last executing test programs:

13m20.425403196s ago: executing program 4 (id=267):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b", 0x9d}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb", 0x10}], 0x2}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf4648e", 0xe}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x4, 0x19, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @enc_lim={0x4, 0x1, 0xf8}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x9, "e80ee304ecb784ec46"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x1b8, 0x29, 0x36, {0x5e, 0x34, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x30, {0x3, 0xa, 0x0, 0xfff, [0x2, 0x4, 0x7, 0xfffffffffffffff7, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xe2, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab309f93fd8146e6672c844ca0c43cde3afb3f9b0e9c19b929779fe65f579221b81"}, @calipso={0x7, 0x20, {0x3, 0x6, 0x3, 0x7, [0x0, 0x8000, 0xffffffffffffff04]}}, @generic={0x1}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x70, 0x0, [@mcast2]}}}], 0x360}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

13m17.707223196s ago: executing program 4 (id=272):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f00000000c0)=0x800, 0x4)
capget(0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r2, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8f, 0x0, 0x100000}, 0x20)

13m11.954995987s ago: executing program 4 (id=280):
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x4, 0x127d, &(0x7f00000011c0)="$eJzs3U1rJMUfB/DfJJPH/SeTv66ruyAWelGEcZODJy9BdkEMKNEsqKdeM9EhkwcyQyAi7njyJPgyRD16E8Q3kIsXz4IgkovHPYgtyUw085BsYjIJyOdz6aK6vlXV6U5DD1303itfrK2u1MsrWSOGCoUobo5E8WGKFEMxHC3NeOHeTz8//dY7774+v7BwZzGlu/Nvz76cUpp+5vv3Pv7m2R8a1+59O/3dWOzODO39PvfL7o3dm3t/fh3VeqrW0/pGI2Xp/sZGI7tfq6Tlan21nNKbtUpWr6Tqer2y1bF/pbaxubmTsvXlqcnNrUq9nrL1nbRa2UmNQmps7aTsg6y6nsrlcpqaDM5j6auHeZ5H5PlIjEae5/lETMa1+F9MxXSUYib+H4/F43E9nogb8WQ8FTcPWl31vAEAAAAAAAAAAAAAAAAAAOC/5RHr/wvW/wMAAAAAAAAAAAAAAAAAAMDgda//L0b4/j8AAAAAAAAAAAAAAAAAAABcskd8/79r/f+L1v8DAAAAAAAAAAAAAAAAAADAIIy3NospjUesfba9tL3U2rbq51eiGrWoxO0oxR9xsPq/pVW++9rCndvpwEy8tPagnX+wvTTcmZ8dKcVMoW9+diIiUkqd+bGYPJqfi1Jc7z/+XGv8rvx4PP/cfv7TVr4cpfjx/diIWixHFNpHf5D/ZDalV99YmOjM39pvd6zhAZ8WAAAAuEjl9Lfe5/dmu1Hf/a1d7efz1G5ZOOH3ga7n82LcKl7VUXOovvPRalarVbb+ZWH0+H5Gz9dzT6EQEVkcrZme/HVxf/BT9nN4uV3QfI4Uhi+6wxMLIye3Occ5jeKp/5gDKkSzuyYvRZy1n9++PFIzfub4+QpD7cssqzVPfbFFM88HOrG+/4xjJ6WOv2cUBnxP4vL8c9KveiYAAAAAAAAAAACcRd+3/yYioud9wA97ag5fD++M9/Z8/OifX8IRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sQPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//w+Ty90=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f0000000000))
syz_mount_image$squashfs(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x800800, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRES32=0x0, @ANYRESOCT, @ANYRESOCT], 0x1, 0x1cc, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYCBgYGFgYGRgYfhAgMjiMmgzsgAAUwQaj2U/wJKz4RKszGggv9QUHFLe90aZoYzJz11tZbJMjO0emrLg8VO+Z05yczAwLC8x8hNcnEIAwND6FF+BobKquzEnJzUEwwLGSo4GRgYTp9gYLluf02lWYLT4Y88h0OSpoMO0xEfj6wZjSWck6Q0xdjYMhXOnvkgv45N4wjDoxXMG+s88xrrClOn5qXlJVWBnAJyaWNnY+PKiXVRaX6rGFtSXDY1dTIyOWxRE9jMbKg+yUZ7wrv2VQ+THFh7PPyaTxkrvU5lvmS8sEjq1IqqmYxflGYzGn5nuMNTtkJCQ8NJ4oqERYMJw5E62wZXhopbrAwMDGkKYYxJamxibVvOzAlhZmRxW6DQknyCKfTovfUzJSwOCFWd/Gmp+dYh0W3GtqcObGd4Dh/nWVPQJ2h0XILBaaHgf1iQMTZA6CKNvxJeq42dMhjc7ZmWNUMDmgUsuxLKk2WouJWckJC8wkNHU9MoJTmhYZNCQpJbgaEyw9Y9nKsFGhgQ0QZyIsN2qEZYdF5jZBgFo2AUjIJRMApGwSgYBaNgFIyCUTCCACAAAP//AfuOkg==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
read$msr(r3, &(0x7f0000000000)=""/126, 0x7e)

13m9.915667206s ago: executing program 4 (id=285):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="0b00000008000000020000000900000001"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x48, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb600000000000000008d0000007500000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800"/15], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000040), &(0x7f0000000300)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

13m7.476755677s ago: executing program 4 (id=288):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000e00)=0x9, 0x4)
r1 = socket$inet6(0xa, 0x3, 0xff)
syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x804000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='pids.current\x00', 0x275a, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x18, 0x0, 0xef5ebf77ce25880d, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8c0}, 0x10)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
close(r1)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18410, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0)
sendfile(r6, r6, 0x0, 0x80000000)

13m6.243532254s ago: executing program 4 (id=290):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f00000000c0)=0x800, 0x4)
capget(0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r2, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8f, 0x0, 0x100000}, 0x20)

12m50.809661402s ago: executing program 32 (id=290):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f00000000c0)=0x800, 0x4)
capget(0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r2, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8f, 0x0, 0x100000}, 0x20)

7m19.945697229s ago: executing program 5 (id=1289):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b", 0x9d}, {0x0}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9", 0xf}], 0x3}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf4648e", 0xe}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x4, 0x19, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @enc_lim={0x4, 0x1, 0xf8}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x9, "e80ee304ecb784ec46"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x190, 0x29, 0x36, {0x5e, 0x2e, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xaa, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea"}, @calipso={0x7, 0x20, {0x3, 0x6, 0x3, 0x7, [0x0, 0x8000, 0xffffffffffffff04]}}, @generic={0x1}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x348}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7m18.993929118s ago: executing program 5 (id=1293):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000000e00)=0x9, 0x4)
r1 = socket$inet6(0xa, 0x3, 0xff)
syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x804000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='pids.current\x00', 0x275a, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x18, r6, 0xef5ebf77ce25880d, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8c0}, 0x10)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18410, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0)
sendfile(r7, r7, 0x0, 0x80000000)

7m16.498490288s ago: executing program 5 (id=1297):
r0 = userfaultfd(0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x54})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
open_tree(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x800, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r4=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r5})
close_range(r2, r3, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)

7m15.275759599s ago: executing program 5 (id=1301):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x884}, 0x2004c000)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_open_dev$hiddev(&(0x7f0000000300), 0xffffffffffffffff, 0x401)
ioctl$HIDIOCGCOLLECTIONINFO(r2, 0xc0104811, &(0x7f0000000580)={0x4, 0x1, 0x1})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0xbc, 0x40, 0x107, 0x70bd2d, 0x25dfdbfb, {0x4, 0x7c}, [@typed={0x4}, @typed={0xa3, 0x2b, 0x0, 0x0, @binary="2702817f2c4603d1939cfd361f6b7c5365720e2b996b6361cd643b5494227f2ce5cba495880958eb65d045f75ee5bbccf7dcfdb9c01fb546dc029f6e32ad3bfddb23c12b9d9bf98394be76f88b9df2fbe67772b2f77a89fac636b2c2f9e6e13d6d3a032531c76a9edb589ed2331caae2714a0517d652881ae94042a2b9309eb9ce80e3acac4cbc281477a631126f73e9e833a559641651dab2f449de17290e"}]}, 0xbc}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

7m15.044366323s ago: executing program 5 (id=1304):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628", 0x9b}, {0x0}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb", 0x10}], 0x3}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf4648e", 0xe}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x4, 0x19, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @enc_lim={0x4, 0x1, 0xf8}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x9, "e80ee304ecb784ec46"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x1c0, 0x29, 0x36, {0x5e, 0x34, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xe1, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab309f93fd8146e6672c844ca0c43cde3afb3f9b0e9c19b929779fe65f579221b"}, @calipso={0x7, 0x18, {0x3, 0x4, 0x3, 0x7, [0x0, 0xffffffffffffff04]}}, @generic={0x1}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x378}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7m13.654605191s ago: executing program 5 (id=1309):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xf3}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200000}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x10b, 0x8000000000005})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r9 = dup3(r8, r7, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r9, 0x84, 0x20, &(0x7f0000000180), &(0x7f0000000380)=0x4)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

6m55.02617386s ago: executing program 33 (id=1309):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xf3}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200000}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x10b, 0x8000000000005})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r9 = dup3(r8, r7, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r9, 0x84, 0x20, &(0x7f0000000180), &(0x7f0000000380)=0x4)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

21.932369785s ago: executing program 0 (id=3200):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000240)='jbd2_handle_extend\x00', r2}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xc, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6264c75aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06553b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0xc5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r7, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r9 = accept(r6, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122)
connect$packet(r1, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x1}, 0x14)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100000000})

20.727192971s ago: executing program 0 (id=3205):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x800)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_open_dev$hiddev(&(0x7f0000000300), 0xffffffffffffffff, 0x401)
ioctl$HIDIOCGCOLLECTIONINFO(r2, 0xc0104811, &(0x7f0000000580)={0x4, 0x1, 0x1})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0xf0, 0x40, 0x107, 0x70bd2d, 0x25dfdbfb, {0x4, 0x7c}, [@typed={0x4}, @typed={0xd7, 0x2b, 0x0, 0x0, @binary="2702817f2c4603d1939cfd361f6b7c5365720e2b996b6361cd643b5494227f2ce5cba495880958eb65d045f75ee5bbccf7dcfdb9c01fb546dc029f6e32ad3bfddb23c12b9d9bf98394be76f88b9df2fbe67772b2f77a89fac636b2c2f9e6e13d6d3a032531c76a9edb589ed2331caae2714a0517d652881ae94042a2b9309eb9ce80e3acac4cbc281477a631126f73e9e833a559641651dab2f449de17290e0330ca96cb2fa798d73e47e6555085aa6d8922fb314ae10fe715fe2c7fba2104762e169ea3a245ce67961b5953b99e7066b292bd"}]}, 0xf0}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

20.421074153s ago: executing program 0 (id=3210):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000240)='jbd2_handle_extend\x00', r2}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xc, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6264c75aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06553b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0xc5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r7, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r9 = accept(r6, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122)
connect$packet(r1, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x1}, 0x14)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100000000})

19.022420244s ago: executing program 0 (id=3217):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
writev(r1, &(0x7f0000000000)=[{0x0}], 0x1)
socket$netlink(0x10, 0x3, 0xf)
r2 = socket(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050429bd7000fedbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="3c00028038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000500030003"], 0x58}, 0x1, 0x0, 0x0, 0x4008401}, 0x44084)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r0, 0x4068aea3, &(0x7f0000000140))
ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000340)="6462d94f0683d98c900235fd3caefc488f1b20f07d64d2238a96942df27dd5e9e1b8adaabeaa")
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES32=0x0, @ANYBLOB], 0x48)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x0)
ioprio_set$uid(0x0, r7, 0x4000)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0xb4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
sendmsg$NL80211_CMD_ADD_TX_TS(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x38, r9, 0x200, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0x2}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x5}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d0090000060011000700000008000100706369001100020030082e303a30303a31302e3000000000080003000000000008001e9621ef000006"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48050)
r10 = socket(0x10, 0x3, 0x0)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r12=>0x0})
pipe2$9p(&(0x7f00000001c0), 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r12, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008001240000000000500140008000000050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

17.567547761s ago: executing program 0 (id=3227):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000580)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2000000, &(0x7f0000000740)={[{@type={'type', 0x3d, "9d24b47a"}}, {@codepage={'codepage', 0x3d, 'cp850'}}, {}, {@umask={'umask', 0x3d, 0x9}}, {@creator={'creator', 0x3d, "811b705a"}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}]}, 0x1, 0x2db, &(0x7f0000000200)="$eJzs3T9v004cx/HPOUmb/lF//rVFSCygQiVYKgoMiCUIZWVnQkCTShVREW2RgIWCGBEPgJ2nwINgAfEEYGLiAXQzusvZdRrbaUsT98/7JTWyz3fn7+ns+L6WIAJwZt1r/vx887f9M1JFFUl3pEBSXapKOqfz9RfrW2tbnXarqKOKa2H/jLotTV+dlfV2VlPbzrXwQrtX1XS6LM3094xDiqLo7q+yg0Dp3N2fIZDG/X3ojtdHHNewbEsXy45h1NITbHa0o5eaKTEcAMAx4J//gX9MTLsioyCQFv1j/1Q9/3fKDuBo3er0FUWFDVLPf7e6i4yd3//cod18zyVa9ngQZ4n7Caa2Z39M3SurZ4FpBmWVLpZgYnWtqqWVt2oFeqeGl6o27z5b3Us3NiDahYzctEB+bzXdn+yOxq0o94pDWl3rtMftRir+OIK5g53x35mv5rt5aEJ9UitZ/1UjY6fJzVS4Z6aCmo3/en6PU66VrSU/sEajEfRU+d+d5II/gzdglPXsjCTdZ/yCYDuJoChOd+5Z9b5W6I5ueUCruaxWYbKX02q+p1XFXwlLK886ha9ShiMeovloHpgF/dEXNVPr/8DGt6jUnVn0VW9cTX9ldMczll2z6mqGfU+O3dvlUhKBN37gsUHKe1uW44Oe6LZmNl+9flrpdNobduNxxsbz6Q3jS2rvpcw6w9+oqKCOtndLIutNFO2352iYwV870g7t90dSYm+frMr2LktKglFP01nZaH5T0QV5cjaiSMo5NLTvKRwjmyaedLdb1UTZEWHE7LrLdPM/t5L3qzqXoNiPsGCdXpxkqqfH5SSD610KzrrPyQNlcFP5GVzqjDdyckaXc12+Kl1JFRoVnjH0cZ4SpqkfesT7fwAAAAAAAAAAAAAAAAAAgJNmFP/SoOwxAgAAAAAAAAAAAAAAAAAAAABw0h3q93+z/o949/u/4Uh+/xfA0fgbAAD//wA5eM4=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

17.233216131s ago: executing program 0 (id=3231):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)

5.390239289s ago: executing program 6 (id=3311):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
unshare(0x22020600)
r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)

5.22042429s ago: executing program 1 (id=3313):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10)

5.197171391s ago: executing program 6 (id=3314):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0)

5.030646279s ago: executing program 1 (id=3317):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000280)="0bbb268dd6ffa80800000002000000000000210d0000aaa8fa017242ba9380d440fe000000000000290000000300000049", 0x31)

4.910653622s ago: executing program 6 (id=3318):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf47, 0x4cc, 0xffff, 0x9dff, 0x1, "8003e3ffff072000"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3)

4.78231127s ago: executing program 1 (id=3321):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x28, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="0207090004"], 0x20}}, 0x4040014)

4.615446781s ago: executing program 6 (id=3322):
sync()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x14, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r1, 0x0, 0x9}, 0x18)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00'})
r2 = socket$rds(0x15, 0x5, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000000008400"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x48}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100ffffffff080002"], 0x58}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000280)="0000000000000004ff6943b80000000800000028f2000000008607000000ebb01f63dd65dd530700a28f2cbf86f474fad8cb594ed9fabe9ec277bb8d0000009c238532dd4c6ee9eddd58a599264432dc88941a476f8674c3b25a20e8d25504d773dd523add126ab51ca15c9d0436b3d0164bda8d9ed4e88158a20d3c55bd06050b964a5503bd0ef4b3a0823ad11bfae501057d95ba3e8d12893e6201c24e96b3031a817db4aa92e708a23ec370714940856977cb6f99f8ddc11996d1d5587f9c325bf5c2f77088d08a05af40a5392711377de42a66c2adee5a0612b9", 0xdc, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00@\x00\x00\x00\x00'], 0x0, 0x7}, 0x94)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x111001, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x10000000ca38}, 0x18)
setrlimit(0x9, &(0x7f0000000080)={0x8606, 0xffff})
io_setup(0x8f0, &(0x7f0000002400))
sendmsg$rds(r2, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@mask_fadd={0x58, 0x114, 0x8, {{0x4, 0xbed}, &(0x7f00000003c0)=0x9, &(0x7f0000000400)=0x2, 0xb694, 0x0, 0x6, 0xe, 0x4, 0x6}}], 0x58, 0x4000000}, 0x0)

4.530728944s ago: executing program 3 (id=3323):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
semget$private(0x0, 0x20000000102, 0x0)

4.493960357s ago: executing program 1 (id=3324):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8)

4.317379286s ago: executing program 3 (id=3325):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e)

4.194266137s ago: executing program 1 (id=3326):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}]}]}], {0x14, 0x10}}, 0xdc}}, 0x0)

4.07562898s ago: executing program 6 (id=3327):
socket(0x2, 0x80805, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x80, 0x2, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_FILTER={0x34, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x288}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x74}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x490}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x241}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0xa48}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x340}]}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xe79}]}, @CTA_FILTER={0x24, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x10}, @CTA_FILTER_REPLY_FLAGS={0x8}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8e}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0xc20}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x24040000}, 0x4004010)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040), 0x4)
getgid()
read(r0, &(0x7f0000000340)=""/156, 0x9c)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x118)
epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x1, 0x4}, 0xc)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x0, 0x230d}, 0xc)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0xa, 0x4)

