.858257][   T29] audit: type=1800 audit(106.818:4): pid=6186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.72" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  107.189771][ T6188] xt_l2tp: missing protocol rule (udp|l2tpip)
[  107.966939][ T6195] loop0: detected capacity change from 0 to 256
[  107.975837][ T6195] vfat: Unknown parameter 's!$ފhortname'
[  109.445097][ T6212] fuse: Bad value for 'fd'
[  111.258071][ T6226] loop2: detected capacity change from 0 to 40427
[  111.327682][ T6226] F2FS-fs (loop2): build fault injection rate: 771
[  111.666463][ T6226] F2FS-fs (loop2): invalid crc value
[  111.791800][ T6232] xt_l2tp: missing protocol rule (udp|l2tpip)
[  111.799384][ T6226] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  111.830081][ T6226] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  114.089003][ T6263] fuse: Bad value for 'fd'
[  114.195677][ T6264] loop3: detected capacity change from 0 to 256
[  114.202897][ T6264] vfat: Unknown parameter 's!$ފhortname'
[  117.086764][ T6288] loop0: detected capacity change from 0 to 40427
[  117.097420][ T6288] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  117.105807][ T6288] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  117.124668][   T29] audit: type=1800 audit(117.076:5): pid=6286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.93" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  117.286804][ T6288] F2FS-fs (loop0): invalid crc value
[  117.662107][ T6288] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  117.853491][ T6288] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  117.860735][ T6288] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  119.582086][ T6308] loop3: detected capacity change from 0 to 40427
[  119.666117][ T6308] F2FS-fs (loop3): build fault injection rate: 771
[  119.679117][ T6308] F2FS-fs (loop3): invalid crc value
[  120.054079][ T6308] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  120.081257][ T6308] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  120.531692][ T6313] loop2: detected capacity change from 0 to 1024
[  120.539118][ T6313] EXT4-fs: Ignoring removed orlov option
[  120.617148][ T6313] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.827855][ T6325] fuse: Bad value for 'fd'
[  121.689589][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.269221][ T6334] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  122.308131][ T6334] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  122.474436][ T6334] ovl_remap_lower_ino: 8 callbacks suppressed
[  122.474481][ T6334] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  122.489599][ T6334] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  122.501309][ T6334] overlayfs: d_ino too big (23, ino=9223372036854775949, xinobits=3)
[  122.530311][ T6334] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  122.540829][ T6334] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  122.552277][ T6334] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[  122.567228][ T6334] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[  122.579395][ T6334] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[  122.591645][ T6334] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[  122.604144][ T6334] overlayfs: d_ino too big (kernel, ino=4611686018427389298, xinobits=3)
[  123.406364][ T6339] loop4: detected capacity change from 0 to 256
[  123.415285][ T6339] vfat: Unknown parameter 's!$ފhortname'
[  123.505994][ T6338] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.110'.
