last executing test programs:

27m12.406276341s ago: executing program 32 (id=4):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
sched_getattr(0x0, &(0x7f0000000500)={0x38}, 0x38, 0x0)
socket(0x10, 0x80002, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x2, 0x5, 0x3f8, 0x1dc, 0x2d0, 0xffffffff, 0x2d0, 0x1dc, 0x364, 0x364, 0xffffffff, 0x364, 0x364, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0xffffffff, 'bridge_slave_0\x00', 'dvmrp0\x00', {}, {0x1fe}}, 0xac030000, 0xb8, 0xec, 0x0, {}, [@common=@ttl={{0x24}}, @common=@inet=@ecn={{0x24}}]}, @NETMAP={0x34, 'NETMAP\x00', 0x0, {0x1, {0x3, @local, @remote, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0xbc, 0xf0, 0x0, {}, [@common=@addrtype={{0x2c}}, @common=@socket0={{0x20}}]}, @REDIRECT={0x34, 'REDIRECT\x00', 0x0, {0x1, {0x10, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3c}, @icmp_id=0x64, @icmp_id=0x66}}}}, {{@ip={@rand_addr=0x64010101, @broadcast, 0xff, 0xffffffff, 'netdevsim0\x00', 'virt_wifi0\x00', {}, {}, 0x21, 0x0, 0x20}, 0x0, 0xc0, 0xf4, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @broadcast, @local, @gre_key}}}}, {{@ip={@private, @private, 0x0, 0x0, 'bridge_slave_1\x00', 'pim6reg\x00'}, 0x0, 0x70, 0x94}, @common=@unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x0, 0x20}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x454)

26m59.172907597s ago: executing program 33 (id=15):
syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
r0 = socket(0x10, 0x40000, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$usbfs(0x0, 0x6, 0x142)
ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f0000000240)=0x8)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, &(0x7f00000001c0))
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' '], 0x86)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r5, r4, 0x80000)
fsmount(0xffffffffffffffff, 0x1, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r6, 0x29, 0x46, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0), 0x12)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

24m26.819570842s ago: executing program 2 (id=445):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000e40)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x20042, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r1, r1, 0x0, 0x100000800000009)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

24m24.822334949s ago: executing program 2 (id=453):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x88, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x44, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xe41f}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x20050800)

24m23.783578679s ago: executing program 2 (id=456):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01030000000000000000010000000800010014000000080003"], 0x30}}, 0x44)

24m21.588482697s ago: executing program 34 (id=456):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01030000000000000000010000000800010014000000080003"], 0x30}}, 0x44)

18m57.784788982s ago: executing program 35 (id=1738):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x48, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x4084)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xce, 0xce, 0x3, [@union={0xa, 0x2, 0x0, 0x5, 0x1, 0x7ff, [{0xe, 0x3, 0x200}, {0xd, 0x4, 0x4}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x5, 0x400}}, @restrict={0x6, 0x0, 0x0, 0xb, 0x4}, @datasec={0xb, 0x9, 0x0, 0xf, 0x2, [{0x5, 0x6, 0x9}, {0x3, 0x1, 0x1}, {0x5, 0x7ff, 0x7ee00}, {0x3, 0xf148, 0x2}, {0x2, 0xe, 0x10}, {0x1, 0x4, 0xfff}, {0x1, 0x2, 0x8}, {0x5, 0x47, 0xa3d}, {0x3, 0xffffffff, 0xffffffff}], "fd6a"}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0]}}, &(0x7f0000000040)=""/3, 0xeb, 0x3, 0x1, 0x3ff, 0x10000}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x10, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000070000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000002f2c00128014000180090001006c6173740000000004000280140069800c000100636f756e746572000400028008000340000001"], 0xb8}}, 0x50800)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), <r6=>0x0, 0x22, &(0x7f00000006c0), 0x0, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0xf9, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_ENABLE_SE(r8, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r9, 0x0, 0x0, 0x24000080, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00')
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
unshare(0x24020400)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x0, 0x0, 0xff, 0x3, 0x600}, 0x21)

18m12.581375077s ago: executing program 1 (id=2009):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x2}, {0x0}, &(0x7f0000000340)=[{&(0x7f0000001140)=""/102, 0x66}], 0x1, 0x60, 0xfffffffefffffffe}}], 0x48, 0x8004}, 0x0)

18m11.8428702s ago: executing program 1 (id=2013):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', 0xffffffffffffffff, 0x0, 0x401}, 0x11)
r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x800, 0x2, 0x40000333}, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

18m11.088991269s ago: executing program 1 (id=2017):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = getpid()
unshare(0x2c020400)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x8020000)

18m9.922541883s ago: executing program 1 (id=2022):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e21, 0x6949c70e, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000440)={r1}, &(0x7f0000000080)=0x8)