4.028692122s ago: executing program 3 (id=3328):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b701000000000000850000006d00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)

3.894163516s ago: executing program 1 (id=3329):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
sendto$inet6(r0, &(0x7f0000000100)="15", 0x1, 0x1, &(0x7f0000000140)={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000380)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0)
shutdown(r0, 0x1)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010700000000000000000000000014000300686173683a69702c706f72742c6970000900020073797a31000000000500010007000000050005000a0000000500040001000000c1590c9fe92c70409533a7acaf3d7072b144c5f5c963697b3ff9bea20eba159d251d57a146ac718289d253f3be698fed96dc6035adef29a07823dc76"], 0x4c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
gettid()
timer_create(0x2, &(0x7f00000006c0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000640)='\f', &(0x7f0000000680)="f57edb1bf298ee43ca2108f71aacdd9e92f7874deae4c53f36beb689f7a7fa98f840"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='X'], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="ad423c0419c1a24ae3b2e741d8b7570c7ac1aabc158035650a680f7a62a7d98a784c344e0f133da67d9ce6c232e926b25b379898b0474b2884b9d8b68e9a38283fd5858235c00e36dcc6da681fa895a6e8f1df9d60e62d3513e09672ce686458ae6f57b207ec5edcad8f8a37645650c5aaae78a4971dc60e0bf71982f4fe32332b4f952da87416c1ab048d26dfe7300649852f48962192ecadb9df8acdfa95f93ac40714cb6ce7f3fb70c40d27b0ee9ff77a94cf7e6cf86fb9ba214dcd249254b7f2ea10955572c9cb5174d7a7152ea969ad7b819e8fb2", @ANYRES64, @ANYBLOB="010027bd7000fbd3df2502000000050004000100010005000400010000001400020076657468315f746f5f7465616d0000000900030073797a3200000000090001007379"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd30, 0x1, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c845}, 0x0)

3.77022969s ago: executing program 3 (id=3330):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}], {0x14}}, 0xd4}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @private0, @mcast2, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x40000)
syz_emit_ethernet(0x56, &(0x7f0000000340)={@local, @local, @void, {@ipv6={0x86dd, @tipc_packet={0x0, 0x6, "5817b1", 0x20, 0x6, 0x0, @remote, @rand_addr=' \x01\x00', {[], @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}}, 0x0)

3.716863227s ago: executing program 2 (id=3331):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf47, 0x4cc, 0xffff, 0x9dff, 0x1, "8003e3ffff072000"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3)

3.470579906s ago: executing program 3 (id=3332):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000008000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x31, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00'], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x1000000, 0x0, 0x1, 0x1}, 0x21)
r3 = gettid()
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

3.446184507s ago: executing program 2 (id=3333):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x28, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="0207090004"], 0x20}}, 0x4040014)

3.201916361s ago: executing program 2 (id=3334):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffa, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x5, @private0, 0xfe}, 0x1c)

3.119200674s ago: executing program 3 (id=3335):
r0 = gettid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pI4   \x00'}, 0x20)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r8 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe})
r9 = dup3(r7, r8, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r9, 0x4004550c, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f00000001c0), &(0x7f00000005c0)=r1}, 0x20)
r10 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')
lseek(r10, 0x289e0cb5, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x50)
mq_open(&(0x7f0000000ac0)='eth0\x00\xdd\xad\xff=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9%\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xcfL\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe9XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xa2@\xeb\x18\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4\x80\x00\x00\x00a\xdf\xb5\xd9\xe4\x01\xea|.\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9J\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x9e\xef\x9b\x97\xcb\xc6\x89\xba\x8e\xf2\xfb\xd5\a\xcb\xf6\xf7{\xec\xf0@\xc2\xb2\xbcAQx\xa4\x12\xf8\x9cji\"\xf7\x1a\xbd\xac\xde\xf4\x9b\xd7#\xab\\q\xd6\xdf#>}\x97\xd0U\xe4\x9e+|\xb1MT\xa0\x1bf\v9\xcdx\xab\x83\x87\xd3q3\xbeL\xd2\x1f6\x1ffL\x9eM\x0f?\'\xc3YB0\x80!\xe9Y\xf1:\xeeX\xf7G\x85K\xbb\xbdijaA\x00&\x0e\xb3\x99\xbc9\xee\x8f\aVy!d^\r\xd1\x9b\xd5<y \xff\x05o\xc2\xef\x87~\x9au\x10\xef\x89\xfb\xa2v\a\xd3\x8f\x85\xf6\xef\xc6\x92;cj\xc0\x12m\\Thf`\x1c\xc3I\xc3VY\xcf\b\x03R@\x8eI\xd7\xdf>\x06\xbc$\xc9[\x8e[', 0x1, 0x50, 0x0)

2.974499705s ago: executing program 6 (id=3336):
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
unshare(0x62040200)

1.564836895s ago: executing program 2 (id=3337):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x4)
fchdir(r1)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x41, 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

1.354527326s ago: executing program 2 (id=3338):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = getuid()
r2 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r2, @ANYBLOB="834ec1d449594140ec7cd849b7c8102c41e3f0dca515470324ad4b0aa65364316fe674110b7c727744b2f37a93b77b35ccb8e87c616bc84d3297853814466c08ba6cae359bb1ce46140003c076f89f4cb267d0092e9c9634c7f7a2d05607208792276023dc797dbe05bec5c4637e8ee055a7d8ecb88d75", @ANYRESHEX, @ANYRESHEX=r1, @ANYBLOB="51ed0b6e23267ed03d74bcc66308f1fbd562cdc245173478935ca1d1bc30029915b26caef9b72fb0de1a8be170931bc86650534531c7347e69d84140b4c41e5afc6ea7292657de0dc912fb7571f06f1d5a0eb6036265b5720207f761c09a83177a8e177a0c0092", @ANYRES8, @ANYRES32=r2, @ANYRES16=0x0, @ANYRESHEX=r2], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000280)={0x1, 0x0, 0x3, 0x0, 0x8}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
socket$inet(0x2, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x4005)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="400000006800010003001000fbffff7f00000000000000000c000200010000001100000014000c800800020009000000060001000a0000000600030001000000"], 0x40}, 0x1, 0x0, 0x0, 0x400401a}, 0x4000080)

0s ago: executing program 2 (id=3339):
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="010000000000000000001000000018000180140002007665746830000000000000000000000008"], 0x34}}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x3)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@user_xattr}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD")
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0xc0a81, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\b', @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf250700000008000400000800000c000180060005004e220000"], 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x40)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0xb4, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xd}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x17}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0xfe, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x80}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x10}]}, 0xb4}, 0x1, 0x0, 0x0, 0xc885}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x800002, 0x800)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000200)=0x7ffffffc)
ioctl$EVIOCGRAB(r4, 0x40044590, 0x0)

kernel console output (not intermixed with test programs):