[  125.763353][ T6363] loop3: detected capacity change from 0 to 40427
[  126.559715][ T6363] F2FS-fs (loop3): build fault injection rate: 771
[  126.625776][ T6363] F2FS-fs (loop3): invalid crc value
[  127.249372][ T6363] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  127.263314][ T6363] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  128.498972][ T6376] fuse: Unknown parameter '0x0000000000000005'
[  128.912110][ T6377] loop0: detected capacity change from 0 to 1024
[  128.919469][ T6377] EXT4-fs: Ignoring removed orlov option
[  128.968994][ T6377] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.211395][ T6386] loop1: detected capacity change from 0 to 40427
[  129.223825][ T6386] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  129.231816][ T6386] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  129.242741][ T6386] F2FS-fs (loop1): invalid crc value
[  129.303446][ T6386] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  129.316132][ T6386] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  129.323283][ T6386] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  129.930659][ T5820] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.186258][ T6402] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.236170][ T6402] tipc: Resetting bearer <eth:syzkaller0>
[  130.964576][ T6401] tipc: Disabling bearer <eth:syzkaller0>
[  131.020986][ T6413] loop3: detected capacity change from 0 to 256
[  131.028921][ T6413] vfat: Unknown parameter 's!$ފhortname'
[  131.526080][ T6421] fuse: Unknown parameter '0x0000000000000005'
[  133.099295][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  133.106695][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  134.025029][ T6444] Bluetooth: MGMT ver 1.23
[  134.690295][ T6448] loop1: detected capacity change from 0 to 1024
[  134.704133][ T6448] EXT4-fs: Ignoring removed orlov option
[  134.747003][ T6448] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.857085][ T5830] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.191378][ T6464] fuse: Unknown parameter '0x0000000000000005'
[  136.240558][ T6468] loop3: detected capacity change from 0 to 40427
[  136.588810][ T6468] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  136.597471][ T6468] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  136.607025][ T6468] F2FS-fs (loop3): invalid crc value
[  136.670363][ T6468] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  136.684946][ T6468] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  136.692890][ T6468] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  136.834847][ T6477] xt_l2tp: missing protocol rule (udp|l2tpip)
[  139.399410][ T6503] loop0: detected capacity change from 0 to 1024
[  139.409476][ T6503] EXT4-fs: Ignoring removed orlov option
[  140.621540][ T6503] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.848252][ T5820] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.093239][ T6522] xt_l2tp: missing protocol rule (udp|l2tpip)
[  141.201739][ T6527] fuse: Unknown parameter '0x0000000000000005'
[  142.267980][ T6531] syzkaller0: entered promiscuous mode
[  142.284437][ T6531] syzkaller0: entered allmulticast mode
[  143.618917][ T6547] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  143.752961][ T6549] macvlan2: entered promiscuous mode
[  143.774561][ T6549] macvlan2: entered allmulticast mode
[  143.800036][ T6549] bond1: entered promiscuous mode
[  143.812982][ T6549] bridge1: entered promiscuous mode
[  143.842943][ T6549] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  143.875926][ T6549] bond1: left promiscuous mode
[  143.885651][ T6549] bridge1: left promiscuous mode
[  144.860421][ T6557] loop0: detected capacity change from 0 to 1024
[  144.867717][ T6557] EXT4-fs: Ignoring removed orlov option
[  144.925381][ T6557] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.734188][ T5820] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.736128][ T6574] xt_l2tp: missing protocol rule (udp|l2tpip)
[  146.280433][ T6578] loop1: detected capacity change from 0 to 40427
[  146.312914][ T6578] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  146.321649][ T6578] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  146.336644][ T6578] F2FS-fs (loop1): invalid crc value
[  146.443084][ T6578] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  146.462984][ T6578] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  146.471009][ T6578] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  146.552425][ T6582] fuse: Unknown parameter '0x0000000000000005'
[  149.410247][ T6612] netlink: 16 bytes leftover after parsing attributes in process `syz.0.179'.
[  150.182749][ T6620] loop2: detected capacity change from 0 to 1024
[  150.209572][ T6620] EXT4-fs: Ignoring removed orlov option
[  150.272328][ T6620] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.768807][ T6627] xt_l2tp: missing protocol rule (udp|l2tpip)
[  151.780023][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.379862][ T6640] fuse: Unknown parameter '0x0000000000000005'
[  155.343790][ T6668] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  155.379802][ T6668] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  155.509830][ T6668] ovl_remap_lower_ino: 8 callbacks suppressed
[  155.509954][ T6668] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  155.524815][ T6668] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  155.541574][ T6668] overlayfs: d_ino too big (30, ino=9223372036854775984, xinobits=3)
[  155.553382][ T6668] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  155.564223][ T6668] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  155.575662][ T6668] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[  155.599426][ T6668] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[  155.610695][ T6668] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[  155.621654][ T6668] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[  155.632892][ T6668] overlayfs: d_ino too big (kernel, ino=4611686018427389298, xinobits=3)
[  156.380754][ T6666] xt_l2tp: missing protocol rule (udp|l2tpip)
[  156.538359][ T6673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.196'.