18m9.453404443s ago: executing program 1 (id=2026):
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000280)={0x3e, 0x75, 0x1, {0x33, "4216cd38c5fd6ef3c370d2e2e1aeae3d3d5aaf5db6e70a63b0c13ba988a723bf42d93822d76c273b3e515eb4905a500c7dc4e7"}}, 0x3e)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone3(&(0x7f0000000480)={0x22044000, &(0x7f0000000400), &(0x7f0000000180), &(0x7f0000000300), {0x8}, &(0x7f0000000540)=""/169, 0xa9, &(0x7f0000000400), &(0x7f0000000440)=[0xffffffffffffffff, 0x0], 0x2}, 0x58)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x30, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x4, 0x6071, 0x0, 0xe7, {[@fastopen={0x22, 0x7, "247adc59a5"}]}}}}}}}, 0x0)

18m8.526857606s ago: executing program 1 (id=2032):
ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, &(0x7f0000000280)=""/143, 0x47, 0x8f, 0x1, 0x4, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x80000)
io_submit(0x0, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)

17m53.283918477s ago: executing program 36 (id=2032):
ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, &(0x7f0000000280)=""/143, 0x47, 0x8f, 0x1, 0x4, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x80000)
io_submit(0x0, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)

4m46.743462668s ago: executing program 8 (id=5577):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x80003, 0xb)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x6)
socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x1e, 0x4, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$caif_stream(0x25, 0x1, 0x1)
pipe(&(0x7f00000007c0))
socket$rxrpc(0x21, 0x2, 0xa)
socket$kcm(0x2, 0x5, 0x84)
socket$kcm(0x2, 0x5, 0x84)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32=r1, @ANYRES64=r1], 0x20)

4m46.068403636s ago: executing program 8 (id=5581):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000080)={0x3, 0x1, {0x2, 0x1, 0x4, 0x3, 0x8}, 0x6})
r2 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x2000)
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f00000001c0))
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYRESDEC=r3, @ANYRES64=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2$watch_queue(0x0, 0x80)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x9}}}, 0x24}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1f, 0x14, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @alu={0x7, 0x0, 0xb, 0x6, 0x5, 0xfffffffffffffff4, 0x10}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x7310b81}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x25, 0x0, 0x0, 0x41000, 0x61, '\x00', 0x0, @fallback=0x31, r6, 0x8, &(0x7f0000000400)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, r4, 0x0, &(0x7f00000005c0)=[r6, r3, r6, r3], 0x0, 0x10, 0xfffffff8}, 0x94)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='block_bio_remap\x00', r7}, 0x10)
r8 = dup2(r6, r6)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x0, 0xd, 0x1, 0x8})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)

4m44.130432003s ago: executing program 8 (id=5589):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
socket$kcm(0x10, 0x2, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x5a}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000)