 team_slave_0 added
[  832.253451][T14432] team0: Port device team_slave_1 added
[  832.348623][ T5977] tipc: Left network mode
[  832.390030][T14432] batman_adv: batadv0: Adding interface: batadv_slave_0
[  832.405758][T14432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  832.432135][T14432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  832.509998][T14520] BTRFS info (device loop2): rebuilding free space tree
[  832.561532][T14520] BTRFS info (device loop2): disabling free space tree
[  832.568711][T14520] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  832.590185][T14520] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  832.619572][T14432] batman_adv: batadv0: Adding interface: batadv_slave_1
[  832.640020][T14432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  832.694269][T14520] BTRFS info (device loop2): setting nodatasum
[  832.711724][T14520] BTRFS info (device loop2): setting nodatacow
[  832.737832][T14520] BTRFS info (device loop2): turning off barriers
[  832.746402][T14432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  832.761179][T14520] BTRFS info (device loop2): force clearing of disk cache
[  832.967727][   T30] audit: type=1326 audit(1764344032.100:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.004918][T14520] nfs4: Unknown parameter '*-'
[  833.054184][   T30] audit: type=1326 audit(1764344032.130:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.107192][   T30] audit: type=1326 audit(1764344032.130:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.133926][   T30] audit: type=1326 audit(1764344032.130:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.206879][ T5828] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  833.240831][   T30] audit: type=1326 audit(1764344032.130:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.359691][   T30] audit: type=1326 audit(1764344032.140:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.431109][   T30] audit: type=1326 audit(1764344032.140:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.515780][   T30] audit: type=1326 audit(1764344032.140:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.589822][ T5977] hsr_slave_0: left promiscuous mode
[  833.625423][   T30] audit: type=1326 audit(1764344032.140:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.649534][T10970] Bluetooth: hci4: command tx timeout
[  833.655340][ T5977] hsr_slave_1: left promiscuous mode
[  833.681271][   T30] audit: type=1326 audit(1764344032.140:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14519 comm="syz.2.2452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f751918f749 code=0x7ffc0000
[  833.702947][ T5977] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  833.745011][ T5977] batman_adv: batadv0: Removing interface: batadv_slave_0
[  833.868523][ T5977] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  833.881459][ T5977] batman_adv: batadv0: Removing interface: batadv_slave_1
[  833.950230][ T5977] veth1_macvtap: left promiscuous mode
[  833.993666][ T5977] veth0_macvtap: left promiscuous mode
[  834.011510][ T5977] veth1_vlan: left promiscuous mode
[  834.033462][ T5977] veth0_vlan: left promiscuous mode
[  835.972557][ T5977] team0 (unregistering): Port device team_slave_1 removed
[  836.116430][ T5977] team0 (unregistering): Port device team_slave_0 removed
[  836.638922][T14432] hsr_slave_0: entered promiscuous mode
[  836.654033][T14432] hsr_slave_1: entered promiscuous mode
[  836.662979][T14432] debugfs: 'hsr0' already exists in 'hsr'
[  836.670023][T14432] Cannot create hsr debugfs directory
[  837.676061][T14643] loop1: detected capacity change from 0 to 512
[  837.685786][T14643] EXT4-fs: Ignoring removed mblk_io_submit option
[  837.699420][T14643] ext4: Unknown parameter 'hash'
[  839.308684][T14432] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  839.368249][T14669] futex_wake_op: syz.2.2489 tries to shift op by 144; fix this program
[  839.449336][T14432] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  839.567172][T14432] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  839.607594][T14432] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  840.042947][T14432] 8021q: adding VLAN 0 to HW filter on device bond0
[  840.227949][T14432] 8021q: adding VLAN 0 to HW filter on device team0
[  840.300707][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state
[  840.307978][ T5967] bridge0: port 1(bridge_slave_0) entered forwarding state
[  840.328370][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.335622][ T5967] bridge0: port 2(bridge_slave_1) entered forwarding state
[  841.328974][T14432] 8021q: adding VLAN 0 to HW filter on device batadv0
[  841.783550][T14432] veth0_vlan: entered promiscuous mode
[  841.848621][T14432] veth1_vlan: entered promiscuous mode
[  842.387689][T14432] veth0_macvtap: entered promiscuous mode
[  842.443201][T14432] veth1_macvtap: entered promiscuous mode
[  842.497253][T14432] batman_adv: batadv0: Interface activated: batadv_slave_0
[  842.543917][T14745] futex_wake_op: syz.6.2505 tries to shift op by 144; fix this program
[  842.771603][T14432] batman_adv: batadv0: Interface activated: batadv_slave_1
[  842.823106][ T1153] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  843.011183][ T1153] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  843.257144][ T1153] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  843.339773][ T1153] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  843.791416][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.826732][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.907973][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.926220][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  844.228478][T14761] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  844.235535][T14761] overlayfs: failed to set xattr on upper
[  844.241400][T14761] overlayfs: ...falling back to redirect_dir=nofollow.
[  844.248279][T14761] overlayfs: ...falling back to index=off.
[  844.254160][T14761] overlayfs: maximum fs stacking depth exceeded
[  846.450128][T14799] futex_wake_op: syz.6.2515 tries to shift op by 144; fix this program
[  847.625480][T14807] xt_CT: No such helper "pptp"
[  848.294448][T14818] futex_wake_op: syz.3.2520 tries to shift op by 144; fix this program
[  848.722818][T14830] futex_wake_op: syz.2.2522 tries to shift op by 144; fix this program
[  851.102513][T14857] futex_wake_op: syz.2.2527 tries to shift op by 144; fix this program
[  853.949951][T14891] loop1: detected capacity change from 0 to 512
[  853.978686][T14891] EXT4-fs: Ignoring removed mblk_io_submit option
[  854.020990][T14891] ext4: Unknown parameter 'hash'
[  855.194430][T14911] futex_wake_op: syz.6.2547 tries to shift op by 144; fix this program
[  858.096670][T14966] futex_wake_op: syz.0.2563 tries to shift op by 144; fix this program
[  858.846433][T14987] futex_wake_op: syz.3.2570 tries to shift op by 144; fix this program
[  861.773997][T15045] futex_wake_op: syz.2.2589 tries to shift op by 144; fix this program
[  864.613216][T15108] FAULT_INJECTION: forcing a failure.
[  864.613216][T15108] name failslab, interval 1, probability 0, space 0, times 0
[  864.650800][  T793] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  864.659454][T15108] CPU: 1 UID: 0 PID: 15108 Comm: syz.1.2612 Not tainted syzkaller #0 PREEMPT(full) 
[  864.659483][T15108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  864.659497][T15108] Call Trace:
[  864.659506][T15108]  <TASK>
[  864.659515][T15108]  dump_stack_lvl+0x189/0x250
[  864.659545][T15108]  ? __pfx____ratelimit+0x10/0x10
[  864.659569][T15108]  ? __pfx_dump_stack_lvl+0x10/0x10
[  864.659594][T15108]  ? __pfx__printk+0x10/0x10
[  864.659631][T15108]  ? __pfx___might_resched+0x10/0x10
[  864.659659][T15108]  should_fail_ex+0x414/0x560
[  864.659689][T15108]  should_failslab+0xa8/0x100
[  864.659717][T15108]  __kmalloc_noprof+0xdf/0x800
[  864.659736][T15108]  ? kfree+0x4d/0x660
[  864.659762][T15108]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  864.659789][T15108]  tomoyo_realpath_from_path+0xe3/0x5d0
[  864.659812][T15108]  ? tomoyo_domain+0xd8/0x130
[  864.659839][T15108]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  864.659868][T15108]  tomoyo_path_number_perm+0x1e8/0x5a0
[  864.659902][T15108]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  864.659957][T15108]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  864.660009][T15108]  ? __fget_files+0x2a/0x420
[  864.660042][T15108]  ? __fget_files+0x3a0/0x420
[  864.660068][T15108]  ? __fget_files+0x2a/0x420
[  864.660100][T15108]  security_file_ioctl+0xcb/0x2d0
[  864.660131][T15108]  __se_sys_ioctl+0x47/0x170
[  864.660154][T15108]  do_syscall_64+0xfa/0xf80
[  864.660180][T15108]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.660202][T15108]  ? clear_bhb_loop+0x60/0xb0
[  864.660229][T15108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.660249][T15108] RIP: 0033:0x7f6148b8f749
[  864.660269][T15108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  864.660288][T15108] RSP: 002b:00007f61499eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  864.660312][T15108] RAX: ffffffffffffffda RBX: 00007f6148de5fa0 RCX: 00007f6148b8f749
[  864.660328][T15108] RDX: 0000200000000080 RSI: 00000000c02c640e RDI: 0000000000000003
[  864.660342][T15108] RBP: 00007f61499eb090 R08: 0000000000000000 R09: 0000000000000000
[  864.660356][T15108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  864.660369][T15108] R13: 00007f6148de6038 R14: 00007f6148de5fa0 R15: 00007ffe1d186d48
[  864.660404][T15108]  </TASK>
[  864.660413][T15108] ERROR: Out of memory at tomoyo_realpath_from_path.
[  865.012496][T15112] xt_CT: No such helper "pptp"
[  865.042771][T15117] netlink: 'syz.2.2614': attribute type 12 has an invalid length.
[  865.057009][  T793] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  865.070389][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  865.070407][   T30] audit: type=1800 audit(1764344064.200:34): pid=15117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2614" name="bus" dev="tmpfs" ino=2797 res=0 errno=0
[  865.103681][  T793] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  865.137166][  T793] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  865.161449][  T793] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  865.222461][  T793] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  865.279989][  T793] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  865.310284][  T793] usb 7-1: config 0 descriptor??
[  865.332290][  T793] gspca_main: spca561-2.14.0 probing abcd:cdee
[  865.532484][T15102] 9p: Bad value for 'wfdno'
[  865.877148][  T793] spca561 7-1:0.0: probe with driver spca561 failed with error -22
[  865.934353][  T793] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  865.951283][  T793] usb 7-1: MIDIStreaming interface descriptor not found
[  866.199502][T10322] usb 7-1: USB disconnect, device number 7
[  867.471855][  T793] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  867.651998][  T793] usb 4-1: Using ep0 maxpacket: 16
[  867.667961][  T793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  867.700837][  T793] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  867.740619][  T793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.764999][  T793] usb 4-1: config 0 descriptor??
[  867.992247][  T793] usbhid 4-1:0.0: can't add hid device: -71
[  867.998313][  T793] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  868.040335][  T793] usb 4-1: USB disconnect, device number 4
[  868.369333][T15213] xt_CT: No such helper "pptp"
[  871.674630][T15280] loop2: detected capacity change from 0 to 512
[  871.706935][T15280] EXT4-fs: Ignoring removed mblk_io_submit option
[  871.737370][T15280] ext4: Unknown parameter 'hash'
[  874.537607][T15343] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  874.544692][T15343] overlayfs: failed to set xattr on upper
[  874.550449][T15343] overlayfs: ...falling back to redirect_dir=nofollow.
[  874.557369][T15343] overlayfs: ...falling back to index=off.
[  874.563363][T15343] overlayfs: maximum fs stacking depth exceeded
[  875.134093][T15352] loop6: detected capacity change from 0 to 512
[  875.261520][T15352] EXT4-fs: Ignoring removed mblk_io_submit option
[  875.291391][T15352] ext4: Unknown parameter 'hash'
[  875.492724][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  875.499225][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  877.041838][T15371] futex_wake_op: syz.2.2696 tries to shift op by 144; fix this program
[  878.465195][T15401] futex_wake_op: syz.3.2705 tries to shift op by 144; fix this program
[  882.088046][T15476] futex_wake_op: syz.3.2731 tries to shift op by 144; fix this program
[  882.519097][T15493] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  882.526175][T15493] overlayfs: failed to set xattr on upper
[  882.531975][T15493] overlayfs: ...falling back to redirect_dir=nofollow.
[  882.538852][T15493] overlayfs: ...falling back to index=off.
[  882.544736][T15493] overlayfs: maximum fs stacking depth exceeded
[  882.869880][T15492] futex_wake_op: syz.6.2736 tries to shift op by 144; fix this program
[  884.221527][T15508] xt_CT: No such helper "pptp"
[  886.489288][T15563] loop2: detected capacity change from 0 to 4096
[  886.509911][T15563] EXT4-fs: Ignoring removed nomblk_io_submit option
[  886.583644][T15563] EXT4-fs (loop2): Test dummy encryption mode enabled
[  886.643622][T15563] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  886.687073][T15563] System zones: 0-5
[  886.716095][T15563] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  886.894590][ T5828] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  887.598393][T15601] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  887.606918][T15601] overlayfs: failed to set xattr on upper
[  887.612776][T15601] overlayfs: ...falling back to redirect_dir=nofollow.
[  887.619649][T15601] overlayfs: ...falling back to index=off.
[  887.625631][T15601] overlayfs: maximum fs stacking depth exceeded
[  889.131895][ T7526] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  889.813215][ T7526] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  889.838575][ T7526] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  889.849995][ T7526] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  889.860557][ T7526] usb 2-1: Manufacturer: syz
[  889.871887][ T7526] usb 2-1: config 0 descriptor??
[  889.923200][T15633] futex_wake_op: syz.0.2780 tries to shift op by 144; fix this program
[  890.051168][ T7526] rc_core: IR keymap rc-hauppauge not found
[  890.072466][ T7526] Registered IR keymap rc-empty
[  890.135056][T15612] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  890.141349][ T7526] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  890.235199][ T7526] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5
[  890.718505][T10322] usb 2-1: USB disconnect, device number 8
[  891.739206][T15664] loop2: detected capacity change from 0 to 512
[  891.752761][T15664] EXT4-fs: Ignoring removed mblk_io_submit option
[  891.795103][T15664] ext4: Unknown parameter 'hash'
[  895.440678][T15707] FAULT_INJECTION: forcing a failure.
[  895.440678][T15707] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  895.470925][T15707] CPU: 0 UID: 0 PID: 15707 Comm: syz.3.2802 Not tainted syzkaller #0 PREEMPT(full) 
[  895.470955][T15707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  895.470969][T15707] Call Trace:
[  895.470977][T15707]  <TASK>
[  895.470986][T15707]  dump_stack_lvl+0x189/0x250
[  895.471017][T15707]  ? __pfx____ratelimit+0x10/0x10
[  895.471041][T15707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  895.471066][T15707]  ? __pfx__printk+0x10/0x10
[  895.471098][T15707]  ? __might_fault+0xb0/0x130
[  895.471148][T15707]  should_fail_ex+0x414/0x560
[  895.471176][T15707]  _copy_from_user+0x2d/0xb0
[  895.471238][T15707]  __sys_bpf+0x1e3/0x860
[  895.471270][T15707]  ? __pfx___sys_bpf+0x10/0x10
[  895.471314][T15707]  ? ksys_write+0x22a/0x250
[  895.471338][T15707]  ? __pfx_ksys_write+0x10/0x10
[  895.471363][T15707]  __x64_sys_bpf+0x7c/0x90
[  895.471391][T15707]  do_syscall_64+0xfa/0xf80
[  895.471417][T15707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.471438][T15707]  ? clear_bhb_loop+0x60/0xb0
[  895.471465][T15707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.471486][T15707] RIP: 0033:0x7f4c6618f749
[  895.471505][T15707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  895.471524][T15707] RSP: 002b:00007f4c670ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  895.471547][T15707] RAX: ffffffffffffffda RBX: 00007f4c663e5fa0 RCX: 00007f4c6618f749
[  895.471562][T15707] RDX: 0000000000000030 RSI: 00002000000007c0 RDI: 000000000000001c
[  895.471576][T15707] RBP: 00007f4c670ba090 R08: 0000000000000000 R09: 0000000000000000
[  895.471590][T15707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  895.471602][T15707] R13: 00007f4c663e6038 R14: 00007f4c663e5fa0 R15: 00007ffd62cc38b8
[  895.471640][T15707]  </TASK>
[  895.877620][T15711] loop1: detected capacity change from 0 to 512
[  895.982062][T15711] EXT4-fs: Ignoring removed mblk_io_submit option
[  895.991195][T15711] ext4: Unknown parameter 'hash'
[  900.951190][T15773] xt_CT: No such helper "pptp"
[  902.832075][ T5890] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  902.979320][T15840] futex_wake_op: syz.0.2833 tries to shift op by 144; fix this program
[  903.020975][ T5890] usb 7-1: Using ep0 maxpacket: 32
[  903.040799][ T5890] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  903.053613][ T5890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.094795][ T5890] usb 7-1: config 0 descriptor??
[  903.338305][ T5890] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  903.355909][T15846] fuse: Unknown parameter 'g»þÍ!'
[  903.374776][ T5890] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  903.396220][ T5890] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  903.486911][ T5890] usb 7-1: media controller created
[  903.539851][T15825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.546371][ T5890] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  903.558635][T15825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  903.857142][ T5890] DVB: Unable to find symbol dib7000p_attach()
[  903.966212][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  904.035097][ T5890] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  904.244948][ T5890] rc_core: IR keymap rc-dib0700-rc5 not found
[  904.265232][ T5890] Registered IR keymap rc-empty
[  904.270575][ T5890] dvb-usb: could not initialize remote control.
[  904.327208][ T5890] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  904.361266][ T5890] usb 7-1: USB disconnect, device number 8
[  904.512327][ T5890] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  905.784241][T15908] FAULT_INJECTION: forcing a failure.
[  905.784241][T15908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  905.833918][T15908] CPU: 0 UID: 0 PID: 15908 Comm: syz.0.2861 Not tainted syzkaller #0 PREEMPT(full) 
[  905.833953][T15908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  905.833967][T15908] Call Trace:
[  905.833976][T15908]  <TASK>
[  905.833985][T15908]  dump_stack_lvl+0x189/0x250
[  905.834015][T15908]  ? __pfx____ratelimit+0x10/0x10
[  905.834039][T15908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  905.834065][T15908]  ? __pfx__printk+0x10/0x10
[  905.834096][T15908]  ? __might_fault+0xb0/0x130
[  905.834140][T15908]  should_fail_ex+0x414/0x560
[  905.834170][T15908]  _copy_from_user+0x2d/0xb0
[  905.834210][T15908]  __sys_sendto+0x260/0x540
[  905.834239][T15908]  ? __pfx___sys_sendto+0x10/0x10
[  905.834261][T15908]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  905.834302][T15908]  ? __fget_files+0x3a0/0x420
[  905.834340][T15908]  ? ksys_write+0x22a/0x250
[  905.834364][T15908]  ? __pfx_ksys_write+0x10/0x10
[  905.834389][T15908]  __x64_sys_sendto+0xde/0x100
[  905.834418][T15908]  do_syscall_64+0xfa/0xf80
[  905.834445][T15908]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  905.834467][T15908]  ? clear_bhb_loop+0x60/0xb0
[  905.834505][T15908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  905.834526][T15908] RIP: 0033:0x7f5375b8f749