[  156.978989][ T6681] fuse: Unknown parameter 'fd0x0000000000000005'
[  160.695497][ T6712] xt_l2tp: missing protocol rule (udp|l2tpip)
[  161.705949][ T6722] fuse: Unknown parameter 'fd0x0000000000000005'
[  162.882849][ T6724] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  164.194242][ T6734] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  164.376998][ T6751] tipc: Started in network mode
[  164.416178][ T6751] tipc: Node identity 3a, cluster identity 511
[  164.429810][ T6754] xt_l2tp: missing protocol rule (udp|l2tpip)
[  164.486854][ T6751] tipc: Node number set to 58
[  164.528441][ T6757] netlink: 16 bytes leftover after parsing attributes in process `syz.2.222'.
[  169.971459][ T6800] xt_l2tp: missing protocol rule (udp|l2tpip)
[  171.502019][ T6808] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  171.724758][ T6818] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  175.986230][ T6857] xt_l2tp: missing protocol rule (udp|l2tpip)
[  176.011323][ T6843] loop2: detected capacity change from 0 to 4096
[  176.074373][ T6843] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  176.171497][ T6843] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  181.452655][ T6905] xt_l2tp: missing protocol rule (udp|l2tpip)
[  184.672317][ T6935] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  184.681148][ T6935] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  184.692856][ T6935] ovl_remap_lower_ino: 8 callbacks suppressed
[  184.692868][ T6935] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  184.708037][ T6935] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  184.716758][ T6935] overlayfs: d_ino too big (45, ino=9223372036854776072, xinobits=3)
[  184.726069][ T6935] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  184.735573][ T6935] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  184.747249][ T6935] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[  184.755911][ T6935] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[  184.766599][ T6935] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[  184.775334][ T6935] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[  184.792952][ T6935] overlayfs: d_ino too big (kernel, ino=4611686018427389298, xinobits=3)
[  188.467320][ T6954] xt_l2tp: missing protocol rule (udp|l2tpip)
[  189.027808][ T6964] syz.2.278 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  189.516608][ T6966] loop2: detected capacity change from 0 to 1024
[  189.673242][ T6966] EXT4-fs: Ignoring removed orlov option
[  190.502003][ T6969] netlink: 64 bytes leftover after parsing attributes in process `syz.3.279'.
[  190.701281][ T6966] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.768703][   T29] audit: type=1800 audit(190.724:6): pid=6964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.278" name="bus" dev="loop2" ino=18 res=0 errno=0
[  191.074008][ T6964] Trying to write to read-only block-device loop2
[  191.082971][ T6977] ==================================================================
[  191.091078][ T6977] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x3170/0x4280
[  191.099052][ T6977] Read of size 4 at addr ffff888050659c18 by task syz.2.278/6977
[  191.106777][ T6977] 
[  191.109107][ T6977] CPU: 0 UID: 0 PID: 6977 Comm: syz.2.278 Not tainted syzkaller #0 PREEMPT(full) 