4m43.401027574s ago: executing program 8 (id=5594):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x80})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000080)={[{@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x0, 0x506, &(0x7f00000023c0)="$eJzs3c9vHFcdAPDvjL2x67q1C5UKCGgohYCi7Nqb1qp6KhcQqiohKk4cXGNvLMu7Xsu7LrGJFPt/QCISEghOnDkgcYiUE0cEN7jlEg5IASJQjMRh0ewPx4l3s078YxXv5yONZt688Xzfy2re23wTzwtgaF2MiJ2IuBARn0TEVPt80t7ig9aWXffwwY3FvQc3FpNoND7+Z9Ksz87FgZ/JvNy+53hEfP87ET9KDsetbW2vLpTLpY12uVCvrBdqW9tXVioLy6Xl0lqxODc7N/Pe1XeLJ9bXNyu/vf/tlQ9/cPv3X7r3551v/iRr1mS77mA/TlKr67n9OJnRiPjwNIINwEi7PxcG3RCeSxoRn4mIt5rP/1SMND/No+nyWAMAL4BGYyoaUwfLAMB5lzZzYEmab+cCJiNN8/lWDu/1mEjL1Vr98rXq5tpSK1c2Hbn02kq5NNPOFU5HLsnKszez40flYjxevhoRr0XET8deapbzi0fPMwAAJ+vlJ+b//4y15n8A4Jwb73fB/Nm0AwA4O33nfwDg3DH/A8DwMf8DwPAx/wPA8DH/A8CwuduZ/0cG3RIA4Ex876OPsq2x137/9dKnW5ur1U+vLJVqq/nK5mJ+sbqxnl+uVpfLpfxitZL0eelvuVpdn30nNq8X6qVavVDb2p6vVDfX6vPN93rPl3Jn1C8AoLfX3rzz12xK33n/peYWB9ZyMFfD+ZYOugHAwMj5w/DyFm4YXv6OD/Rby7PnfxG+9RzBGjef44eAk3bp8/L/MKzk/2F4yf/D8JL/h+HVaCS91vxP9y8BAM4VOX7gVP/9/xeXn71BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AKYbG7TB8ppms9HvBIR05FLrq2USzMR8WpE/GUsN5aVZwfaYgDg+NK/J+31vy5NvT35ZO2F5L9jzX1E/PjnH//s+kK9vjGbnf/X/vn6rfb54iDaDwD005mnO/N4x8MHNxY721m25/63WouLZnH32lurZjRGs92fxiMXERP/Tlrltuz7ysgJxN/ZjYjPdet/0syNTLdXPn0yfhb7lTONnz4WP23WtfbZn8VnD915rGfMfmu9wrC4k40/H3R7/tK42NyPd138eLw5Qh1fZ/zbOzT+dZ738eZY0238u3jUGO/84bs963YjvjDaLX6yHz/pEf/tI8a/+8Uvv9WrrvGriEvRPf7BWIV6Zb1Q29q+slJZWC4tl9aKxbnZuZn3rr5bLDRz1IVOpvqwf7x/+dWe/f9NxESP+ON9+v+1p/a6sT8A//p/n/zwK73i70Z846vdP//XnxI/mxO//tT4jyxM/K7n8t1Z/KVW/3ef9fM/6qre9/62vXTESwGAM1Db2l5dKJdLGyd6kIsTvuGBg+SU2uzgnB9k38ePe5832imzrtf88Ze338gqB97T3s9OcvSLBzwwAafu0UM/6JYAAAAAAAAAAAAAAAC9HPf3ikb6XZMOuocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcZ/8PAAD//zV4yq8=")
chdir(&(0x7f0000000240)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000380)='./file0\x00')
open(&(0x7f0000000000)='./file1\x00', 0x0, 0x186)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x84)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003e4c4db2dd73b170d455766b483c2231616f7593d6600f10863ce4e0cf870472ad92dbab63c642d3dddc1da5066e6c851e156e4da679415731900b7ca90216920056195903d1470b061a48ea7e1b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007b080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r2, @ANYBLOB="0000000002000000b705000008000000850000005e00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089}, 0x94)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x1, 0x3, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/171, 0xab}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0xe2e0}], 0x4, 0x20, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/13, 0xd}, {&(0x7f0000000bc0)=""/217, 0xd9}, {&(0x7f0000000340)=""/42, 0x2a}], 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x458, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x388, 0xffffffff, 0xffffffff, 0x388, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @dev={0xfe, 0x80, '\x00', 0x3f}, [0xff], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @empty}, @private2, [0x0, 0xffffff00], [0xffffffff, 0xff, 0x0, 0xffffff00], 'gre0\x00', 'veth0\x00', {0xff}, {0xff}, 0x87, 0xe, 0x6, 0x9}, 0x0, 0x258, 0x2b8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x3, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x4, 0x0, 0x2001000, 0x6, 0x3, 0x0, 0x20}, {0x2}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@private=0xa010101, [0xffffffff, 0xffffff00], 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x41f86f8c, 0x9, 0x49, 0x7, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4b8)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000040)={'syz_tun\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002100)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x5, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x4, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x3, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x1, 0x7, 0x4, 0x1, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x2, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

4m40.384167999s ago: executing program 0 (id=5605):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x80003, 0xb)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x6)
socket$kcm(0x2, 0x1, 0x84)
socket$kcm(0x1e, 0x4, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$caif_stream(0x25, 0x1, 0x1)
pipe(&(0x7f00000007c0))
socket$rxrpc(0x21, 0x2, 0xa)
socket$kcm(0x2, 0x5, 0x84)
socket$kcm(0x2, 0x5, 0x84)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32=r1, @ANYRES64=r1], 0x20)

4m40.301542797s ago: executing program 8 (id=5606):
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=f', @ANYBLOB])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
removexattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')
r0 = epoll_create1(0x0)
pipe2(&(0x7f0000000800)={<r1=>0xffffffffffffffff}, 0x80080)
fcntl$dupfd(r1, 0x0, r0)

4m39.848943663s ago: executing program 0 (id=5611):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

4m39.289048791s ago: executing program 8 (id=5612):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r2 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100)
preadv2(r2, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

4m39.21232281s ago: executing program 0 (id=5613):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x20000c88)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x44, 0x10, 0x609, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x44}}, 0x0)
r8 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r9], 0x5c}}, 0x40)

4m37.367455777s ago: executing program 37 (id=5612):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r2 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100)
preadv2(r2, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