[  905.834544][T15908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  905.834563][T15908] RSP: 002b:00007f5376a4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  905.834585][T15908] RAX: ffffffffffffffda RBX: 00007f5375de5fa0 RCX: 00007f5375b8f749
[  905.834600][T15908] RDX: 000000000000fdef RSI: 0000200000000080 RDI: 0000000000000003
[  905.834614][T15908] RBP: 00007f5376a4e090 R08: 0000200000000040 R09: 000000000000001c
[  905.834628][T15908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  905.834640][T15908] R13: 00007f5375de6038 R14: 00007f5375de5fa0 R15: 00007ffd35c90888
[  905.834673][T15908]  </TASK>
[  906.295227][T10970] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  906.306858][T10970] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  906.368908][T10970] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  906.378897][T10970] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  906.392543][T10970] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  906.789736][ T3544] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  906.960455][T15934] 9p: Bad value for 'wfdno'
[  907.043930][T15936] MTD: Couldn't look up 'contention_end': -2
[  907.146603][ T3544] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.299001][ T3544] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.390831][T10932] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  907.426171][ T3544] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.566779][T10932] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  907.577273][T10932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.594829][T10932] usb 1-1: config 0 descriptor??
[  907.642441][T10932] cp210x 1-1:0.0: cp210x converter detected
[  907.724717][T15913] chnl_net:caif_netlink_parms(): no params data found
[  907.840253][T15938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  907.883373][T15938] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  907.936932][T15934] loop1: detected capacity change from 0 to 32768
[  907.963331][T15934] overlayfs: failed lookup in lower (newroot/566, name='file0', err=-40): overlapping layers
[  908.005358][T15934] overlayfs: failed lookup in lower (newroot/566, name='file0', err=-40): overlapping layers
[  908.147089][T10932] usb 1-1: cp210x converter now attached to ttyUSB0
[  908.282619][T15968] evm: overlay not supported
[  908.340128][T11989] usb 1-1: USB disconnect, device number 7
[  908.367070][T11989] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  908.381840][T11989] cp210x 1-1:0.0: device disconnected
[  908.442763][T10970] Bluetooth: hci3: command tx timeout
[  908.551831][T15975] loop3: detected capacity change from 0 to 256
[  908.591727][T15975] =======================================================
[  908.591727][T15975] WARNING: The mand mount option has been deprecated and
[  908.591727][T15975]          and is ignored by this kernel. Remove the mand
[  908.591727][T15975]          option from the mount to silence this warning.
[  908.591727][T15975] =======================================================
[  908.753486][T15975] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  908.870247][T15975] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  909.181069][T10322] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  910.164177][T10322] usb 4-1: Using ep0 maxpacket: 32
[  910.191446][T10322] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  910.224163][T10322] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  910.259281][T10322] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  910.304896][T10322] usb 4-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  910.336141][T10322] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.370892][T10322] usb 4-1: Product: syz
[  910.375120][T10322] usb 4-1: Manufacturer: syz
[  910.390014][T10322] usb 4-1: SerialNumber: syz
[  910.412877][T10322] usb 4-1: config 0 descriptor??
[  910.443554][T10322] rndis_host 4-1:0.0: skipping garbage
[  910.467910][T10322] usb 4-1: bad CDC descriptors
[  910.479761][T10322] cdc_acm 4-1:0.0: skipping garbage
[  910.485549][T10322] cdc_acm 4-1:0.0: Control and data interfaces are not separated!
[  910.494418][T10322] cdc_acm 4-1:0.0: This needs exactly 3 endpoints
[  910.510920][T10322] cdc_acm 4-1:0.0: probe with driver cdc_acm failed with error -22
[  910.520873][T10970] Bluetooth: hci3: command tx timeout
[  910.565950][ T3544] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  910.623590][ T3544] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  910.646743][ T3544] bond0 (unregistering): Released all slaves
[  910.670609][T15975] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2877'.
[  910.713451][T15913] bridge0: port 1(bridge_slave_0) entered blocking state
[  910.741334][T15913] bridge0: port 1(bridge_slave_0) entered disabled state
[  910.748646][T15913] bridge_slave_0: entered allmulticast mode
[  910.796345][T15913] bridge_slave_0: entered promiscuous mode
[  911.089054][T16005] sctp: [Deprecated]: syz.3.2877 (pid 16005) Use of struct sctp_assoc_value in delayed_ack socket option.
[  911.089054][T16005] Use struct sctp_sack_info instead
[  911.583796][ T3544] tipc: Left network mode
[  911.589493][T15913] bridge0: port 2(bridge_slave_1) entered blocking state
[  911.665537][T15913] bridge0: port 2(bridge_slave_1) entered disabled state
[  911.687991][T15913] bridge_slave_1: entered allmulticast mode
[  911.700008][T15913] bridge_slave_1: entered promiscuous mode
[  912.036791][T16016] futex_wake_op: syz.6.2885 tries to shift op by 144; fix this program
[  912.179970][T15913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  912.236896][T15913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  912.376106][T15913] team0: Port device team_slave_0 added
[  912.411375][ T3544] hsr_slave_0: left promiscuous mode
[  912.419535][ T3544] hsr_slave_1: left promiscuous mode
[  912.427005][ T3544] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  912.438675][ T3544] batman_adv: batadv0: Removing interface: batadv_slave_0
[  912.455019][ T3544] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  912.469522][ T3544] batman_adv: batadv0: Removing interface: batadv_slave_1
[  912.525771][ T3544] veth1_macvtap: left promiscuous mode
[  912.538309][ T3544] veth0_macvtap: left promiscuous mode
[  912.551571][ T3544] veth1_vlan: left promiscuous mode
[  912.586554][ T3544] veth0_vlan: left promiscuous mode
[  912.646979][T10970] Bluetooth: hci3: command tx timeout
[  912.662095][T10322] usb 4-1: USB disconnect, device number 5
[  913.092761][T16024] futex_wake_op: syz.3.2887 tries to shift op by 144; fix this program
[  913.390028][   T30] audit: type=1326 audit(1764344112.520:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  913.421057][T16026] FAULT_INJECTION: forcing a failure.
[  913.421057][T16026] name failslab, interval 1, probability 0, space 0, times 0
[  913.443658][T16026] CPU: 1 UID: 0 PID: 16026 Comm: syz.0.2888 Not tainted syzkaller #0 PREEMPT(full) 
[  913.443689][T16026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  913.443699][T16026] Call Trace:
[  913.443706][T16026]  <TASK>
[  913.443712][T16026]  dump_stack_lvl+0x189/0x250
[  913.443736][T16026]  ? __pfx____ratelimit+0x10/0x10
[  913.443752][T16026]  ? __pfx_dump_stack_lvl+0x10/0x10
[  913.443770][T16026]  ? __pfx__printk+0x10/0x10
[  913.443796][T16026]  ? __pfx___might_resched+0x10/0x10
[  913.443816][T16026]  should_fail_ex+0x414/0x560
[  913.443837][T16026]  should_failslab+0xa8/0x100
[  913.443856][T16026]  kmem_cache_alloc_noprof+0x88/0x710
[  913.443878][T16026]  ? auditd_test_task+0x22/0x280
[  913.443894][T16026]  ? audit_log_start+0x101/0xa20
[  913.443914][T16026]  audit_log_start+0x101/0xa20
[  913.443941][T16026]  ? __pfx_audit_log_start+0x10/0x10
[  913.443957][T16026]  ? get_pid_task+0x20/0x1f0
[  913.443981][T16026]  ? __pfx___cant_migrate+0x10/0x10
[  913.444002][T16026]  audit_seccomp+0x64/0x190
[  913.444016][T16026]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  913.444040][T16026]  __seccomp_filter+0xcf0/0x1e20
[  913.444062][T16026]  ? ksys_write+0x1cb/0x250
[  913.444077][T16026]  ? __pfx___seccomp_filter+0x10/0x10
[  913.444093][T16026]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  913.444117][T16026]  ? __pfx_vfs_write+0x10/0x10
[  913.444133][T16026]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  913.444154][T16026]  ? __fget_files+0x3a0/0x420
[  913.444181][T16026]  ? ksys_write+0x22a/0x250
[  913.444198][T16026]  ? __secure_computing+0xe2/0x2a0
[  913.444215][T16026]  syscall_trace_enter+0xaa/0x160
[  913.444234][T16026]  do_syscall_64+0xd3/0xf80
[  913.444252][T16026]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.444267][T16026]  ? clear_bhb_loop+0x60/0xb0
[  913.444285][T16026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.444299][T16026] RIP: 0033:0x7f5375b8f749
[  913.444313][T16026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  913.444326][T16026] RSP: 002b:00007f5376a4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000013d
[  913.444342][T16026] RAX: ffffffffffffffda RBX: 00007f5375de5fa0 RCX: 00007f5375b8f749
[  913.444353][T16026] RDX: 0000200000000000 RSI: 000000000000001d RDI: 0000000000000001
[  913.444363][T16026] RBP: 00007f5376a4e090 R08: 0000000000000000 R09: 0000000000000000
[  913.444372][T16026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  913.444381][T16026] R13: 00007f5375de6038 R14: 00007f5375de5fa0 R15: 00007ffd35c90888
[  913.444404][T16026]  </TASK>
[  913.445793][T16026] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  913.575461][   T30] audit: type=1326 audit(1764344112.550:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  913.748320][T16026] audit: out of memory in audit_log_start
[  914.059507][   T30] audit: type=1326 audit(1764344112.550:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  914.222796][   T30] audit: type=1326 audit(1764344112.550:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  914.307857][   T30] audit: type=1326 audit(1764344112.550:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  914.438133][   T30] audit: type=1326 audit(1764344112.550:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  914.499920][   T30] audit: type=1326 audit(1764344112.550:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  914.590773][   T30] audit: type=1326 audit(1764344112.550:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16025 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  914.685972][T10970] Bluetooth: hci3: command tx timeout
[  915.058733][T16043] futex_wake_op: syz.6.2893 tries to shift op by 144; fix this program
[  915.419420][ T3544] team0 (unregistering): Port device team_slave_1 removed
[  915.595518][T16049] futex_wake_op: syz.1.2895 tries to shift op by 144; fix this program
[  915.810393][ T3544] team0 (unregistering): Port device team_slave_0 removed
[  917.094962][T15913] team0: Port device team_slave_1 added
[  917.430281][T15913] batman_adv: batadv0: Adding interface: batadv_slave_0
[  917.455617][T15913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  917.483433][T15913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  917.517744][T16062] loop1: detected capacity change from 0 to 512
[  917.543971][T15913] batman_adv: batadv0: Adding interface: batadv_slave_1
[  917.573876][T16060] loop0: detected capacity change from 0 to 4096
[  917.579051][T16062] EXT4-fs: Ignoring removed mblk_io_submit option
[  917.582584][T15913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  917.606574][T16062] ext4: Unknown parameter 'hash'
[  917.859054][T15913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  918.554707][T16060] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  918.631741][T16060] FAULT_INJECTION: forcing a failure.
[  918.631741][T16060] name failslab, interval 1, probability 0, space 0, times 0
[  918.661294][T10932] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  918.706892][T16060] CPU: 1 UID: 0 PID: 16060 Comm: syz.0.2899 Not tainted syzkaller #0 PREEMPT(full) 
[  918.706923][T16060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  918.706937][T16060] Call Trace:
[  918.706945][T16060]  <TASK>
[  918.706955][T16060]  dump_stack_lvl+0x189/0x250
[  918.706987][T16060]  ? __pfx____ratelimit+0x10/0x10
[  918.707011][T16060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  918.707037][T16060]  ? __pfx__printk+0x10/0x10
[  918.707073][T16060]  ? __pfx___might_resched+0x10/0x10
[  918.707097][T16060]  ? fs_reclaim_acquire+0x7d/0x100
[  918.707125][T16060]  should_fail_ex+0x414/0x560
[  918.707156][T16060]  should_failslab+0xa8/0x100
[  918.707184][T16060]  kmem_cache_alloc_noprof+0x88/0x710
[  918.707217][T16060]  ? getname_flags+0xb8/0x540
[  918.707248][T16060]  getname_flags+0xb8/0x540
[  918.707271][T16060]  ? __fget_files+0x3a0/0x420
[  918.707302][T16060]  user_path_at+0x24/0x60
[  918.707333][T16060]  __se_sys_mount+0x2d4/0x410
[  918.707365][T16060]  ? __pfx___se_sys_mount+0x10/0x10
[  918.707396][T16060]  ? do_syscall_64+0xbe/0xf80
[  918.707419][T16060]  ? __x64_sys_mount+0x20/0xc0
[  918.707447][T16060]  do_syscall_64+0xfa/0xf80
[  918.707471][T16060]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.707492][T16060]  ? clear_bhb_loop+0x60/0xb0
[  918.707518][T16060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.707538][T16060] RIP: 0033:0x7f5375b8f749
[  918.707555][T16060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.707581][T16060] RSP: 002b:00007f5376a4e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  918.707604][T16060] RAX: ffffffffffffffda RBX: 00007f5375de5fa0 RCX: 00007f5375b8f749
[  918.707618][T16060] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000
[  918.707632][T16060] RBP: 00007f5376a4e090 R08: 0000000000000000 R09: 0000000000000000
[  918.707645][T16060] R10: 0000000002390024 R11: 0000000000000246 R12: 0000000000000001
[  918.707657][T16060] R13: 00007f5375de6038 R14: 00007f5375de5fa0 R15: 00007ffd35c90888
[  918.707691][T16060]  </TASK>
[  918.957356][ T5830] ntfs3(loop0): ino=9, ntfs_sync_fs failed, -22.
[  918.969329][T15913] hsr_slave_0: entered promiscuous mode
[  918.977833][T15913] hsr_slave_1: entered promiscuous mode
[  918.990000][T15913] debugfs: 'hsr0' already exists in 'hsr'
[  918.997110][T15913] Cannot create hsr debugfs directory
[  919.020796][T10932] usb 4-1: Using ep0 maxpacket: 8
[  919.052762][T10932] usb 4-1: unable to get BOS descriptor or descriptor too short
[  919.062607][T10932] usb 4-1: config 8 has an invalid interface number: 61 but max is 0
[  919.070781][T10932] usb 4-1: config 8 has no interface number 0
[  919.076923][T10932] usb 4-1: config 8 interface 61 altsetting 8 endpoint 0x8 has invalid wMaxPacketSize 0
[  919.086773][T10932] usb 4-1: config 8 interface 61 has no altsetting 0
[  919.098729][T10932] usb 4-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=e9.1f
[  919.107881][T10932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.115987][T10932] usb 4-1: Product: syz
[  919.120194][T10932] usb 4-1: Manufacturer: syz
[  919.124908][T10932] usb 4-1: SerialNumber: syz
[  919.963441][T16066] loop3: detected capacity change from 0 to 4096
[  920.045314][T16066] ntfs3: Unknown parameter '00000000000000000000000POô%F²$ýb±O;@�|(êUNu(ƒ|¯Ðé1ñ|¼„@ü‹'j?}IáCö‡YÄÄkº7‡EΦ­…9L•3R-S'ÝE|¦&ÐÍË!{’É ô¶µ²Ä†£<uóûyø_ý²j÷
¿þØ�e? P¢”>i¬ràÎOu-ž'
[  920.197905][T10932] bfusb 4-1:8.61: probe with driver bfusb failed with error -5
[  920.232349][T10932] usb 4-1: USB disconnect, device number 6
[  922.328702][T16140] atomic_op ffff888032621998 conn xmit_atomic 0000000000000000
[  922.434518][T15913] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  922.512958][T15913] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  922.567431][T15913] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  922.650656][T16155] futex_wake_op: syz.3.2924 tries to shift op by 144; fix this program
[  922.661139][T15913] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  923.480507][T15913] 8021q: adding VLAN 0 to HW filter on device bond0
[  923.681865][T15913] 8021q: adding VLAN 0 to HW filter on device team0
[  923.730345][ T6003] bridge0: port 1(bridge_slave_0) entered blocking state
[  923.737620][ T6003] bridge0: port 1(bridge_slave_0) entered forwarding state
[  923.811861][ T6003] bridge0: port 2(bridge_slave_1) entered blocking state
[  923.819049][ T6003] bridge0: port 2(bridge_slave_1) entered forwarding state
[  924.109600][T16193] FAULT_INJECTION: forcing a failure.
[  924.109600][T16193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  924.150617][T16193] CPU: 1 UID: 0 PID: 16193 Comm: syz.1.2935 Not tainted syzkaller #0 PREEMPT(full) 
[  924.150647][T16193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  924.150661][T16193] Call Trace:
[  924.150670][T16193]  <TASK>
[  924.150683][T16193]  dump_stack_lvl+0x189/0x250
[  924.150714][T16193]  ? __pfx____ratelimit+0x10/0x10
[  924.150737][T16193]  ? __pfx_dump_stack_lvl+0x10/0x10
[  924.150763][T16193]  ? __pfx__printk+0x10/0x10
[  924.150794][T16193]  ? __might_fault+0xb0/0x130
[  924.150837][T16193]  should_fail_ex+0x414/0x560
[  924.150868][T16193]  _copy_from_user+0x2d/0xb0
[  924.150900][T16193]  ___sys_sendmsg+0x158/0x2a0
[  924.150940][T16193]  ? __pfx____sys_sendmsg+0x10/0x10
[  924.150976][T16193]  ? rcu_read_lock_any_held+0xb3/0x120
[  924.151032][T16193]  ? __fget_files+0x2a/0x420
[  924.151059][T16193]  ? __fget_files+0x3a0/0x420
[  924.151097][T16193]  __x64_sys_sendmsg+0x19b/0x260
[  924.151128][T16193]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  924.151166][T16193]  ? __pfx_ksys_write+0x10/0x10
[  924.151193][T16193]  ? do_syscall_64+0xbe/0xf80
[  924.151222][T16193]  do_syscall_64+0xfa/0xf80
[  924.151247][T16193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  924.151269][T16193]  ? clear_bhb_loop+0x60/0xb0
[  924.151295][T16193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  924.151316][T16193] RIP: 0033:0x7f6148b8f749
[  924.151335][T16193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  924.151354][T16193] RSP: 002b:00007f61499eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  924.151377][T16193] RAX: ffffffffffffffda RBX: 00007f6148de5fa0 RCX: 00007f6148b8f749
[  924.151393][T16193] RDX: 0000000004008004 RSI: 0000200000000200 RDI: 0000000000000003
[  924.151407][T16193] RBP: 00007f61499eb090 R08: 0000000000000000 R09: 0000000000000000
[  924.151421][T16193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  924.151433][T16193] R13: 00007f6148de6038 R14: 00007f6148de5fa0 R15: 00007ffe1d186d48
[  924.151467][T16193]  </TASK>
[  924.479259][T16194] loop0: detected capacity change from 0 to 4096
[  924.489761][T16194] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  924.640372][T16199] ntfs3(loop0): MFT: r=b, expect seq=0 instead of b!
[  924.651957][T16199] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  925.628361][T15913] 8021q: adding VLAN 0 to HW filter on device batadv0
[  925.884619][T15913] veth0_vlan: entered promiscuous mode
[  925.942413][T15913] veth1_vlan: entered promiscuous mode
[  926.231651][T15913] veth0_macvtap: entered promiscuous mode
[  926.272447][T15913] veth1_macvtap: entered promiscuous mode
[  926.371109][T16235] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  926.983474][T15913] batman_adv: batadv0: Interface activated: batadv_slave_0
[  927.001976][T15913] batman_adv: batadv0: Interface activated: batadv_slave_1
[  927.034197][ T7070] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  927.056824][T16238] futex_wake_op: syz.1.2945 tries to shift op by 144; fix this program
[  927.120146][ T7070] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  927.202497][ T7070] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  927.226073][ T7070] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  927.563378][ T6286] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  927.580942][ T6286] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  927.727736][ T8601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  927.796079][ T8601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  928.537431][T16273] loop3: detected capacity change from 0 to 512
[  928.623558][T16273] EXT4-fs: Ignoring removed mblk_io_submit option
[  928.700968][T16273] ext4: Unknown parameter 'hash'
[  928.918889][T16284] FAULT_INJECTION: forcing a failure.