[  191.109125][ T6977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  191.109134][ T6977] Call Trace:
[  191.109145][ T6977]  <TASK>
[  191.109151][ T6977]  dump_stack_lvl+0xe8/0x150
[  191.109172][ T6977]  print_address_description+0x55/0x1e0
[  191.109187][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  191.109199][ T6977]  print_report+0x58/0x70
[  191.109211][ T6977]  kasan_report+0x117/0x150
[  191.109221][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  191.109234][ T6977]  ext4_ext_remove_space+0x3170/0x4280
[  191.109248][ T6977]  ? __es_remove_extent+0x13d3/0x1da0
[  191.109267][ T6977]  ? __pfx_ext4_ext_remove_space+0x10/0x10
[  191.109279][ T6977]  ? ext4_es_remove_extent+0x2a7/0x4c0
[  191.109293][ T6977]  ext4_ext_truncate+0x17e/0x2f0
[  191.109312][ T6977]  ext4_truncate+0xb63/0x13b0
[  191.109326][ T6977]  ? unmap_mapping_range+0xe6/0x180
[  191.109339][ T6977]  ? __pfx_ext4_truncate+0x10/0x10
[  191.109355][ T6977]  ext4_setattr+0x106e/0x1c60
[  191.109368][ T6977]  ? __pfx_ext4_setattr+0x10/0x10
[  191.109378][ T6977]  notify_change+0xc1a/0xf40
[  191.109391][ T6977]  do_truncate+0x1c2/0x250
[  191.109407][ T6977]  ? __pfx_do_truncate+0x10/0x10
[  191.109425][ T6977]  ? apparmor_file_truncate+0x39f/0x470
[  191.109440][ T6977]  path_openat+0x2f89/0x3860
[  191.109458][ T6977]  ? __pfx_stack_trace_save+0x10/0x10
[  191.109471][ T6977]  ? stack_depot_save_flags+0x33/0x810
[  191.109488][ T6977]  ? __pfx_path_openat+0x10/0x10
[  191.109502][ T6977]  ? __x64_sys_open+0x11e/0x150
[  191.109513][ T6977]  ? do_syscall_64+0x14d/0xf80
[  191.109522][ T6977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.109534][ T6977]  ? __lock_acquire+0x6b5/0x2cf0
[  191.109550][ T6977]  do_file_open+0x23e/0x4a0
[  191.109565][ T6977]  ? __pfx_do_file_open+0x10/0x10
[  191.109583][ T6977]  ? _raw_spin_unlock+0x28/0x50
[  191.109596][ T6977]  ? alloc_fd+0x64b/0x6c0
[  191.109610][ T6977]  do_sys_openat2+0x113/0x200
[  191.109622][ T6977]  ? __pfx_do_sys_openat2+0x10/0x10
[  191.109633][ T6977]  ? kfree+0x4d/0x640
[  191.109647][ T6977]  ? __pfx_kcov_ioctl+0x10/0x10
[  191.109659][ T6977]  __x64_sys_open+0x11e/0x150
[  191.109671][ T6977]  do_syscall_64+0x14d/0xf80
[  191.109680][ T6977]  ? trace_irq_disable+0x3b/0x150
[  191.109691][ T6977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.109701][ T6977]  ? clear_bhb_loop+0x40/0x90
[  191.109711][ T6977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.109721][ T6977] RIP: 0033:0x7eff2939c799
[  191.109737][ T6977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  191.109745][ T6977] RSP: 002b:00007eff275b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  191.109760][ T6977] RAX: ffffffffffffffda RBX: 00007eff29616180 RCX: 00007eff2939c799
[  191.109768][ T6977] RDX: 00000000000000dc RSI: 000000000004827e RDI: 0000200000000200
[  191.109774][ T6977] RBP: 00007eff29432c99 R08: 0000000000000000 R09: 0000000000000000
[  191.109781][ T6977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  191.109787][ T6977] R13: 00007eff29616218 R14: 00007eff29616180 R15: 00007ffc4de741e8
[  191.109797][ T6977]  </TASK>
[  191.109801][ T6977] 
[  191.423048][ T6977] The buggy address belongs to the physical page:
[  191.429472][ T6977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x32a0 pfn:0x50659