4m37.327168295s ago: executing program 0 (id=5616):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x80})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000080)={[{@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x0, 0x506, &(0x7f00000023c0)="$eJzs3c9vHFcdAPDvjL2x67q1C5UKCGgohYCi7Nqb1qp6KhcQqiohKk4cXGNvLMu7Xsu7LrGJFPt/QCISEghOnDkgcYiUE0cEN7jlEg5IASJQjMRh0ewPx4l3s078YxXv5yONZt688Xzfy2re23wTzwtgaF2MiJ2IuBARn0TEVPt80t7ig9aWXffwwY3FvQc3FpNoND7+Z9Ksz87FgZ/JvNy+53hEfP87ET9KDsetbW2vLpTLpY12uVCvrBdqW9tXVioLy6Xl0lqxODc7N/Pe1XeLJ9bXNyu/vf/tlQ9/cPv3X7r3551v/iRr1mS77mA/TlKr67n9OJnRiPjwNIINwEi7PxcG3RCeSxoRn4mIt5rP/1SMND/No+nyWAMAL4BGYyoaUwfLAMB5lzZzYEmab+cCJiNN8/lWDu/1mEjL1Vr98rXq5tpSK1c2Hbn02kq5NNPOFU5HLsnKszez40flYjxevhoRr0XET8deapbzi0fPMwAAJ+vlJ+b//4y15n8A4Jwb73fB/Nm0AwA4O33nfwDg3DH/A8DwMf8DwPAx/wPA8DH/A8CwuduZ/0cG3RIA4Ex876OPsq2x137/9dKnW5ur1U+vLJVqq/nK5mJ+sbqxnl+uVpfLpfxitZL0eelvuVpdn30nNq8X6qVavVDb2p6vVDfX6vPN93rPl3Jn1C8AoLfX3rzz12xK33n/peYWB9ZyMFfD+ZYOugHAwMj5w/DyFm4YXv6OD/Rby7PnfxG+9RzBGjef44eAk3bp8/L/MKzk/2F4yf/D8JL/h+HVaCS91vxP9y8BAM4VOX7gVP/9/xeXn71BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AKYbG7TB8ppms9HvBIR05FLrq2USzMR8WpE/GUsN5aVZwfaYgDg+NK/J+31vy5NvT35ZO2F5L9jzX1E/PjnH//s+kK9vjGbnf/X/vn6rfb54iDaDwD005mnO/N4x8MHNxY721m25/63WouLZnH32lurZjRGs92fxiMXERP/Tlrltuz7ysgJxN/ZjYjPdet/0syNTLdXPn0yfhb7lTONnz4WP23WtfbZn8VnD915rGfMfmu9wrC4k40/H3R7/tK42NyPd138eLw5Qh1fZ/zbOzT+dZ738eZY0238u3jUGO/84bs963YjvjDaLX6yHz/pEf/tI8a/+8Uvv9WrrvGriEvRPf7BWIV6Zb1Q29q+slJZWC4tl9aKxbnZuZn3rr5bLDRz1IVOpvqwf7x/+dWe/f9NxESP+ON9+v+1p/a6sT8A//p/n/zwK73i70Z846vdP//XnxI/mxO//tT4jyxM/K7n8t1Z/KVW/3ef9fM/6qre9/62vXTESwGAM1Db2l5dKJdLGyd6kIsTvuGBg+SU2uzgnB9k38ePe5832imzrtf88Ze338gqB97T3s9OcvSLBzwwAafu0UM/6JYAAAAAAAAAAAAAAAC9HPf3ikb6XZMOuocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcZ/8PAAD//zV4yq8=")
chdir(&(0x7f0000000240)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000380)='./file0\x00')
open(&(0x7f0000000000)='./file1\x00', 0x0, 0x186)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x84)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003e4c4db2dd73b170d455766b483c2231616f7593d6600f10863ce4e0cf870472ad92dbab63c642d3dddc1da5066e6c851e156e4da679415731900b7ca90216920056195903d1470b061a48ea7e1b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007b080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r2, @ANYBLOB="0000000002000000b705000008000000850000005e00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089}, 0x94)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x1, 0x3, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/171, 0xab}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0xe2e0}], 0x4, 0x20, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/13, 0xd}, {&(0x7f0000000bc0)=""/217, 0xd9}, {&(0x7f0000000340)=""/42, 0x2a}], 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x458, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x388, 0xffffffff, 0xffffffff, 0x388, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @dev={0xfe, 0x80, '\x00', 0x3f}, [0xff], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @empty}, @private2, [0x0, 0xffffff00], [0xffffffff, 0xff, 0x0, 0xffffff00], 'gre0\x00', 'veth0\x00', {0xff}, {0xff}, 0x87, 0xe, 0x6, 0x9}, 0x0, 0x258, 0x2b8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x3, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x4, 0x0, 0x2001000, 0x6, 0x3, 0x0, 0x20}, {0x2}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@private=0xa010101, [0xffffffff, 0xffffff00], 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x41f86f8c, 0x9, 0x49, 0x7, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4b8)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000040)={'syz_tun\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002100)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x5, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x4, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x3, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x1, 0x7, 0x4, 0x1, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x2, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