[  928.918889][T16284] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  928.971208][T16284] CPU: 1 UID: 0 PID: 16284 Comm: syz.2.2957 Not tainted syzkaller #0 PREEMPT(full) 
[  928.971240][T16284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  928.971253][T16284] Call Trace:
[  928.971267][T16284]  <TASK>
[  928.971277][T16284]  dump_stack_lvl+0x189/0x250
[  928.971308][T16284]  ? __pfx____ratelimit+0x10/0x10
[  928.971332][T16284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  928.971358][T16284]  ? __pfx__printk+0x10/0x10
[  928.971390][T16284]  ? __might_fault+0xb0/0x130
[  928.971435][T16284]  should_fail_ex+0x414/0x560
[  928.971466][T16284]  _copy_to_iter+0x1de/0x1790
[  928.971494][T16284]  ? __local_bh_enable_ip+0x12d/0x1c0
[  928.971517][T16284]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  928.971549][T16284]  ? __asan_memset+0x22/0x50
[  928.971581][T16284]  ? __pfx__copy_to_iter+0x10/0x10
[  928.971612][T16284]  ? sctp_skb_recv_datagram+0x7c6/0x980
[  928.971651][T16284]  __skb_datagram_iter+0xf8/0x990
[  928.971685][T16284]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  928.971716][T16284]  ? __pfx_autoremove_wake_function+0x10/0x10
[  928.971755][T16284]  skb_copy_datagram_iter+0xb5/0x210
[  928.971791][T16284]  sctp_recvmsg+0x258/0xd70
[  928.971815][T16284]  ? aa_file_perm+0x44c/0x1530
[  928.971843][T16284]  ? __pfx_sctp_recvmsg+0x10/0x10
[  928.971864][T16284]  inet_recvmsg+0x24a/0x250
[  928.971899][T16284]  ? __pfx_inet_recvmsg+0x10/0x10
[  928.971934][T16284]  ? __pfx_aa_file_perm+0x10/0x10
[  928.971961][T16284]  sock_recvmsg_nosec+0x11d/0x1c0
[  928.971986][T16284]  sock_read_iter+0x274/0x320
[  928.972021][T16284]  ? __pfx_sock_read_iter+0x10/0x10
[  928.972065][T16284]  ? bpf_lsm_file_permission+0x9/0x20
[  928.972088][T16284]  ? security_file_permission+0x75/0x290
[  928.972124][T16284]  vfs_read+0x55a/0xa30
[  928.972155][T16284]  ? __pfx_vfs_read+0x10/0x10
[  928.972187][T16284]  ? __fget_files+0x2a/0x420
[  928.972224][T16284]  ksys_read+0x145/0x250
[  928.972248][T16284]  ? __pfx_ksys_read+0x10/0x10
[  928.972273][T16284]  ? do_syscall_64+0xbe/0xf80
[  928.972303][T16284]  do_syscall_64+0xfa/0xf80
[  928.972329][T16284]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  928.972351][T16284]  ? clear_bhb_loop+0x60/0xb0
[  928.972378][T16284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  928.972399][T16284] RIP: 0033:0x7f31d6d8e15c
[  928.972418][T16284] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  928.972437][T16284] RSP: 002b:00007f31d7bacfb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  928.972460][T16284] RAX: ffffffffffffffda RBX: 0000200000002880 RCX: 00007f31d6d8e15c
[  928.972477][T16284] RDX: 0000000000002000 RSI: 0000200000002880 RDI: 0000000000000004
[  928.972491][T16284] RBP: 00007f31d7bad090 R08: 0000000000000000 R09: 0000000000000000
[  928.972505][T16284] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000004
[  928.972518][T16284] R13: 00002000000065c0 R14: 00007f31d6fe6090 R15: 00007ffc4cf7a0f8
[  928.972552][T16284]  </TASK>
[  929.601078][ T9780] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  929.790756][ T9780] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  929.823677][ T9780] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  929.868195][ T9780] usb 7-1: Product: syz
[  929.877860][ T9780] usb 7-1: Manufacturer: syz
[  929.895572][ T9780] usb 7-1: SerialNumber: syz
[  929.924411][ T9780] usb 7-1: config 0 descriptor??
[  929.940439][ T9780] gspca_main: sunplus-2.14.0 probing 055f:c230
[  930.718684][T16327] loop0: detected capacity change from 0 to 512
[  930.749005][T16327] ext3: Unknown parameter 'permit_directio'
[  930.872574][ T9780] gspca_sunplus: reg_r err -110
[  930.883396][ T9780] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[  930.955753][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  930.955774][   T30] audit: type=1326 audit(1764344130.090:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  931.002550][   T30] audit: type=1326 audit(1764344130.130:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  931.032672][   T30] audit: type=1326 audit(1764344130.130:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5375b8f783 code=0x7ffc0000
[  931.056487][   T30] audit: type=1326 audit(1764344130.170:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  931.094444][   T30] audit: type=1326 audit(1764344130.170:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5375b8f749 code=0x7ffc0000
[  931.256876][   T30] audit: type=1326 audit(1764344130.390:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5375b8e1ff code=0x7ffc0000
[  931.384343][T16334] loop2: detected capacity change from 0 to 512
[  931.394086][T16311] loop3: detected capacity change from 0 to 40427
[  931.427900][T16311] F2FS-fs (loop3): build fault injection rate: 771
[  931.435178][T16334] EXT4-fs: Ignoring removed mblk_io_submit option
[  931.463009][T16334] ext4: Unknown parameter 'hash'
[  931.584795][T16311] F2FS-fs (loop3): invalid crc value
[  931.710192][ T6200] usb 7-1: USB disconnect, device number 9
[  932.525728][T16340] FAULT_INJECTION: forcing a failure.
[  932.525728][T16340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  932.543509][   T30] audit: type=1326 audit(1764344131.680:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f5375b8f7d7 code=0x7ffc0000
[  932.579274][T16327] loop0: detected capacity change from 0 to 32768
[  932.603391][T16340] CPU: 1 UID: 0 PID: 16340 Comm: syz.1.2972 Not tainted syzkaller #0 PREEMPT(full) 
[  932.603421][T16340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  932.603435][T16340] Call Trace:
[  932.603444][T16340]  <TASK>
[  932.603453][T16340]  dump_stack_lvl+0x189/0x250
[  932.603485][T16340]  ? __pfx____ratelimit+0x10/0x10
[  932.603509][T16340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  932.603534][T16340]  ? __pfx__printk+0x10/0x10
[  932.603579][T16340]  should_fail_ex+0x414/0x560
[  932.603609][T16340]  _copy_to_user+0x31/0xb0
[  932.603643][T16340]  __x64_sys_sysinfo+0xbf/0x130
[  932.603674][T16340]  ? __pfx___x64_sys_sysinfo+0x10/0x10
[  932.603717][T16340]  ? rcu_is_watching+0x15/0xb0
[  932.603743][T16340]  ? trace_sys_enter+0x25/0xf0
[  932.603769][T16340]  ? syscall_trace_enter+0xf9/0x160
[  932.603795][T16340]  do_syscall_64+0xfa/0xf80
[  932.603820][T16340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.603842][T16340]  ? clear_bhb_loop+0x60/0xb0
[  932.603868][T16340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.603889][T16340] RIP: 0033:0x7f6148b8f749
[  932.603909][T16340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  932.603928][T16340] RSP: 002b:00007f61499eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000063
[  932.603950][T16340] RAX: ffffffffffffffda RBX: 00007f6148de5fa0 RCX: 00007f6148b8f749
[  932.603966][T16340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  932.603978][T16340] RBP: 00007f61499eb090 R08: 0000000000000000 R09: 0000000000000000
[  932.603992][T16340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  932.604004][T16340] R13: 00007f6148de6038 R14: 00007f6148de5fa0 R15: 00007ffe1d186d48
[  932.604039][T16340]  </TASK>
[  932.630953][   T30] audit: type=1326 audit(1764344131.710:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5375b8df90 code=0x7ffc0000
[  932.734840][T16327] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2969 (16327)
[  932.882903][T16311] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  932.941641][T16311] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  933.020164][T16327] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  933.043128][T16327] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  933.052696][   T30] audit: type=1326 audit(1764344131.710:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5375b8f34b code=0x7ffc0000
[  933.178942][   T30] audit: type=1326 audit(1764344131.790:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5375b8e3aa code=0x7ffc0000
[  933.674411][T16327] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  933.697007][T16327] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  934.099601][T16327] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  934.123650][T14432] F2FS-fs (loop3): access invalid blkaddr:2816
[  934.234792][T16327] BTRFS error (device loop0): open_ctree failed: -12
[  934.380645][T14432] CPU: 1 UID: 0 PID: 14432 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  934.380680][T14432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  934.380693][T14432] Call Trace:
[  934.380702][T14432]  <TASK>
[  934.380710][T14432]  dump_stack_lvl+0x189/0x250
[  934.380744][T14432]  ? __pfx_dump_stack_lvl+0x10/0x10
[  934.380769][T14432]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  934.380803][T14432]  ? __update_page_owner_handle+0x5a/0x570
[  934.380832][T14432]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  934.380863][T14432]  f2fs_map_blocks+0xdac/0x40b0
[  934.380939][T14432]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  934.380974][T14432]  ? xa_load+0x60/0x210
[  934.381014][T14432]  ? xa_load+0x1ea/0x210
[  934.381048][T14432]  f2fs_mpage_readpages+0xd25/0x1b80
[  934.381076][T14432]  ? __lock_acquire+0x6b6/0x2cf0
[  934.381116][T14432]  ? __pfx_f2fs_mpage_readpages+0x10/0x10
[  934.381148][T14432]  ? __folio_batch_add_and_move+0x192/0xc40
[  934.381193][T14432]  ? f2fs_readahead+0x167/0x310
[  934.381227][T14432]  read_pages+0x17a/0x580
[  934.381255][T14432]  ? __pfx_read_pages+0x10/0x10
[  934.381282][T14432]  ? filemap_add_folio+0x35f/0x540
[  934.381320][T14432]  page_cache_ra_unbounded+0x750/0x990
[  934.381364][T14432]  f2fs_readdir+0x49b/0xa40
[  934.381410][T14432]  ? __pfx_f2fs_readdir+0x10/0x10
[  934.381438][T14432]  ? handle_mm_fault+0xdb/0x32b0
[  934.381476][T14432]  ? iterate_dir+0x292/0x570
[  934.381496][T14432]  ? down_read_killable+0x1bc/0x350
[  934.381531][T14432]  iterate_dir+0x399/0x570
[  934.381558][T14432]  __se_sys_getdents64+0xe4/0x260
[  934.381582][T14432]  ? __pfx___se_sys_getdents64+0x10/0x10
[  934.381604][T14432]  ? __pfx_filldir64+0x10/0x10
[  934.381636][T14432]  ? do_syscall_64+0xbe/0xf80
[  934.381665][T14432]  do_syscall_64+0xfa/0xf80
[  934.381691][T14432]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.381712][T14432]  ? clear_bhb_loop+0x60/0xb0
[  934.381738][T14432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.381759][T14432] RIP: 0033:0x7f4c661c20b3
[  934.381778][T14432] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 62 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  934.381797][T14432] RSP: 002b:00007ffd62cc1a18 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  934.381820][T14432] RAX: ffffffffffffffda RBX: 0000555590dc4600 RCX: 00007f4c661c20b3
[  934.381836][T14432] RDX: 0000000000008000 RSI: 0000555590dc4600 RDI: 0000000000000005
[  934.381850][T14432] RBP: 0000555590dc45d4 R08: 0000000000000000 R09: 0000000000000000
[  934.381863][T14432] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  934.381877][T14432] R13: 0000000000000010 R14: 0000555590dc45d0 R15: 00007ffd62cc3cd0
[  934.381911][T14432]  </TASK>
[  934.779676][T14432] F2FS-fs (loop3): access invalid blkaddr:2816
[  934.808433][T14432] CPU: 0 UID: 0 PID: 14432 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  934.808472][T14432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  934.808487][T14432] Call Trace:
[  934.808496][T14432]  <TASK>
[  934.808505][T14432]  dump_stack_lvl+0x189/0x250
[  934.808541][T14432]  ? __pfx_dump_stack_lvl+0x10/0x10
[  934.808567][T14432]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  934.808603][T14432]  ? f2fs_handle_error+0x13f/0x1e0
[  934.808638][T14432]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  934.808671][T14432]  f2fs_map_blocks+0xdac/0x40b0
[  934.808749][T14432]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  934.808785][T14432]  ? xa_load+0x60/0x210
[  934.808826][T14432]  ? xa_load+0x1ea/0x210
[  934.808861][T14432]  f2fs_mpage_readpages+0xd25/0x1b80
[  934.808891][T14432]  ? __lock_acquire+0x6b6/0x2cf0
[  934.808932][T14432]  ? __pfx_f2fs_mpage_readpages+0x10/0x10
[  934.808964][T14432]  ? __folio_batch_add_and_move+0x192/0xc40
[  934.809009][T14432]  ? f2fs_readahead+0x167/0x310
[  934.809035][T14432]  read_pages+0x17a/0x580
[  934.809061][T14432]  ? __pfx_read_pages+0x10/0x10
[  934.809089][T14432]  ? filemap_add_folio+0x35f/0x540
[  934.809128][T14432]  page_cache_ra_unbounded+0x750/0x990
[  934.809172][T14432]  f2fs_readdir+0x49b/0xa40
[  934.809240][T14432]  ? __pfx_f2fs_readdir+0x10/0x10
[  934.809268][T14432]  ? handle_mm_fault+0xdb/0x32b0
[  934.809306][T14432]  ? iterate_dir+0x292/0x570
[  934.809327][T14432]  ? down_read_killable+0x1bc/0x350
[  934.809362][T14432]  iterate_dir+0x399/0x570
[  934.809389][T14432]  __se_sys_getdents64+0xe4/0x260
[  934.809416][T14432]  ? __pfx___se_sys_getdents64+0x10/0x10
[  934.809437][T14432]  ? __pfx_filldir64+0x10/0x10
[  934.809475][T14432]  ? do_syscall_64+0xbe/0xf80
[  934.809505][T14432]  do_syscall_64+0xfa/0xf80
[  934.809531][T14432]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.809552][T14432]  ? clear_bhb_loop+0x60/0xb0
[  934.809578][T14432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.809599][T14432] RIP: 0033:0x7f4c661c20b3
[  934.809619][T14432] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 62 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  934.809639][T14432] RSP: 002b:00007ffd62cc1a18 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  934.809662][T14432] RAX: ffffffffffffffda RBX: 0000555590dc4600 RCX: 00007f4c661c20b3
[  934.809678][T14432] RDX: 0000000000008000 RSI: 0000555590dc4600 RDI: 0000000000000005
[  934.809692][T14432] RBP: 0000555590dc45d4 R08: 0000000000000000 R09: 0000000000000000
[  934.809705][T14432] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  934.809719][T14432] R13: 0000000000000010 R14: 0000555590dc45d0 R15: 00007ffd62cc3cd0
[  934.809755][T14432]  </TASK>
[  934.810193][T14432] syz-executor: attempt to access beyond end of device
[  934.810193][T14432] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  935.304664][T16386] loop2: detected capacity change from 0 to 512
[  935.410548][T14432] syz-executor: attempt to access beyond end of device
[  935.410548][T14432] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  935.494837][T16386] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.2982: Failed to acquire dquot type 1
[  935.508551][T14432] CPU: 0 UID: 0 PID: 14432 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  935.508573][T14432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  935.508583][T14432] Call Trace:
[  935.508590][T14432]  <TASK>
[  935.508596][T14432]  dump_stack_lvl+0x189/0x250
[  935.508623][T14432]  ? __pfx_dump_stack_lvl+0x10/0x10
[  935.508642][T14432]  ? __pfx_queue_work_on+0x10/0x10
[  935.508658][T14432]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  935.508676][T14432]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  935.508702][T14432]  f2fs_handle_critical_error+0x37c/0x540
[  935.508734][T14432]  f2fs_write_end_io+0x94b/0xc10
[  935.508766][T14432]  __submit_merged_bio+0x256/0x660
[  935.508795][T14432]  __submit_merged_write_cond+0x269/0x530
[  935.508825][T14432]  f2fs_write_data_pages+0x2756/0x3290
[  935.508840][T14432]  ? arch_stack_walk+0xfc/0x150
[  935.508886][T14432]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  935.508939][T14432]  ? unwind_next_frame+0xa5/0x2390
[  935.508956][T14432]  ? rcu_is_watching+0x15/0xb0
[  935.508974][T14432]  ? __kasan_check_byte+0x12/0x40
[  935.508991][T14432]  ? __bfs+0x154/0x290
[  935.509006][T14432]  ? __pfx_hlock_conflict+0x10/0x10
[  935.509039][T14432]  ? lockdep_unlock+0x89/0x120
[  935.509052][T14432]  ? __lock_acquire+0x146f/0x2cf0
[  935.509091][T14432]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  935.509108][T14432]  do_writepages+0x32e/0x550
[  935.509155][T14432]  ? do_raw_spin_unlock+0x122/0x240
[  935.509181][T14432]  filemap_fdatawrite+0x199/0x240
[  935.509203][T14432]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  935.509264][T14432]  ? do_raw_spin_unlock+0x122/0x240
[  935.509290][T14432]  f2fs_sync_dirty_inodes+0x30f/0x810
[  935.509321][T14432]  f2fs_write_checkpoint+0x93e/0x2440
[  935.509337][T14432]  ? stack_depot_save_flags+0x422/0x850
[  935.509381][T14432]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  935.509440][T14432]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  935.509458][T14432]  ? kfree+0x1c0/0x660
[  935.509489][T14432]  kill_f2fs_super+0x2d2/0x6c0
[  935.509512][T14432]  ? __pfx_kill_f2fs_super+0x10/0x10
[  935.509545][T14432]  ? shrinker_free+0x2ce/0x3e0
[  935.509565][T14432]  deactivate_locked_super+0xbc/0x130
[  935.509589][T14432]  cleanup_mnt+0x425/0x4c0
[  935.509612][T14432]  ? lockdep_hardirqs_on+0x98/0x140
[  935.509632][T14432]  task_work_run+0x1d4/0x260
[  935.509656][T14432]  ? __pfx_task_work_run+0x10/0x10
[  935.509682][T14432]  ? exit_to_user_mode_loop+0x55/0x4f0
[  935.509702][T14432]  exit_to_user_mode_loop+0xff/0x4f0
[  935.509717][T14432]  ? rcu_is_watching+0x15/0xb0
[  935.509739][T14432]  do_syscall_64+0x2e3/0xf80
[  935.509758][T14432]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  935.509773][T14432]  ? clear_bhb_loop+0x60/0xb0
[  935.509792][T14432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  935.509806][T14432] RIP: 0033:0x7f4c66190a77
[  935.509820][T14432] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  935.509834][T14432] RSP: 002b:00007ffd62cc1a58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  935.509849][T14432] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f4c66190a77
[  935.509860][T14432] RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007ffd62cc2c00
[  935.509869][T14432] RBP: 00007f4c66213d7d R08: 0000000000000000 R09: 0000000000000000
[  935.509878][T14432] R10: 0000000000001000 R11: 0000000000000202 R12: 00007ffd62cc2c00
[  935.509888][T14432] R13: 00007f4c66213d7d R14: 0000555590da94a8 R15: 00007ffd62cc3cd0
[  935.509915][T14432]  </TASK>
[  935.509921][T14432] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  935.615649][T16386] EXT4-fs (loop2): 1 truncate cleaned up
[  935.882977][T16386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  935.896628][T16386] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  935.994469][T16386] __quota_error: 5 callbacks suppressed
[  935.994484][T16386] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  936.069501][T16386] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  936.162558][T16386] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.2982: Failed to acquire dquot type 1
[  936.457847][T16402] Bluetooth: MGMT ver 1.23
[  936.472696][T15913] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  936.638431][T16404] input: syz1 as /devices/virtual/input/input7
[  936.771188][ T7526] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  936.851964][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  936.858367][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  936.980772][ T7526] usb 7-1: Using ep0 maxpacket: 16
[  937.734462][ T7526] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  937.871666][ T7526] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  937.948023][ T7526] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  937.970380][ T7526] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  938.011569][ T7526] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  938.030222][ T7526] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  938.071140][ T7526] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  938.085071][ T7526] usb 7-1: Manufacturer: syz
[  938.140969][ T7526] usb 7-1: config 0 descriptor??
[  938.395225][T16432] loop3: detected capacity change from 0 to 512
[  938.417600][T16432] EXT4-fs: Ignoring removed mblk_io_submit option
[  938.457621][T16432] ext4: Unknown parameter 'hash'
[  939.622057][ T7526] rc_core: IR keymap rc-hauppauge not found
[  939.628028][ T7526] Registered IR keymap rc-empty
[  939.638621][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  939.667757][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  939.693763][ T7526] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  939.761799][ T7526] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input8