[  191.438491][ T6977] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  191.445620][ T6977] raw: 00fff00000000000 ffffea0001419608 ffffea0001419688 0000000000000000
[  191.454216][ T6977] raw: 00000000000032a0 0000000000000000 00000000ffffffff 0000000000000000
[  191.462791][ T6977] page dumped because: kasan: bad access detected
[  191.469207][ T6977] page_owner tracks the page as freed
[  191.474659][ T6977] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 6936, tgid 6936 (syz.1.266), ts 185088332446, free_ts 190652221220
[  191.492362][ T6977]  post_alloc_hook+0x231/0x280
[  191.497130][ T6977]  get_page_from_freelist+0x2418/0x24b0
[  191.502755][ T6977]  __alloc_frozen_pages_noprof+0x18d/0x380
[  191.508555][ T6977]  alloc_pages_mpol+0x232/0x4a0
[  191.513394][ T6977]  folio_alloc_mpol_noprof+0x39/0x160
[  191.518762][ T6977]  shmem_alloc_and_add_folio+0x442/0xf80
[  191.524399][ T6977]  shmem_get_folio_gfp+0x5a9/0x1670
[  191.529894][ T6977]  shmem_write_begin+0x16c/0x330
[  191.534844][ T6977]  generic_perform_write+0x2e2/0x8f0
[  191.540126][ T6977]  shmem_file_write_iter+0xf8/0x120
[  191.545327][ T6977]  __kernel_write_iter+0x41e/0x880
[  191.550443][ T6977]  dump_user_range+0xc19/0x12c0
[  191.555285][ T6977]  elf_core_dump+0x34c2/0x3ad0
[  191.560041][ T6977]  coredump_write+0x1216/0x1910
[  191.564896][ T6977]  vfs_coredump+0x36a9/0x4280
[  191.569573][ T6977]  get_signal+0x1107/0x1330
[  191.574081][ T6977] page last free pid 5830 tgid 5830 stack trace:
[  191.580396][ T6977]  free_unref_folios+0xd0c/0x1450
[  191.585420][ T6977]  folios_put_refs+0x9ff/0xb40
[  191.590205][ T6977]  shmem_undo_range+0x52c/0x1660
[  191.595136][ T6977]  shmem_evict_inode+0x289/0xae0
[  191.600071][ T6977]  evict+0x61e/0xb10
[  191.603960][ T6977]  filename_unlinkat+0x43f/0x610
[  191.608893][ T6977]  __se_sys_unlink+0x2e/0x140
[  191.613603][ T6977]  do_syscall_64+0x14d/0xf80
[  191.618184][ T6977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.624080][ T6977] 
[  191.626425][ T6977] Memory state around the buggy address:
[  191.632051][ T6977]  ffff888050659b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  191.640110][ T6977]  ffff888050659b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  191.648164][ T6977] >ffff888050659c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  191.656211][ T6977]                             ^
[  191.661051][ T6977]  ffff888050659c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  191.669128][ T6977]  ffff888050659d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  191.677177][ T6977] ==================================================================
[  191.702211][ T6980] loop0: detected capacity change from 0 to 512
[  191.769017][ T6980] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  191.823690][ T6976] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.956803][ T6977] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  191.964061][ T6977] CPU: 1 UID: 0 PID: 6977 Comm: syz.2.278 Not tainted syzkaller #0 PREEMPT(full) 
[  191.973274][ T6977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  191.983345][ T6977] Call Trace:
[  191.986636][ T6977]  <TASK>
[  191.989581][ T6977]  vpanic+0x56c/0xa60
[  191.993582][ T6977]  ? __pfx_vpanic+0x10/0x10
[  191.998119][ T6977]  panic+0xc5/0xd0
[  192.001867][ T6977]  ? __pfx_panic+0x10/0x10