4m33.721889577s ago: executing program 0 (id=5627):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000200)={0x38, r3, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0x1c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x62}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4ad}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4080}, 0x4004000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
r7 = socket$rxrpc(0x21, 0x2, 0xa)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x21081e, &(0x7f0000000800)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@lazytime}]}, 0x1, 0x504, &(0x7f00000002c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPIHVD4kZR7DiKndKEHtIzVyQqcYIjfwBce+LOBcGNSzkg8SMCNUgcjGY8SZ3UbqImsbPx5yON5r157ny/r+m8V78kfgEMresRsRsRYxHxaURMZ9dz2REftY/kdU/3Hizt7z1YykWr9ck/c2l7ci06/kziWnbPYkT84DsRP849H7exvbO2WK1WNrP6bLO2MdvY3rm1WltcqaxU1svlhfmFuQ9uv18+t76+VRvLSl9+8ofdb/w0SWsqu9LZj/PU7nrhME5iNCK+dxHBBmAk68/YoBPhpeQj4vWIeDt9/qdjJP1qAgBXWas1Ha3pzjoAcNXl0zWwXL6UrQVMRT5fKrXX8N6IyXy13mjevFvfWl9ur5XNRCF/d7VamcvWCmeikEvq82n5Wb18rH47Il6LiJ+PT6T10lK9ujzI//gAwBC7dmz+/894e/4HAK644qATAAD6zvwPAMPH/A8Aw8f8DwDDpz3/Tww6DQCgj7z/B4DhY/4HgKHy/Y8/To7Wfvb518v3trfW6vduLVcaa6Xa1lJpqb65UVqp11fSz+ypnXS/ar2+Mf9ebN2f+eZGoznb2N65U6tvrTfvpJ/rfadSSF+124eeAQC9vPbW4z/nkhn5w4n0iI69HAoDzQy4aPlBJwAMzMigEwAGxm5fMLzO8B7f8gBcEV226D2i2O0XhFqtVuviUgIu2I0vWP+HYdWx/u+ngGHIWP+H4WX9H4ZXq5U77Z7/cdoXAgCXmzV+oMf3/1/Pzr/Jvjnwo+Xjr3h0kVkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA5Xaw/28p2wt8KvL5UinilYiYiULu7mq1MhcRr0bEn8YL40l9fsA5AwBnlf9bLtv/68b0u1NHmt68dlgci4if/PKTX9xfbDY3/xgxlvvX+MH15qPsern/2QMAJzuYp9Nzxxv5p3sPlg6Ofubz929HRLEdf39vLPYP44/GaHouRiEiJv+dy+ptuY61i7PYfRgRn+/W/1xMpWsg7Z1Pj8dPYr/S1/j5I/HzaVv7nPxdfO4ccoFh8zgZfz7q9vzl43p67v78F9MR6uyy8S+51dJ+OgY+i38w/o30GP+unzbGe7//brs08Xzbw4gvjkYcxN7vGH8O4ud6xH/3lPH/8qU33+7V1vpVxI3oHr8z1myztjHb2N65tVpbXKmsVNbL5YX5hbkPbr9fnk3XqGd7zwb/+PDmq73akv5P9ohfPKH/Xz1l/3/9v09/+JUXxP/6O93i5+ONF8RP5sSvnTL+4uRvi73akvjLPfp/0tf/5injP/nrznPbhh+9EwDQT43tnbXFarWy+Zkt/C4uRRoK/Sgk/2QvQRpdC9/qV6yx6N70s3faz/SxplbrpWL1GjHOY9UNuAwOH/qI+O+gkwEAAAAAAAAAAAAAALrqx28sDbqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXF3/DwAA//96+c8D")
lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r7, 0x110, 0x4, &(0x7f0000000080)=0x2, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0x40d, 0x209, 0x2})
io_uring_enter(0xffffffffffffffff, 0x5f93, 0xaf8c, 0x40, &(0x7f0000000100), 0x8)
r9 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x6}, 0x4)
r10 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x1000}, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r11=>0x0})
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000840)=@newtfilter={0x5c, 0x2c, 0x0, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0xb, 0xfff3}, {0xc, 0xffff}, {0x10, 0x3}}, [@f_rsvp6={{0xa}, {0x2c, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @private0}, @TCA_RSVP_DST={0x14, 0x2, @empty}]}}]}, 0x5c}}, 0x20000000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000000)={0x8, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
dup(r1)
close_range(r0, 0xffffffffffffffff, 0x0)

4m32.583032034s ago: executing program 0 (id=5632):
ioprio_set$pid(0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)

4m30.319932485s ago: executing program 38 (id=5632):
ioprio_set$pid(0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)

4m3.19135549s ago: executing program 6 (id=5727):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="05000000040000000800000044"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1, 0x0, 0x5}, 0x18)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

4m2.187537754s ago: executing program 6 (id=5728):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004001}, 0x0)

4m1.395600864s ago: executing program 6 (id=5731):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x40, 0x42, 0xffffffffffffffff, 0x733}, 0x50)