[  939.785275][T16444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2999'.
[  939.827893][T16444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2999'.
[  939.843965][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  939.875104][T16444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2999'.
[  939.910877][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.024591][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.050963][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.102781][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.203784][T16454] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  940.213476][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.260781][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.315411][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.372077][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.390906][ T7526] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  940.423816][ T7526] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  940.482855][ T7526] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  941.473861][ T9780] usb 7-1: USB disconnect, device number 10
[  941.853616][T16498] loop1: detected capacity change from 0 to 256
[  941.882501][T16498] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  941.938536][T16498] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  942.281733][T10322] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  942.461421][T10322] usb 2-1: Using ep0 maxpacket: 32
[  942.469111][T10322] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  942.496012][T10322] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  942.535710][T10322] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  942.576746][T10322] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  942.602716][T10322] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  942.629719][T10322] usb 2-1: Product: syz
[  942.704799][T10322] usb 2-1: Manufacturer: syz
[  942.720255][T10322] usb 2-1: SerialNumber: syz
[  942.747104][T10322] usb 2-1: config 0 descriptor??
[  942.799431][T10322] rndis_host 2-1:0.0: skipping garbage
[  942.821750][T10322] usb 2-1: bad CDC descriptors
[  942.838300][T10322] cdc_acm 2-1:0.0: skipping garbage
[  942.855317][T10322] cdc_acm 2-1:0.0: Control and data interfaces are not separated!
[  942.883048][T10322] cdc_acm 2-1:0.0: This needs exactly 3 endpoints
[  942.903751][T10322] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[  943.019663][T16530] futex_wake_op: syz.3.3023 tries to shift op by 144; fix this program
[  943.070064][T16498] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3014'.
[  944.665975][T16549] sctp: [Deprecated]: syz.1.3014 (pid 16549) Use of struct sctp_assoc_value in delayed_ack socket option.
[  944.665975][T16549] Use struct sctp_sack_info instead
[  946.357015][ T9780] usb 2-1: USB disconnect, device number 9
[  946.727056][T16599] futex_wake_op: syz.2.3045 tries to shift op by 144; fix this program
[  948.148973][T16612] batadv_slave_1: entered promiscuous mode
[  948.162166][T16612] FAULT_INJECTION: forcing a failure.
[  948.162166][T16612] name failslab, interval 1, probability 0, space 0, times 0
[  948.183571][T16612] CPU: 1 UID: 0 PID: 16612 Comm: syz.1.3051 Not tainted syzkaller #0 PREEMPT(full) 
[  948.183602][T16612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  948.183616][T16612] Call Trace:
[  948.183625][T16612]  <TASK>
[  948.183635][T16612]  dump_stack_lvl+0x189/0x250
[  948.183665][T16612]  ? __pfx____ratelimit+0x10/0x10
[  948.183688][T16612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  948.183714][T16612]  ? __pfx__printk+0x10/0x10
[  948.183747][T16612]  ? __pfx___might_resched+0x10/0x10
[  948.183771][T16612]  ? fs_reclaim_acquire+0x7d/0x100
[  948.183799][T16612]  should_fail_ex+0x414/0x560
[  948.183829][T16612]  should_failslab+0xa8/0x100
[  948.183857][T16612]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  948.183892][T16612]  ? __alloc_skb+0x255/0x430
[  948.183914][T16612]  ? napi_skb_cache_get+0x4a5/0x780
[  948.183937][T16612]  ? napi_skb_cache_get+0x151/0x780
[  948.183965][T16612]  __alloc_skb+0x255/0x430
[  948.183992][T16612]  ? __pfx___alloc_skb+0x10/0x10
[  948.184019][T16612]  ? netlink_autobind+0xdb/0x300
[  948.184048][T16612]  ? netlink_autobind+0x2c2/0x300
[  948.184084][T16612]  netlink_sendmsg+0x5c6/0xb30
[  948.184112][T16612]  ? aa_sk_perm+0x15f/0x920
[  948.184151][T16612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  948.184182][T16612]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  948.184220][T16612]  ? __pfx_aa_file_perm+0x10/0x10
[  948.184245][T16612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  948.184274][T16612]  sock_sendmsg_nosec+0x18f/0x1d0
[  948.184310][T16612]  sock_write_iter+0x2d9/0x3d0
[  948.184345][T16612]  ? __pfx_sock_write_iter+0x10/0x10
[  948.184388][T16612]  ? bpf_lsm_file_permission+0x9/0x20
[  948.184409][T16612]  ? security_file_permission+0x75/0x290
[  948.184445][T16612]  vfs_write+0x5c9/0xb30
[  948.184470][T16612]  ? __pfx_sock_write_iter+0x10/0x10
[  948.184503][T16612]  ? __pfx_vfs_write+0x10/0x10
[  948.184534][T16612]  ? __fget_files+0x2a/0x420
[  948.184589][T16612]  ksys_write+0x145/0x250
[  948.184613][T16612]  ? __pfx_ksys_write+0x10/0x10
[  948.184638][T16612]  ? do_syscall_64+0xbe/0xf80
[  948.184667][T16612]  do_syscall_64+0xfa/0xf80
[  948.184692][T16612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.184725][T16612]  ? clear_bhb_loop+0x60/0xb0
[  948.184750][T16612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.184770][T16612] RIP: 0033:0x7f6148b8f749
[  948.184789][T16612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  948.184826][T16612] RSP: 002b:00007f61499eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  948.184849][T16612] RAX: ffffffffffffffda RBX: 00007f6148de5fa0 RCX: 00007f6148b8f749
[  948.184865][T16612] RDX: 0000000000000027 RSI: 0000200000000040 RDI: 0000000000000005
[  948.184879][T16612] RBP: 00007f61499eb090 R08: 0000000000000000 R09: 0000000000000000
[  948.184892][T16612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  948.184904][T16612] R13: 00007f6148de6038 R14: 00007f6148de5fa0 R15: 00007ffe1d186d48
[  948.184938][T16612]  </TASK>
[  948.236481][T16611] batadv_slave_1: left promiscuous mode
[  949.182352][T10970] Bluetooth: hci4: command 0x0405 tx timeout
[  950.486653][T16651] futex_wake_op: syz.1.3061 tries to shift op by 144; fix this program
[  950.608714][T16655] loop3: detected capacity change from 0 to 64
[  950.680799][   T10] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  950.848998][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  950.868337][   T10] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  950.892549][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.928009][   T10] usb 3-1: config 0 descriptor??
[  950.938206][T16650] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  951.020900][T10322] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  951.168256][T16665] loop6: detected capacity change from 0 to 256
[  951.247325][T10322] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  951.258457][T10322] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  951.278490][T10322] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.296798][T16665] msdos: Unknown parameter 'iid'
[  951.374522][T10322] usb 4-1: config 0 descriptor??
[  951.380414][T16660] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  951.427431][   T10] elan 0003:04F3:0755.0001: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  951.428250][T16665] loop6: detected capacity change from 0 to 256
[  951.501347][T16665] msdos: Unknown parameter 'iid'
[  951.567376][ T9780] usb 3-1: USB disconnect, device number 7
[  951.625419][T16665] loop6: detected capacity change from 0 to 256
[  951.642149][T10970] Bluetooth: hci3: command 0x0405 tx timeout
[  951.665769][T16665] msdos: Unknown parameter 'iid'
[  951.715604][T16665] loop6: detected capacity change from 0 to 256
[  951.722124][T16670] fido_id[16670]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  951.771203][T16665] msdos: Unknown parameter 'iid'
[  951.857058][T10322] elan 0003:04F3:0755.0002: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0
[  951.914121][T16665] loop6: detected capacity change from 0 to 256
[  951.940502][T16665] msdos: Unknown parameter 'iid'
[  952.035504][T16665] loop6: detected capacity change from 0 to 256
[  952.096639][T10322] usb 4-1: USB disconnect, device number 7
[  952.145075][T16665] msdos: Unknown parameter 'iid'
[  952.299911][T16665] loop6: detected capacity change from 0 to 256
[  952.365870][T16665] msdos: Unknown parameter 'iid'
[  952.495224][T16665] loop6: detected capacity change from 0 to 256
[  952.511592][T16665] msdos: Unknown parameter 'iid'
[  953.195473][T16692] futex_wake_op: syz.0.3073 tries to shift op by 144; fix this program
[  953.960907][T10322] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  954.001662][ T5827] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  954.011891][ T5827] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  954.021528][ T5827] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  954.043258][ T5827] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  954.054126][ T5827] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  954.141860][T10322] usb 3-1: Using ep0 maxpacket: 16
[  954.721363][T10322] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  954.738276][T10322] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  954.748604][T10322] usb 3-1: Product: syz
[  954.768386][T10322] usb 3-1: Manufacturer: syz
[  954.783578][T10322] usb 3-1: SerialNumber: syz
[  954.817393][T10322] r8152-cfgselector 3-1: Unknown version 0x0000
[  954.835655][T10322] r8152-cfgselector 3-1: config 0 descriptor??
[  954.860886][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  955.056576][   T10] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  955.077784][ T3453] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.088362][   T10] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  955.088433][   T10] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  955.088535][   T10] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  955.171256][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.198599][   T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  955.307087][ T8724] udevd[8724]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  955.327153][   T10] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -12
[  955.383976][ T3453] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.546971][T16721] batadv_slave_1: entered promiscuous mode
[  955.583884][T10932] r8152-cfgselector 3-1: USB disconnect, device number 8
[  956.120897][ T5827] Bluetooth: hci5: command tx timeout
[  956.408742][T16702] batadv_slave_1: left promiscuous mode
[  956.550544][ T3453] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  956.597823][T16706] chnl_net:caif_netlink_parms(): no params data found
[  956.701086][T16736] futex_wake_op: syz.3.3085 tries to shift op by 144; fix this program
[  956.783141][T10932] usb 1-1: USB disconnect, device number 8
[  956.796253][ T3453] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.215921][T16706] bridge0: port 1(bridge_slave_0) entered blocking state
[  957.238242][T16706] bridge0: port 1(bridge_slave_0) entered disabled state
[  957.258517][T16706] bridge_slave_0: entered allmulticast mode
[  957.267881][T16706] bridge_slave_0: entered promiscuous mode
[  957.308207][T16706] bridge0: port 2(bridge_slave_1) entered blocking state
[  957.327934][T16706] bridge0: port 2(bridge_slave_1) entered disabled state
[  957.346685][T16706] bridge_slave_1: entered allmulticast mode
[  957.355805][T16706] bridge_slave_1: entered promiscuous mode
[  957.593164][T16706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  957.645459][T16706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  958.201049][ T5827] Bluetooth: hci5: command tx timeout
[  958.695430][T16706] team0: Port device team_slave_0 added
[  958.939271][T16784] FAULT_INJECTION: forcing a failure.
[  958.939271][T16784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  958.953456][T16784] CPU: 1 UID: 0 PID: 16784 Comm: syz.6.3099 Not tainted syzkaller #0 PREEMPT(full) 
[  958.953486][T16784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  958.953500][T16784] Call Trace:
[  958.953509][T16784]  <TASK>
[  958.953517][T16784]  dump_stack_lvl+0x189/0x250
[  958.953549][T16784]  ? __pfx____ratelimit+0x10/0x10
[  958.953574][T16784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  958.953600][T16784]  ? __pfx__printk+0x10/0x10
[  958.953632][T16784]  ? __might_fault+0xb0/0x130
[  958.953676][T16784]  should_fail_ex+0x414/0x560
[  958.953706][T16784]  _copy_from_user+0x2d/0xb0
[  958.953738][T16784]  __sys_bpf+0x1e3/0x860
[  958.953773][T16784]  ? __pfx___sys_bpf+0x10/0x10
[  958.953828][T16784]  ? ksys_write+0x22a/0x250
[  958.953853][T16784]  ? __pfx_ksys_write+0x10/0x10
[  958.953880][T16784]  __x64_sys_bpf+0x7c/0x90
[  958.953908][T16784]  do_syscall_64+0xfa/0xf80
[  958.953935][T16784]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.953956][T16784]  ? clear_bhb_loop+0x60/0xb0
[  958.953982][T16784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  958.954003][T16784] RIP: 0033:0x7fc12458f749
[  958.954023][T16784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  958.954042][T16784] RSP: 002b:00007fc125340038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  958.954065][T16784] RAX: ffffffffffffffda RBX: 00007fc1247e5fa0 RCX: 00007fc12458f749
[  958.954081][T16784] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005
[  958.954096][T16784] RBP: 00007fc125340090 R08: 0000000000000000 R09: 0000000000000000
[  958.954108][T16784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  958.954121][T16784] R13: 00007fc1247e6038 R14: 00007fc1247e5fa0 R15: 00007ffc636e2878
[  958.954156][T16784]  </TASK>
[  959.273257][T16786] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  959.280382][T16786] overlayfs: failed to set xattr on upper
[  959.286226][T16786] overlayfs: ...falling back to redirect_dir=nofollow.
[  959.293200][T16786] overlayfs: ...falling back to index=off.
[  959.299149][T16786] overlayfs: maximum fs stacking depth exceeded
[  960.281095][ T5827] Bluetooth: hci5: command tx timeout
[  960.308924][ T3453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  960.341145][ T3453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  960.369498][ T3453] bond0 (unregistering): Released all slaves
[  960.386180][T16706] team0: Port device team_slave_1 added
[  960.624781][ T3453] tipc: Left network mode
[  960.626586][T16706] batman_adv: batadv0: Adding interface: batadv_slave_0
[  960.657492][T16706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  960.801364][T16706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  960.876441][T16706] batman_adv: batadv0: Adding interface: batadv_slave_1
[  960.900747][T16706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  960.994508][T16706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  962.199382][T16706] hsr_slave_0: entered promiscuous mode
[  962.214346][T16706] hsr_slave_1: entered promiscuous mode
[  962.245996][T16706] debugfs: 'hsr0' already exists in 'hsr'
[  962.261357][T16706] Cannot create hsr debugfs directory
[  962.360764][ T5827] Bluetooth: hci5: command tx timeout
[  962.656660][ T3453] hsr_slave_0: left promiscuous mode
[  962.671663][ T3453] hsr_slave_1: left promiscuous mode
[  962.679110][ T3453] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  962.688325][ T3453] batman_adv: batadv0: Removing interface: batadv_slave_0
[  962.707722][ T3453] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  962.717595][ T3453] batman_adv: batadv0: Removing interface: batadv_slave_1
[  962.746060][ T3453] veth1_macvtap: left promiscuous mode
[  962.760076][ T3453] veth0_macvtap: left promiscuous mode
[  962.766930][ T3453] veth1_vlan: left promiscuous mode
[  962.773246][ T3453] veth0_vlan: left promiscuous mode
[  963.145291][T16862] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  963.152491][T16862] overlayfs: failed to set xattr on upper
[  963.158386][T16862] overlayfs: ...falling back to redirect_dir=nofollow.
[  963.166411][T16862] overlayfs: ...falling back to index=off.
[  963.173243][T16862] overlayfs: maximum fs stacking depth exceeded
[  964.015268][ T3453] team0 (unregistering): Port device team_slave_1 removed
[  964.066091][ T3453] team0 (unregistering): Port device team_slave_0 removed
[  965.943590][T16880] futex_wake_op: syz.0.3123 tries to shift op by 144; fix this program
[  967.396130][T16922] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  967.403585][T16922] overlayfs: failed to set xattr on upper
[  967.409405][T16922] overlayfs: ...falling back to redirect_dir=nofollow.
[  967.416516][T16922] overlayfs: ...falling back to index=off.
[  967.422640][T16922] overlayfs: maximum fs stacking depth exceeded
[  968.123370][T16706] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  968.315548][T16706] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  968.445474][T16931] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  968.452693][T16931] overlayfs: failed to set xattr on upper
[  968.458494][T16931] overlayfs: ...falling back to redirect_dir=nofollow.
[  968.465488][T16931] overlayfs: ...falling back to index=off.
[  968.471480][T16931] overlayfs: maximum fs stacking depth exceeded
[  969.002562][T16706] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  969.066891][T16706] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  969.558669][T16706] 8021q: adding VLAN 0 to HW filter on device bond0
[  969.610082][T16962] loop2: detected capacity change from 0 to 256
[  969.673530][T16706] 8021q: adding VLAN 0 to HW filter on device team0
[  969.681890][T16962] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  969.733226][ T6003] bridge0: port 1(bridge_slave_0) entered blocking state
[  969.740447][ T6003] bridge0: port 1(bridge_slave_0) entered forwarding state
[  969.740877][T16962] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  969.797441][T16967] loop6: detected capacity change from 0 to 256
[  969.827845][ T6003] bridge0: port 2(bridge_slave_1) entered blocking state
[  969.835110][ T6003] bridge0: port 2(bridge_slave_1) entered forwarding state
[  969.855399][T16967] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  969.949843][T16967] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  970.151051][ T6502] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  970.420897][ T6502] usb 3-1: Using ep0 maxpacket: 32
[  970.482434][ T6502] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  970.526466][ T6502] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  970.571396][ T7526] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  970.577281][ T6502] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  970.635295][ T6502] usb 3-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  970.660973][ T6502] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.669039][ T6502] usb 3-1: Product: syz
[  970.690484][ T6502] usb 3-1: Manufacturer: syz
[  970.696809][ T6502] usb 3-1: SerialNumber: syz
[  970.721736][ T6502] usb 3-1: config 0 descriptor??
[  970.735518][ T6502] rndis_host 3-1:0.0: skipping garbage
[  970.751557][ T6502] usb 3-1: bad CDC descriptors
[  970.761125][ T6502] cdc_acm 3-1:0.0: skipping garbage
[  970.762429][ T7526] usb 7-1: Using ep0 maxpacket: 32
[  970.767667][ T6502] cdc_acm 3-1:0.0: Control and data interfaces are not separated!
[  970.802624][ T6502] cdc_acm 3-1:0.0: This needs exactly 3 endpoints
[  970.809453][ T6502] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22
[  970.814842][ T7526] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  970.857015][ T7526] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  970.892734][ T7526] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  970.965256][ T7526] usb 7-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  970.976164][T16962] netlink: 27 bytes leftover after parsing attributes in process `syz.2.3144'.
[  970.998716][ T7526] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  971.015187][ T7526] usb 7-1: Product: syz