[  192.006299][ T6977]  ? preempt_schedule_thunk+0x16/0x30
[  192.011774][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  192.017430][ T6977]  ? preempt_schedule_thunk+0x16/0x30
[  192.022841][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  192.028501][ T6977]  check_panic_on_warn+0x89/0xb0
[  192.033511][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  192.039188][ T6977]  end_report+0x73/0x180
[  192.043439][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  192.049077][ T6977]  kasan_report+0x128/0x150
[  192.053594][ T6977]  ? ext4_ext_remove_space+0x3170/0x4280
[  192.059242][ T6977]  ext4_ext_remove_space+0x3170/0x4280
[  192.064726][ T6977]  ? __es_remove_extent+0x13d3/0x1da0
[  192.070121][ T6977]  ? __pfx_ext4_ext_remove_space+0x10/0x10
[  192.075957][ T6977]  ? ext4_es_remove_extent+0x2a7/0x4c0
[  192.081430][ T6977]  ext4_ext_truncate+0x17e/0x2f0
[  192.086394][ T6977]  ext4_truncate+0xb63/0x13b0
[  192.091075][ T6977]  ? unmap_mapping_range+0xe6/0x180
[  192.096275][ T6977]  ? __pfx_ext4_truncate+0x10/0x10
[  192.101390][ T6977]  ext4_setattr+0x106e/0x1c60
[  192.106073][ T6977]  ? __pfx_ext4_setattr+0x10/0x10
[  192.111096][ T6977]  notify_change+0xc1a/0xf40
[  192.115691][ T6977]  do_truncate+0x1c2/0x250
[  192.120117][ T6977]  ? __pfx_do_truncate+0x10/0x10
[  192.125059][ T6977]  ? apparmor_file_truncate+0x39f/0x470
[  192.130607][ T6977]  path_openat+0x2f89/0x3860
[  192.135207][ T6977]  ? __pfx_stack_trace_save+0x10/0x10
[  192.140585][ T6977]  ? stack_depot_save_flags+0x33/0x810
[  192.146055][ T6977]  ? __pfx_path_openat+0x10/0x10
[  192.151007][ T6977]  ? __x64_sys_open+0x11e/0x150
[  192.155868][ T6977]  ? do_syscall_64+0x14d/0xf80
[  192.160635][ T6977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.166707][ T6977]  ? __lock_acquire+0x6b5/0x2cf0
[  192.171653][ T6977]  do_file_open+0x23e/0x4a0
[  192.176166][ T6977]  ? __pfx_do_file_open+0x10/0x10
[  192.181207][ T6977]  ? _raw_spin_unlock+0x28/0x50
[  192.186056][ T6977]  ? alloc_fd+0x64b/0x6c0
[  192.190393][ T6977]  do_sys_openat2+0x113/0x200
[  192.195107][ T6977]  ? __pfx_do_sys_openat2+0x10/0x10
[  192.200306][ T6977]  ? kfree+0x4d/0x640
[  192.204316][ T6977]  ? __pfx_kcov_ioctl+0x10/0x10
[  192.209163][ T6977]  __x64_sys_open+0x11e/0x150
[  192.213854][ T6977]  do_syscall_64+0x14d/0xf80
[  192.218459][ T6977]  ? trace_irq_disable+0x3b/0x150
[  192.223486][ T6977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.229553][ T6977]  ? clear_bhb_loop+0x40/0x90
[  192.234230][ T6977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.240121][ T6977] RIP: 0033:0x7eff2939c799
[  192.244570][ T6977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  192.264726][ T6977] RSP: 002b:00007eff275b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  192.273153][ T6977] RAX: ffffffffffffffda RBX: 00007eff29616180 RCX: 00007eff2939c799
[  192.281131][ T6977] RDX: 00000000000000dc RSI: 000000000004827e RDI: 0000200000000200
[  192.289099][ T6977] RBP: 00007eff29432c99 R08: 0000000000000000 R09: 0000000000000000
[  192.297068][ T6977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  192.305322][ T6977] R13: 00007eff29616218 R14: 00007eff29616180 R15: 00007ffc4de741e8
[  192.313312][ T6977]  </TASK>
[  192.316849][ T6977] Kernel Offset: disabled
[  192.321163][ T6977] Rebooting in 86400 seconds..