4m0.84185718s ago: executing program 6 (id=5732):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x80})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000080)={[{@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x0, 0x506, &(0x7f00000023c0)="$eJzs3c9vHFcdAPDvjL2x67q1C5UKCGgohYCi7Nqb1qp6KhcQqiohKk4cXGNvLMu7Xsu7LrGJFPt/QCISEghOnDkgcYiUE0cEN7jlEg5IASJQjMRh0ewPx4l3s078YxXv5yONZt688Xzfy2re23wTzwtgaF2MiJ2IuBARn0TEVPt80t7ig9aWXffwwY3FvQc3FpNoND7+Z9Ksz87FgZ/JvNy+53hEfP87ET9KDsetbW2vLpTLpY12uVCvrBdqW9tXVioLy6Xl0lqxODc7N/Pe1XeLJ9bXNyu/vf/tlQ9/cPv3X7r3551v/iRr1mS77mA/TlKr67n9OJnRiPjwNIINwEi7PxcG3RCeSxoRn4mIt5rP/1SMND/No+nyWAMAL4BGYyoaUwfLAMB5lzZzYEmab+cCJiNN8/lWDu/1mEjL1Vr98rXq5tpSK1c2Hbn02kq5NNPOFU5HLsnKszez40flYjxevhoRr0XET8deapbzi0fPMwAAJ+vlJ+b//4y15n8A4Jwb73fB/Nm0AwA4O33nfwDg3DH/A8DwMf8DwPAx/wPA8DH/A8CwuduZ/0cG3RIA4Ex876OPsq2x137/9dKnW5ur1U+vLJVqq/nK5mJ+sbqxnl+uVpfLpfxitZL0eelvuVpdn30nNq8X6qVavVDb2p6vVDfX6vPN93rPl3Jn1C8AoLfX3rzz12xK33n/peYWB9ZyMFfD+ZYOugHAwMj5w/DyFm4YXv6OD/Rby7PnfxG+9RzBGjef44eAk3bp8/L/MKzk/2F4yf/D8JL/h+HVaCS91vxP9y8BAM4VOX7gVP/9/xeXn71BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AKYbG7TB8ppms9HvBIR05FLrq2USzMR8WpE/GUsN5aVZwfaYgDg+NK/J+31vy5NvT35ZO2F5L9jzX1E/PjnH//s+kK9vjGbnf/X/vn6rfb54iDaDwD005mnO/N4x8MHNxY721m25/63WouLZnH32lurZjRGs92fxiMXERP/Tlrltuz7ysgJxN/ZjYjPdet/0syNTLdXPn0yfhb7lTONnz4WP23WtfbZn8VnD915rGfMfmu9wrC4k40/H3R7/tK42NyPd138eLw5Qh1fZ/zbOzT+dZ738eZY0238u3jUGO/84bs963YjvjDaLX6yHz/pEf/tI8a/+8Uvv9WrrvGriEvRPf7BWIV6Zb1Q29q+slJZWC4tl9aKxbnZuZn3rr5bLDRz1IVOpvqwf7x/+dWe/f9NxESP+ON9+v+1p/a6sT8A//p/n/zwK73i70Z846vdP//XnxI/mxO//tT4jyxM/K7n8t1Z/KVW/3ef9fM/6qre9/62vXTESwGAM1Db2l5dKJdLGyd6kIsTvuGBg+SU2uzgnB9k38ePe5832imzrtf88Ze338gqB97T3s9OcvSLBzwwAafu0UM/6JYAAAAAAAAAAAAAAAC9HPf3ikb6XZMOuocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcZ/8PAAD//zV4yq8=")
chdir(&(0x7f0000000240)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000380)='./file0\x00')
open(&(0x7f0000000000)='./file1\x00', 0x0, 0x186)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x84)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003e4c4db2dd73b170d455766b483c2231616f7593d6600f10863ce4e0cf870472ad92dbab63c642d3dddc1da5066e6c851e156e4da679415731900b7ca90216920056195903d1470b061a48ea7e1b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007b080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r2, @ANYBLOB="0000000002000000b705000008000000850000005e00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089}, 0x94)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x1, 0x3, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/171, 0xab}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0xe2e0}], 0x4, 0x20, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/13, 0xd}, {&(0x7f0000000bc0)=""/217, 0xd9}, {&(0x7f0000000340)=""/42, 0x2a}], 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000040)={'syz_tun\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002100)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x5, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x4, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x3, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x1, 0x7, 0x4, 0x1, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x2, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

3m59.170036551s ago: executing program 6 (id=5738):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="150200000000000008000500", @ANYRES32=r1, @ANYBLOB="1c00128009000100766c616e000000000c000280060001000200000008000400a10c"], 0x4c}, 0x1, 0xba01}, 0x442)