[  971.019411][ T7526] usb 7-1: Manufacturer: syz
[  971.024838][ T7526] usb 7-1: SerialNumber: syz
[  971.280455][ T7526] usb 7-1: config 0 descriptor??
[  971.294183][ T7526] rndis_host 7-1:0.0: skipping garbage
[  971.300123][ T7526] usb 7-1: bad CDC descriptors
[  971.658346][T16989] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  971.667130][T16989] overlayfs: failed to set xattr on upper
[  971.673107][T16989] overlayfs: ...falling back to redirect_dir=nofollow.
[  971.679993][T16989] overlayfs: ...falling back to index=off.
[  971.685915][T16989] overlayfs: maximum fs stacking depth exceeded
[  971.695391][T16967] netlink: 27 bytes leftover after parsing attributes in process `syz.6.3145'.
[  971.716663][T16990] sctp: [Deprecated]: syz.2.3144 (pid 16990) Use of struct sctp_assoc_value in delayed_ack socket option.
[  971.716663][T16990] Use struct sctp_sack_info instead
[  971.717811][ T7526] cdc_acm 7-1:0.0: skipping garbage
[  971.739488][ T7526] cdc_acm 7-1:0.0: Control and data interfaces are not separated!
[  971.750250][ T7526] cdc_acm 7-1:0.0: This needs exactly 3 endpoints
[  971.837996][ T7526] cdc_acm 7-1:0.0: probe with driver cdc_acm failed with error -22
[  972.843347][   T30] audit: type=1326 audit(1764344171.960:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  972.926404][T10322] usb 3-1: USB disconnect, device number 9
[  973.000025][   T30] audit: type=1326 audit(1764344171.960:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  973.113799][   T30] audit: type=1326 audit(1764344171.960:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4c6618df90 code=0x7ffc0000
[  973.152496][   T10] usb 7-1: USB disconnect, device number 11
[  973.214465][   T30] audit: type=1326 audit(1764344171.960:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4c6618df90 code=0x7ffc0000
[  973.215027][T16706] 8021q: adding VLAN 0 to HW filter on device batadv0
[  973.358680][   T30] audit: type=1326 audit(1764344171.960:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  973.758866][   T30] audit: type=1326 audit(1764344171.960:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  973.919039][   T30] audit: type=1326 audit(1764344171.960:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  974.006860][   T30] audit: type=1326 audit(1764344171.970:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  974.154019][T16706] veth0_vlan: entered promiscuous mode
[  974.160611][   T30] audit: type=1326 audit(1764344171.970:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  974.228973][T16706] veth1_vlan: entered promiscuous mode
[  974.275464][   T30] audit: type=1326 audit(1764344171.970:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16997 comm="syz.3.3150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  974.399452][T16706] veth0_macvtap: entered promiscuous mode
[  974.431546][T16706] veth1_macvtap: entered promiscuous mode
[  974.520143][T16706] batman_adv: batadv0: Interface activated: batadv_slave_0
[  974.562339][T16706] batman_adv: batadv0: Interface activated: batadv_slave_1
[  974.594935][ T6003] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  974.641276][ T6003] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  974.706764][   T69] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  974.752225][ T6186] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  974.980321][T17047] loop0: detected capacity change from 0 to 64
[  975.056651][ T7070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  975.087128][ T7070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  975.356253][T17047] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  975.525193][ T6374] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  975.550143][ T6374] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  976.011263][T15362] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  976.201395][T15362] usb 1-1: Using ep0 maxpacket: 32
[  976.637599][T15362] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  976.735444][T15362] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  976.746315][T15362] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  976.803230][T15362] usb 1-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  976.851777][T15362] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.859832][T15362] usb 1-1: Product: syz
[  976.911146][T15362] usb 1-1: Manufacturer: syz
[  976.915818][T15362] usb 1-1: SerialNumber: syz
[  976.924160][T15362] usb 1-1: config 0 descriptor??
[  976.957847][T15362] rndis_host 1-1:0.0: skipping garbage
[  976.968439][T15362] usb 1-1: bad CDC descriptors
[  976.981343][T15362] cdc_acm 1-1:0.0: skipping garbage
[  976.996928][T15362] cdc_acm 1-1:0.0: Control and data interfaces are not separated!
[  977.017622][T15362] cdc_acm 1-1:0.0: This needs exactly 3 endpoints
[  977.034056][T17078] loop6: detected capacity change from 0 to 256
[  977.045028][T15362] cdc_acm 1-1:0.0: probe with driver cdc_acm failed with error -22
[  977.096434][T17078] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  977.204795][T17078] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[  977.221549][T17059] netlink: 27 bytes leftover after parsing attributes in process `syz.0.3164'.
[  977.703555][T17086] sctp: [Deprecated]: syz.0.3164 (pid 17086) Use of struct sctp_assoc_value in delayed_ack socket option.
[  977.703555][T17086] Use struct sctp_sack_info instead
[  978.403014][   T24] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  979.092397][   T24] usb 7-1: Using ep0 maxpacket: 32
[  979.110981][   T24] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  979.141527][   T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  979.168103][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  979.219220][   T24] usb 7-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=b1.bd
[  979.231006][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  979.306795][T11989] usb 1-1: USB disconnect, device number 9
[  979.319286][   T24] usb 7-1: Product: syz
[  979.334667][   T24] usb 7-1: Manufacturer: syz
[  979.339544][   T24] usb 7-1: SerialNumber: syz
[  979.366762][   T24] usb 7-1: config 0 descriptor??
[  979.383955][   T24] rndis_host 7-1:0.0: skipping garbage
[  979.389486][   T24] usb 7-1: bad CDC descriptors
[  979.424934][   T24] cdc_acm 7-1:0.0: skipping garbage
[  979.447589][   T24] cdc_acm 7-1:0.0: Control and data interfaces are not separated!
[  979.478216][   T24] cdc_acm 7-1:0.0: This needs exactly 3 endpoints
[  979.501334][   T24] cdc_acm 7-1:0.0: probe with driver cdc_acm failed with error -22
[  979.604264][T17103] loop2: detected capacity change from 0 to 2048
[  979.631782][T17078] netlink: 27 bytes leftover after parsing attributes in process `syz.6.3167'.
[  979.676674][T17103] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  980.079835][T17112] sctp: [Deprecated]: syz.6.3167 (pid 17112) Use of struct sctp_assoc_value in delayed_ack socket option.
[  980.079835][T17112] Use struct sctp_sack_info instead
[  981.776218][ T6502] usb 7-1: USB disconnect, device number 12
[  983.077011][T17161] futex_wake_op: syz.0.3186 tries to shift op by 144; fix this program
[  984.563471][T17172] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  984.571123][T17172] overlayfs: failed to set xattr on upper
[  984.576960][T17172] overlayfs: ...falling back to redirect_dir=nofollow.
[  984.584588][T17172] overlayfs: ...falling back to index=off.
[  984.590841][T17172] overlayfs: maximum fs stacking depth exceeded
[  986.867976][T17207] futex_wake_op: syz.6.3202 tries to shift op by 144; fix this program
[  989.408588][T17248] futex_wake_op: syz.3.3216 tries to shift op by 144; fix this program
[  990.156148][T17251] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3217'.
[  990.182527][T17251] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3217'.
[  990.695133][T17273] futex_wake_op: syz.3.3224 tries to shift op by 144; fix this program
[  990.958070][T17279] loop0: detected capacity change from 0 to 64
[  991.141965][T17281] loop1: detected capacity change from 0 to 64
[  991.183445][T17281] FAULT_INJECTION: forcing a failure.
[  991.183445][T17281] name failslab, interval 1, probability 0, space 0, times 0
[  991.270249][T17281] CPU: 1 UID: 0 PID: 17281 Comm: syz.1.3228 Not tainted syzkaller #0 PREEMPT(full) 
[  991.270272][T17281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  991.270282][T17281] Call Trace:
[  991.270288][T17281]  <TASK>
[  991.270295][T17281]  dump_stack_lvl+0x189/0x250
[  991.270323][T17281]  ? __pfx____ratelimit+0x10/0x10
[  991.270339][T17281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  991.270357][T17281]  ? __pfx__printk+0x10/0x10
[  991.270392][T17281]  ? __pfx___might_resched+0x10/0x10
[  991.270415][T17281]  ? fs_reclaim_acquire+0x7d/0x100
[  991.270444][T17281]  should_fail_ex+0x414/0x560
[  991.270474][T17281]  should_failslab+0xa8/0x100
[  991.270503][T17281]  __kmalloc_noprof+0xdf/0x800
[  991.270524][T17281]  ? hfs_find_init+0xaa/0x300
[  991.270548][T17281]  hfs_find_init+0xaa/0x300
[  991.270570][T17281]  hfs_readdir+0x1cf/0xae0
[  991.270591][T17281]  ? aa_file_perm+0x139/0x1530
[  991.270613][T17281]  ? __pfx_hfs_readdir+0x10/0x10
[  991.270674][T17281]  ? iterate_dir+0x292/0x570
[  991.270706][T17281]  ? iterate_dir+0x292/0x570
[  991.270724][T17281]  ? down_read_killable+0x1bc/0x350
[  991.270760][T17281]  iterate_dir+0x399/0x570
[  991.270786][T17281]  __se_sys_getdents64+0xe4/0x260
[  991.270810][T17281]  ? __pfx___se_sys_getdents64+0x10/0x10
[  991.270829][T17281]  ? ksys_write+0x22a/0x250
[  991.270846][T17281]  ? __pfx_filldir64+0x10/0x10
[  991.270863][T17281]  ? __pfx_ksys_write+0x10/0x10
[  991.270880][T17281]  ? do_syscall_64+0xbe/0xf80
[  991.270900][T17281]  do_syscall_64+0xfa/0xf80
[  991.270919][T17281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  991.270933][T17281]  ? clear_bhb_loop+0x60/0xb0
[  991.270952][T17281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  991.270966][T17281] RIP: 0033:0x7fc5ed38f749
[  991.270980][T17281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  991.270993][T17281] RSP: 002b:00007fc5eb5f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  991.271009][T17281] RAX: ffffffffffffffda RBX: 00007fc5ed5e5fa0 RCX: 00007fc5ed38f749
[  991.271021][T17281] RDX: 0000000000001000 RSI: 0000200000000f80 RDI: 0000000000000004
[  991.271031][T17281] RBP: 00007fc5eb5f6090 R08: 0000000000000000 R09: 0000000000000000
[  991.271040][T17281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  991.271048][T17281] R13: 00007fc5ed5e6038 R14: 00007fc5ed5e5fa0 R15: 00007fff98d24138
[  991.271080][T17281]  </TASK>
[  991.320788][T17283] loop2: detected capacity change from 0 to 2048
[  991.360517][T17287] loop0: detected capacity change from 0 to 2048
[  991.554733][T17283] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  991.941651][T17287] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  992.399298][T17287] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  992.538154][T10970] Bluetooth: hci3: unexpected event for opcode 0x0c26
[  992.564107][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  993.355545][T17307] loop2: detected capacity change from 0 to 512
[  993.419336][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  993.426410][T17307] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  993.445679][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  993.454437][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  993.460068][T17307] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  993.474501][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  993.484642][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  993.499932][T17307] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  993.542619][T17307] EXT4-fs (loop2): 1 truncate cleaned up
[  993.558518][T17307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  993.579239][T17313] program syz.1.3239 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  993.672698][T17296] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  993.699577][T17316] loop1: detected capacity change from 0 to 512
[  993.721756][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  993.721777][   T30] audit: type=1326 audit(1764344192.850:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  993.767157][   T30] audit: type=1326 audit(1764344192.860:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  993.791315][   T30] audit: type=1326 audit(1764344192.860:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  993.820597][T15913] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  993.835581][T17316] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  993.861916][T17316] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  993.872750][   T30] audit: type=1326 audit(1764344192.860:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  993.905118][   T30] audit: type=1326 audit(1764344192.860:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  993.955058][   T30] audit: type=1326 audit(1764344192.860:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  994.046283][T17325] 9p: Bad value for 'source'
[  994.066659][   T30] audit: type=1326 audit(1764344192.860:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  994.123185][T16706] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  994.151783][   T30] audit: type=1326 audit(1764344192.860:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  994.248311][T17296] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.285276][   T30] audit: type=1326 audit(1764344192.860:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  994.388511][   T30] audit: type=1326 audit(1764344192.860:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17317 comm="syz.3.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  994.478613][T17296] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.673625][T17296] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.518768][T17363] loop3: detected capacity change from 0 to 512
[  995.561925][ T5827] Bluetooth: hci0: command tx timeout
[  995.627679][T17363] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  995.706063][T17363] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  995.914639][T14432] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  996.193358][T17383] loop2: detected capacity change from 0 to 512
[  996.212869][T17383] EXT4-fs: Ignoring removed bh option
[  996.276423][T17383] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  996.307595][T17383] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  996.421199][T17383] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  996.457656][T17383] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  996.489022][T17383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  996.665171][T17296] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  996.693648][T17296] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  996.717018][T17296] bond0 (unregistering): Released all slaves
[  996.865955][T17308] chnl_net:caif_netlink_parms(): no params data found
[  996.950116][T17296] tipc: Left network mode
[  996.975617][T15913] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  997.462872][T17410] bridge0: port 3(gretap0) entered blocking state
[  997.506492][T17420] 9p: Bad value for 'dfltgid'
[  997.520898][T17420] 9p: Bad value for 'dfltgid'
[  997.541799][T17410] bridge0: port 3(gretap0) entered disabled state
[  997.588242][T17410] gretap0: entered allmulticast mode
[  997.613530][T17410] gretap0: entered promiscuous mode
[  997.619665][T17410] bridge0: port 3(gretap0) entered blocking state
[  997.626629][T17410] bridge0: port 3(gretap0) entered forwarding state
[  997.641795][ T5827] Bluetooth: hci0: command tx timeout
[  997.850338][T17432] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3277'.
[  997.875285][T17430] loop6: detected capacity change from 0 to 2048
[  997.925616][T17430] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  997.977882][T17432] bond0: entered promiscuous mode
[  998.017750][T17432] bond_slave_0: entered promiscuous mode
[  998.080986][T17432] bond_slave_1: entered promiscuous mode
[  998.097797][T10969] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  998.110483][T17432] bond0: left promiscuous mode
[  998.131573][T17432] bond_slave_0: left promiscuous mode
[  998.171079][T17432] bond_slave_1: left promiscuous mode
[  998.307653][T17429] smc: net device bond0 applied user defined pnetid SYZ0
[  998.313948][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  998.321991][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  998.473404][T17438] smc: net device bond0 erased user defined pnetid SYZ0
[  998.591540][T17444] loop1: detected capacity change from 0 to 8192
[  998.679074][T17453] loop3: detected capacity change from 0 to 512
[  998.735130][T17453] EXT4-fs (loop3): orphan cleanup on readonly fs
[  998.760526][T17453] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3281: bad orphan inode 13
[  998.794352][T17453] ext4_test_bit(bit=12, block=18) = 1
[  998.847096][T17453] is_bad_inode(inode)=0
[  998.873507][T17453] NEXT_ORPHAN(inode)=2130706432
[  998.878433][T17453] max_ino=32
[  998.882153][T17453] i_nlink=1
[  998.887663][T17453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  998.921220][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  998.921237][   T30] audit: type=1326 audit(1764344198.060:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4c6618df90 code=0x7ffc0000
[  998.958326][   T30] audit: type=1326 audit(1764344198.090:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f4c6618e497 code=0x7ffc0000
[  999.012863][   T30] audit: type=1326 audit(1764344198.090:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4c6618df90 code=0x7ffc0000
[  999.038220][T17453] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  999.066786][   T30] audit: type=1326 audit(1764344198.090:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.071012][T17296] hsr_slave_0: left promiscuous mode
[  999.121262][   T30] audit: type=1326 audit(1764344198.090:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.147893][   T30] audit: type=1326 audit(1764344198.120:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.204565][   T30] audit: type=1326 audit(1764344198.120:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.230153][T17453] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  999.230393][   T30] audit: type=1326 audit(1764344198.120:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.239803][T17296] hsr_slave_1: left promiscuous mode
[  999.295044][T17453] EXT4-fs error (device loop3): ext4_lookup:1785: inode #15: comm syz.3.3281: iget: bad i_size value: 360287970189639690
[  999.312270][T17296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  999.354027][   T30] audit: type=1326 audit(1764344198.130:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.360775][T17296] batman_adv: batadv0: Removing interface: batadv_slave_0
[  999.406609][T17460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3282'.
[  999.438462][   T30] audit: type=1326 audit(1764344198.420:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17452 comm="syz.3.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[  999.473328][T17455] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  999.499365][T17296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  999.534557][T17296] batman_adv: batadv0: Removing interface: batadv_slave_1
[  999.597747][T17296] veth1_macvtap: left promiscuous mode
[  999.606501][T14432] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  999.615756][T17296] veth0_macvtap: left promiscuous mode
[  999.623440][T17296] veth1_vlan: left promiscuous mode
[  999.629606][T17296] veth0_vlan: left promiscuous mode
[  999.908123][T17473] mmap: syz.3.3286 (17473) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1000.083426][T17474] loop1: detected capacity change from 0 to 8192
[ 1000.134709][ T5875]  loop1: p1 p2 p3 p4
[ 1000.134709][ T5875]  p1: <minix: p5 >
[ 1000.143617][ T5875] loop1: p1 size 196608 extends beyond EOD, truncated
[ 1000.184444][ T5875] loop1: p2 start 164919041 is beyond EOD, truncated
[ 1000.189807][T17479] loop6: detected capacity change from 0 to 512
[ 1000.225299][ T5875] loop1: p3 size 66846464 extends beyond EOD, truncated
[ 1000.229007][T17479] EXT4-fs (loop6): orphan cleanup on readonly fs
[ 1000.259710][T17479] EXT4-fs error (device loop6): ext4_orphan_get:1417: comm syz.6.3290: bad orphan inode 13
[ 1000.262089][ T5875] loop1: p4 size 37048832 extends beyond EOD, truncated
[ 1000.300397][ T5875] loop1: p5 size 196608 extends beyond EOD, truncated
[ 1000.351584][T17479] ext4_test_bit(bit=12, block=18) = 1
[ 1000.357267][T17479] is_bad_inode(inode)=0
[ 1000.370216][T17479] NEXT_ORPHAN(inode)=2130706432
[ 1000.373040][T17474]  loop1: p1 p2 p3 p4
[ 1000.373040][T17474]  p1: <minix: p5 >
[ 1000.384214][T17479] max_ino=32
[ 1000.387548][T17479] i_nlink=1
[ 1000.408634][T17479] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1000.411091][T17474] loop1: p1 size 196608 extends beyond EOD, truncated
[ 1000.468106][T17474] loop1: p2 start 164919041 is beyond EOD, truncated
[ 1000.475450][T17474] loop1: p3 size 66846464 extends beyond EOD, truncated
[ 1000.499449][T17474] loop1: p4 size 37048832 extends beyond EOD, truncated
[ 1000.507733][T17479] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[ 1000.535956][T17479] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[ 1000.537708][T17474] loop1: p5 size 196608 extends beyond EOD, truncated
[ 1000.615256][T10969] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1001.014365][ T6062] udevd[6062]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[ 1001.014645][ T8964] udevd[8964]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[ 1001.042462][ T5876] udevd[5876]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory
[ 1001.055524][ T5875] udevd[5875]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[ 1001.133142][ T8964] udevd[8964]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[ 1001.145174][ T6062] udevd[6062]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[ 1001.168773][ T5876] udevd[5876]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory
[ 1001.184343][ T5875] udevd[5875]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[ 1001.261393][T17296] team0 (unregistering): Port device team_slave_1 removed
[ 1001.355086][T17296] team0 (unregistering): Port device team_slave_0 removed
[ 1001.440390][ T5195] udevd[5195]: worker [5875] terminated by signal 33 (Unknown signal 33)
[ 1001.469023][ T5195] udevd[5195]: worker [5875] failed while handling '/devices/virtual/block/loop3'
[ 1001.536004][T17501] loop6: detected capacity change from 0 to 764
[ 1001.557793][T17501] rock: corrupted directory entry. extent=32, offset=2044, size=237
[ 1001.728308][T17505] loop6: detected capacity change from 0 to 512
[ 1001.748138][T17505] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1001.799984][T17505] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1001.827098][T17505] ext4 filesystem being mounted at /383/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1001.938901][T10969] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 1002.049021][T17512] netlink: 'syz.6.3302': attribute type 10 has an invalid length.
[ 1002.119818][T17513] netlink: 'syz.6.3302': attribute type 10 has an invalid length.
[ 1002.299971][T17308] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1002.309002][T17308] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1002.317510][T17308] bridge_slave_0: entered allmulticast mode
[ 1002.334566][T17308] bridge_slave_0: entered promiscuous mode
[ 1002.376580][T17488] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3293'.
[ 1002.387343][T17488] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3293'.
[ 1002.400230][T17491] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3293'.
[ 1002.410501][T17491] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3293'.
[ 1002.462001][T17512] team0: Failed to send options change via netlink (err -105)
[ 1002.501515][T17512] team0: Port device dummy0 added
[ 1002.509035][T17513] team0: Failed to send port change of device dummy0 via netlink (err -105)
[ 1002.556653][T17513] team0: Failed to send options change via netlink (err -105)
[ 1002.564954][T17513] team0: Failed to send port change of device dummy0 via netlink (err -105)
[ 1002.574976][T17513] team0: Port device dummy0 removed
[ 1002.589681][T17308] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1002.621305][T17308] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1002.628728][T17308] bridge_slave_1: entered allmulticast mode
[ 1002.659772][T17308] bridge_slave_1: entered promiscuous mode
[ 1002.945478][T17308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1003.083356][T17308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1003.393177][T17308] team0: Port device team_slave_0 added
[ 1003.479035][T17308] team0: Port device team_slave_1 added
[ 1003.563869][T17552] loop2: detected capacity change from 0 to 512
[ 1003.601784][T17552] EXT4-fs (loop2): 1 truncate cleaned up
[ 1003.632388][T17552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1003.774197][T17308] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1003.832483][T17308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1003.934544][   T30] kauditd_printk_skb: 26 callbacks suppressed
[ 1003.934562][   T30] audit: type=1326 audit(1764344203.070:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17564 comm="syz.3.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[ 1003.969816][T17566] netlink: 52 bytes leftover after parsing attributes in process `syz.6.3322'.
[ 1003.982057][T17308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1004.024888][T17308] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1004.050769][   T30] audit: type=1326 audit(1764344203.100:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17564 comm="syz.3.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[ 1004.073985][T17308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1004.175973][   T30] audit: type=1326 audit(1764344203.170:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.6.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12458f749 code=0x7ffc0000
[ 1004.207881][T17308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1004.274310][   T30] audit: type=1326 audit(1764344203.170:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.6.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fc12458f749 code=0x7ffc0000
[ 1004.374394][   T30] audit: type=1326 audit(1764344203.170:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.6.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12458f749 code=0x7ffc0000
[ 1004.489860][   T30] audit: type=1326 audit(1764344203.180:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17561 comm="syz.6.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12458f749 code=0x7ffc0000
[ 1004.549347][T17308] hsr_slave_0: entered promiscuous mode
[ 1004.569058][T17308] hsr_slave_1: entered promiscuous mode
[ 1004.586616][T17308] debugfs: 'hsr0' already exists in 'hsr'
[ 1004.632050][T17308] Cannot create hsr debugfs directory
[ 1004.647420][T17587] pim6reg: entered allmulticast mode
[ 1004.677261][T15913] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1004.689303][T17589] pim6reg: left allmulticast mode
[ 1004.999853][   T30] audit: type=1326 audit(1764344204.130:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17599 comm="syz.3.3332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[ 1005.091112][   T30] audit: type=1326 audit(1764344204.130:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17599 comm="syz.3.3332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[ 1005.136945][   T30] audit: type=1326 audit(1764344204.130:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17599 comm="syz.3.3332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[ 1005.177548][   T30] audit: type=1326 audit(1764344204.130:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17599 comm="syz.3.3332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4c6618f749 code=0x7ffc0000
[ 1005.312947][T17610] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3335'.
[ 1007.607167][T17624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3338'.
[ 1008.231233][T17624] syz.2.3338 (17624) used greatest stack depth: 15320 bytes left
[ 1008.394959][T17610] ==================================================================
[ 1008.403069][T17610] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[ 1008.410566][T17610] Read of size 1 at addr ffff88801c3ab618 by task syz.3.3335/17610
[ 1008.418573][T17610] 
[ 1008.420923][T17610] CPU: 1 UID: 0 PID: 17610 Comm: syz.3.3335 Not tainted syzkaller #0 PREEMPT(full) 
[ 1008.420949][T17610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1008.420962][T17610] Call Trace:
[ 1008.420970][T17610]  <TASK>
[ 1008.420978][T17610]  dump_stack_lvl+0x189/0x250
[ 1008.421006][T17610]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1008.421035][T17610]  ? rcu_is_watching+0x15/0xb0
[ 1008.421059][T17610]  ? __kasan_check_byte+0x12/0x40
[ 1008.421083][T17610]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1008.421107][T17610]  ? rcu_is_watching+0x15/0xb0
[ 1008.421131][T17610]  ? lock_release+0x4b/0x3b0
[ 1008.421154][T17610]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1008.421181][T17610]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1008.421210][T17610]  print_report+0xca/0x240
[ 1008.421232][T17610]  ? _raw_spin_lock+0x2e/0x40
[ 1008.421251][T17610]  kasan_report+0x118/0x150
[ 1008.421286][T17610]  ? _raw_spin_lock+0x2e/0x40
[ 1008.421309][T17610]  ? mqueue_flush_file+0x49/0x270
[ 1008.421334][T17610]  __kasan_check_byte+0x2a/0x40
[ 1008.421359][T17610]  lock_acquire+0x84/0x340
[ 1008.421384][T17610]  ? __pfx_mqueue_flush_file+0x10/0x10
[ 1008.421417][T17610]  _raw_spin_lock+0x2e/0x40
[ 1008.421435][T17610]  ? mqueue_flush_file+0x49/0x270
[ 1008.421460][T17610]  mqueue_flush_file+0x49/0x270
[ 1008.421485][T17610]  ? filp_flush+0xae/0x190
[ 1008.421514][T17610]  ? __pfx_mqueue_flush_file+0x10/0x10
[ 1008.421539][T17610]  filp_flush+0xbd/0x190
[ 1008.421568][T17610]  filp_close+0x1d/0x40
[ 1008.421596][T17610]  put_files_struct+0x1ba/0x350
[ 1008.421626][T17610]  do_exit+0x67f/0x2310
[ 1008.421656][T17610]  ? do_raw_spin_lock+0x121/0x290
[ 1008.421686][T17610]  ? __pfx_do_exit+0x10/0x10
[ 1008.421721][T17610]  do_group_exit+0x21c/0x2d0
[ 1008.421750][T17610]  ? lockdep_hardirqs_on+0x98/0x140
[ 1008.421776][T17610]  get_signal+0x1285/0x1340
[ 1008.421806][T17610]  arch_do_signal_or_restart+0x9a/0x7a0
[ 1008.421838][T17610]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1008.421868][T17610]  ? __x64_sys_sendmsg+0x230/0x260
[ 1008.421902][T17610]  ? exit_to_user_mode_loop+0x55/0x4f0
[ 1008.421926][T17610]  exit_to_user_mode_loop+0x87/0x4f0
[ 1008.421947][T17610]  ? rcu_is_watching+0x15/0xb0
[ 1008.421975][T17610]  do_syscall_64+0x2e3/0xf80
[ 1008.421999][T17610]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.422021][T17610]  ? clear_bhb_loop+0x60/0xb0
[ 1008.422044][T17610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.422065][T17610] RIP: 0033:0x7f4c6618f749
[ 1008.422083][T17610] Code: Unable to access opcode bytes at 0x7f4c6618f71f.
[ 1008.422094][T17610] RSP: 002b:00007f4c670ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1008.422117][T17610] RAX: 0000000000000024 RBX: 00007f4c663e5fa0 RCX: 00007f4c6618f749
[ 1008.422132][T17610] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 0000000000000007
[ 1008.422146][T17610] RBP: 00007f4c66213f91 R08: 0000000000000000 R09: 0000000000000000
[ 1008.422159][T17610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1008.422172][T17610] R13: 00007f4c663e6038 R14: 00007f4c663e5fa0 R15: 00007ffd62cc38b8
[ 1008.422196][T17610]  </TASK>
[ 1008.422204][T17610] 
[ 1008.714380][T17610] Allocated by task 17610:
[ 1008.718803][T17610]  kasan_save_track+0x3e/0x80
[ 1008.723487][T17610]  __kasan_slab_alloc+0x6c/0x80
[ 1008.728342][T17610]  kmem_cache_alloc_lru_noprof+0x36c/0x6e0
[ 1008.734190][T17610]  mqueue_alloc_inode+0x28/0x40
[ 1008.739055][T17610]  alloc_inode+0x6a/0x1b0
[ 1008.743405][T17610]  new_inode+0x22/0x170
[ 1008.747575][T17610]  mqueue_get_inode+0x27/0xb50
[ 1008.752388][T17610]  mqueue_create_attr+0x1ac/0x2e0
[ 1008.757556][T17610]  vfs_mkobj+0xcf/0x290
[ 1008.761733][T17610]  do_mq_open+0x60d/0x7c0
[ 1008.766073][T17610]  __x64_sys_mq_open+0x16a/0x1c0
[ 1008.771027][T17610]  do_syscall_64+0xfa/0xf80
[ 1008.775541][T17610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.781440][T17610] 
[ 1008.783766][T17610] Freed by task 17619:
[ 1008.787834][T17610]  kasan_save_track+0x3e/0x80
[ 1008.792527][T17610]  kasan_save_free_info+0x46/0x50
[ 1008.797578][T17610]  __kasan_slab_free+0x5c/0x80
[ 1008.802350][T17610]  kmem_cache_free+0x197/0x620
[ 1008.807122][T17610]  rcu_core+0xd70/0x1870
[ 1008.811463][T17610]  handle_softirqs+0x27d/0x850
[ 1008.816245][T17610]  __irq_exit_rcu+0xca/0x1f0
[ 1008.820870][T17610]  irq_exit_rcu+0x9/0x30
[ 1008.825131][T17610]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1008.830783][T17610]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1008.836779][T17610] 
[ 1008.839114][T17610] Last potentially related work creation:
[ 1008.844853][T17610]  kasan_save_stack+0x3e/0x60
[ 1008.849563][T17610]  kasan_record_aux_stack+0xbd/0xd0
[ 1008.854781][T17610]  call_rcu+0x157/0x9c0
[ 1008.858956][T17610]  evict+0x931/0xae0
[ 1008.862860][T17610]  __dentry_kill+0x209/0x660
[ 1008.867500][T17610]  finish_dput+0xc9/0x480
[ 1008.871839][T17610]  __fput+0x68e/0xa70
[ 1008.875834][T17610]  task_work_run+0x1d4/0x260
[ 1008.880436][T17610]  exit_to_user_mode_loop+0xff/0x4f0
[ 1008.885747][T17610]  do_syscall_64+0x2e3/0xf80
[ 1008.890349][T17610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1008.896257][T17610] 
[ 1008.898586][T17610] The buggy address belongs to the object at ffff88801c3ab600
[ 1008.898586][T17610]  which belongs to the cache mqueue_inode_cache of size 1576
[ 1008.913335][T17610] The buggy address is located 24 bytes inside of
[ 1008.913335][T17610]  freed 1576-byte region [ffff88801c3ab600, ffff88801c3abc28)
[ 1008.927142][T17610] 
[ 1008.929477][T17610] The buggy address belongs to the physical page:
[ 1008.935941][T17610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801c3aaf40 pfn:0x1c3a8
[ 1008.946029][T17610] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1008.954545][T17610] memcg:ffff888027dd1d01
[ 1008.958789][T17610] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1008.966351][T17610] page_type: f5(slab)
[ 1008.970340][T17610] raw: 00fff00000000040 ffff8881462c2b40 dead000000000122 0000000000000000
[ 1008.978928][T17610] raw: ffff88801c3aaf40 000000008012000f 00000000f5000000 ffff888027dd1d01
[ 1008.987515][T17610] head: 00fff00000000040 ffff8881462c2b40 dead000000000122 0000000000000000
[ 1008.996195][T17610] head: ffff88801c3aaf40 000000008012000f 00000000f5000000 ffff888027dd1d01
[ 1009.004872][T17610] head: 00fff00000000003 ffffea000070ea01 00000000ffffffff 00000000ffffffff
[ 1009.013545][T17610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1009.022280][T17610] page dumped because: kasan: bad access detected
[ 1009.028712][T17610] page_owner tracks the page as allocated
[ 1009.034441][T17610] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8630125689, free_ts 0
[ 1009.054102][T17610]  post_alloc_hook+0x234/0x290
[ 1009.058882][T17610]  get_page_from_freelist+0x2365/0x2440
[ 1009.064436][T17610]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1009.070252][T17610]  alloc_pages_mpol+0x232/0x4a0
[ 1009.075126][T17610]  allocate_slab+0x86/0x3b0
[ 1009.079635][T17610]  ___slab_alloc+0xf2b/0x1960
[ 1009.084321][T17610]  __slab_alloc+0x65/0x100
[ 1009.088744][T17610]  kmem_cache_alloc_lru_noprof+0x3fe/0x6e0
[ 1009.094569][T17610]  mqueue_alloc_inode+0x28/0x40
[ 1009.099433][T17610]  alloc_inode+0x6a/0x1b0
[ 1009.103766][T17610]  new_inode+0x22/0x170
[ 1009.107930][T17610]  mqueue_fill_super+0xdc/0x380
[ 1009.112791][T17610]  get_tree_nodev+0xbb/0x150
[ 1009.117403][T17610]  vfs_get_tree+0x92/0x2a0
[ 1009.121841][T17610]  fc_mount_longterm+0x1c/0x100
[ 1009.126693][T17610]  mq_init_ns+0x275/0x360
[ 1009.131028][T17610] page_owner free stack trace missing
[ 1009.136398][T17610] 
[ 1009.138723][T17610] Memory state around the buggy address:
[ 1009.144355][T17610]  ffff88801c3ab500: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 1009.152512][T17610]  ffff88801c3ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1009.160578][T17610] >ffff88801c3ab600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1009.168648][T17610]                             ^
[ 1009.173508][T17610]  ffff88801c3ab680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1009.181577][T17610]  ffff88801c3ab700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1009.189649][T17610] ==================================================================
[ 1009.198594][T17610] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1009.205916][T17610] CPU: 1 UID: 0 PID: 17610 Comm: syz.3.3335 Not tainted syzkaller #0 PREEMPT(full) 
[ 1009.215320][T17610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1009.225404][T17610] Call Trace:
[ 1009.228704][T17610]  <TASK>
[ 1009.231654][T17610]  dump_stack_lvl+0x99/0x250
[ 1009.236274][T17610]  ? __asan_memcpy+0x40/0x70
[ 1009.240894][T17610]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.246121][T17610]  ? __pfx__printk+0x10/0x10
[ 1009.250757][T17610]  vpanic+0x237/0x6d0
[ 1009.254760][T17610]  ? __pfx_vpanic+0x10/0x10
[ 1009.259286][T17610]  ? irqentry_exit+0x5dd/0x660
[ 1009.264073][T17610]  ? trace_irq_disable+0x37/0x100
[ 1009.269141][T17610]  panic+0xb9/0xc0
[ 1009.272895][T17610]  ? __pfx_panic+0x10/0x10
[ 1009.277333][T17610]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1009.283248][T17610]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1009.289595][T17610]  ? _raw_spin_lock+0x2e/0x40
[ 1009.294289][T17610]  check_panic_on_warn+0x89/0xb0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1009.299258][T17610]  ? _raw_spin_lock+0x2e/0x40
[ 1009.303949][T17610]  end_report+0x6f/0x140
[ 1009.308215][T17610]  kasan_report+0x129/0x150
[ 1009.312742][T17610]  ? _raw_spin_lock+0x2e/0x40
[ 1009.317438][T17610]  ? mqueue_flush_file+0x49/0x270
[ 1009.322494][T17610]  __kasan_check_byte+0x2a/0x40
[ 1009.327475][T17610]  lock_acquire+0x84/0x340
[ 1009.332021][T17610]  ? __pfx_mqueue_flush_file+0x10/0x10
[ 1009.337524][T17610]  _raw_spin_lock+0x2e/0x40
[ 1009.342052][T17610]  ? mqueue_flush_file+0x49/0x270
[ 1009.347279][T17610]  mqueue_flush_file+0x49/0x270
[ 1009.352162][T17610]  ? filp_flush+0xae/0x190
[ 1009.356626][T17610]  ? __pfx_mqueue_flush_file+0x10/0x10
[ 1009.362122][T17610]  filp_flush+0xbd/0x190
[ 1009.366388][T17610]  filp_close+0x1d/0x40
[ 1009.370576][T17610]  put_files_struct+0x1ba/0x350
[ 1009.375450][T17610]  do_exit+0x67f/0x2310
[ 1009.379625][T17610]  ? do_raw_spin_lock+0x121/0x290
[ 1009.384668][T17610]  ? __pfx_do_exit+0x10/0x10
[ 1009.389282][T17610]  do_group_exit+0x21c/0x2d0
[ 1009.393883][T17610]  ? lockdep_hardirqs_on+0x98/0x140
[ 1009.399091][T17610]  get_signal+0x1285/0x1340
[ 1009.403609][T17610]  arch_do_signal_or_restart+0x9a/0x7a0
[ 1009.409172][T17610]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1009.415338][T17610]  ? __x64_sys_sendmsg+0x230/0x260
[ 1009.420494][T17610]  ? exit_to_user_mode_loop+0x55/0x4f0
[ 1009.425961][T17610]  exit_to_user_mode_loop+0x87/0x4f0
[ 1009.431255][T17610]  ? rcu_is_watching+0x15/0xb0
[ 1009.436033][T17610]  do_syscall_64+0x2e3/0xf80
[ 1009.440635][T17610]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.446715][T17610]  ? clear_bhb_loop+0x60/0xb0
[ 1009.451412][T17610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.457330][T17610] RIP: 0033:0x7f4c6618f749
[ 1009.461752][T17610] Code: Unable to access opcode bytes at 0x7f4c6618f71f.
[ 1009.468768][T17610] RSP: 002b:00007f4c670ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1009.477199][T17610] RAX: 0000000000000024 RBX: 00007f4c663e5fa0 RCX: 00007f4c6618f749
[ 1009.485185][T17610] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 0000000000000007
[ 1009.493179][T17610] RBP: 00007f4c66213f91 R08: 0000000000000000 R09: 0000000000000000
[ 1009.501172][T17610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1009.509314][T17610] R13: 00007f4c663e6038 R14: 00007f4c663e5fa0 R15: 00007ffd62cc38b8
[ 1009.517318][T17610]  </TASK>
[ 1009.520623][T17610] Kernel Offset: disabled
[ 1009.524956][T17610] Rebooting in 86400 seconds..