3m58.188575237s ago: executing program 6 (id=5745):
openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r3, 0x0, 0x0)
recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

3m56.072478615s ago: executing program 39 (id=5745):
openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r3, 0x0, 0x0)
recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

3m34.967616766s ago: executing program 2 (id=5748):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x80})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000080)={[{@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x0, 0x506, &(0x7f00000023c0)="$eJzs3c9vHFcdAPDvjL2x67q1C5UKCGgohYCi7Nqb1qp6KhcQqiohKk4cXGNvLMu7Xsu7LrGJFPt/QCISEghOnDkgcYiUE0cEN7jlEg5IASJQjMRh0ewPx4l3s078YxXv5yONZt688Xzfy2re23wTzwtgaF2MiJ2IuBARn0TEVPt80t7ig9aWXffwwY3FvQc3FpNoND7+Z9Ksz87FgZ/JvNy+53hEfP87ET9KDsetbW2vLpTLpY12uVCvrBdqW9tXVioLy6Xl0lqxODc7N/Pe1XeLJ9bXNyu/vf/tlQ9/cPv3X7r3551v/iRr1mS77mA/TlKr67n9OJnRiPjwNIINwEi7PxcG3RCeSxoRn4mIt5rP/1SMND/No+nyWAMAL4BGYyoaUwfLAMB5lzZzYEmab+cCJiNN8/lWDu/1mEjL1Vr98rXq5tpSK1c2Hbn02kq5NNPOFU5HLsnKszez40flYjxevhoRr0XET8deapbzi0fPMwAAJ+vlJ+b//4y15n8A4Jwb73fB/Nm0AwA4O33nfwDg3DH/A8DwMf8DwPAx/wPA8DH/A8CwuduZ/0cG3RIA4Ex876OPsq2x137/9dKnW5ur1U+vLJVqq/nK5mJ+sbqxnl+uVpfLpfxitZL0eelvuVpdn30nNq8X6qVavVDb2p6vVDfX6vPN93rPl3Jn1C8AoLfX3rzz12xK33n/peYWB9ZyMFfD+ZYOugHAwMj5w/DyFm4YXv6OD/Rby7PnfxG+9RzBGjef44eAk3bp8/L/MKzk/2F4yf/D8JL/h+HVaCS91vxP9y8BAM4VOX7gVP/9/xeXn71BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AKYbG7TB8ppms9HvBIR05FLrq2USzMR8WpE/GUsN5aVZwfaYgDg+NK/J+31vy5NvT35ZO2F5L9jzX1E/PjnH//s+kK9vjGbnf/X/vn6rfb54iDaDwD005mnO/N4x8MHNxY721m25/63WouLZnH32lurZjRGs92fxiMXERP/Tlrltuz7ysgJxN/ZjYjPdet/0syNTLdXPn0yfhb7lTONnz4WP23WtfbZn8VnD915rGfMfmu9wrC4k40/H3R7/tK42NyPd138eLw5Qh1fZ/zbOzT+dZ738eZY0238u3jUGO/84bs963YjvjDaLX6yHz/pEf/tI8a/+8Uvv9WrrvGriEvRPf7BWIV6Zb1Q29q+slJZWC4tl9aKxbnZuZn3rr5bLDRz1IVOpvqwf7x/+dWe/f9NxESP+ON9+v+1p/a6sT8A//p/n/zwK73i70Z846vdP//XnxI/mxO//tT4jyxM/K7n8t1Z/KVW/3ef9fM/6qre9/62vXTESwGAM1Db2l5dKJdLGyd6kIsTvuGBg+SU2uzgnB9k38ePe5832imzrtf88Ze338gqB97T3s9OcvSLBzwwAafu0UM/6JYAAAAAAAAAAAAAAAC9HPf3ikb6XZMOuocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcZ/8PAAD//zV4yq8=")
chdir(&(0x7f0000000240)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000380)='./file0\x00')
open(&(0x7f0000000000)='./file1\x00', 0x0, 0x186)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x84)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003e4c4db2dd73b170d455766b483c2231616f7593d6600f10863ce4e0cf870472ad92dbab63c642d3dddc1da5066e6c851e156e4da679415731900b7ca90216920056195903d1470b061a48ea7e1b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007b080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r2, @ANYBLOB="0000000002000000b705000008000000850000005e00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089}, 0x94)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x1, 0x3, 0x7, 0x8}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/171, 0xab}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0xe2e0}], 0x4, 0x20, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/13, 0xd}, {&(0x7f0000000bc0)=""/217, 0xd9}, {&(0x7f0000000340)=""/42, 0x2a}], 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000040)={'syz_tun\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002100)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x5, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x4, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x3, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x1, 0x7, 0x4, 0x1, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x2, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

3m32.656996352s ago: executing program 2 (id=5831):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x24, 0x21, 0x121, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0)

3m31.638973434s ago: executing program 2 (id=5836):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES8=r0, @ANYRES32, @ANYBLOB="1ed5f660efa5d7305913b96e7fc40fd3", @ANYRES8, @ANYBLOB="1d1421f6c044efd9bff36f8d831de2e0c9916f4a752cae505514d81ebab21f84af6ed18d036d6121004e18f2f4ebfe71a14b702ca15a79957e01ab06e6da89642b8fc7fa957f31b263d44d5c49252652af1bd23cba07fac88ed9c10fc60e9180134c509f49b37f25e6d228b9360015e8d97c7eb9a88179b48952d0c274bf809888241d88c4e5ba8dab214c595dc33956b7085d2e22dcd1a9717a967ac7af9f0cd5e71f985f3f9a0a840f47a2d2074561c70a880144f7e71672abdbdc2c713d981fc8db70b1005ce2b54a4b17914533a00b0c85900e5431fd966eebcf100d83d4fff4e01adfa8", @ANYBLOB="016886924ecbcbab0e99e128da24f9b985ab7a9aaad9cbcd763c2e86a715bd4653205cff95ced0b8d2c011770ef704a70f27c3a4449c2b9e934d3ee18ac15d97922182daef1e1151d5b1ada6376ed00f61e14ff1ac7973fd2f9cf19b5a00ecbb4dd271dfc44b8b751ee57b1623a2d80b5a85a61fda03bc2da66c6b41eadaacc20bdcf32291d5e077bccf6fef24eaa5497a2bf932ee1f95e94d3414e43ab25bf1f8aabe7eb61523e5ecca638d40831404f58cc92c12742d8c2f5fec60c9da6f11c4a17e81fb4fa80b0d6e1c99ad601d74d83a3eac4b9c34378134ebf9bccddaa6d409366169348f2d16", @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = io_uring_setup(0x2675, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES2(r1, 0xf, &(0x7f0000000040)={0x46, 0x1, 0x0, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x5da0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285628, &(0x7f0000000080)={0x3, @win={{}, 0x5, 0x0, 0x0, 0x0, 0x0}})

3m29.589212666s ago: executing program 40 (id=5836):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES8=r0, @ANYRES32, @ANYBLOB="1ed5f660efa5d7305913b96e7fc40fd3", @ANYRES8, @ANYBLOB="1d1421f6c044efd9bff36f8d831de2e0c9916f4a752cae505514d81ebab21f84af6ed18d036d6121004e18f2f4ebfe71a14b702ca15a79957e01ab06e6da89642b8fc7fa957f31b263d44d5c49252652af1bd23cba07fac88ed9c10fc60e9180134c509f49b37f25e6d228b9360015e8d97c7eb9a88179b48952d0c274bf809888241d88c4e5ba8dab214c595dc33956b7085d2e22dcd1a9717a967ac7af9f0cd5e71f985f3f9a0a840f47a2d2074561c70a880144f7e71672abdbdc2c713d981fc8db70b1005ce2b54a4b17914533a00b0c85900e5431fd966eebcf100d83d4fff4e01adfa8", @ANYBLOB="016886924ecbcbab0e99e128da24f9b985ab7a9aaad9cbcd763c2e86a715bd4653205cff95ced0b8d2c011770ef704a70f27c3a4449c2b9e934d3ee18ac15d97922182daef1e1151d5b1ada6376ed00f61e14ff1ac7973fd2f9cf19b5a00ecbb4dd271dfc44b8b751ee57b1623a2d80b5a85a61fda03bc2da66c6b41eadaacc20bdcf32291d5e077bccf6fef24eaa5497a2bf932ee1f95e94d3414e43ab25bf1f8aabe7eb61523e5ecca638d40831404f58cc92c12742d8c2f5fec60c9da6f11c4a17e81fb4fa80b0d6e1c99ad601d74d83a3eac4b9c34378134ebf9bccddaa6d409366169348f2d16", @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = io_uring_setup(0x2675, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES2(r1, 0xf, &(0x7f0000000040)={0x46, 0x1, 0x0, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x5da0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285628, &(0x7f0000000080)={0x3, @win={{}, 0x5, 0x0, 0x0, 0x0, 0x0}})

9.149976175s ago: executing program 4 (id=6706):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.061571661s ago: executing program 7 (id=6707):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00000000e100000000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)
r3 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0)

6.763002308s ago: executing program 4 (id=6711):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x38, r1, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}], @key_params, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

6.465407141s ago: executing program 7 (id=6713):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000380)=0x4, 0x4)
sendmmsg$inet6(r0, &(0x7f0000001340)=[{{0x0, 0x0, 0x0}}], 0x1, 0xc040)

5.613195933s ago: executing program 7 (id=6716):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)="f89fcfb587a4792b", 0x8)

5.52627756s ago: executing program 4 (id=6717):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x92e1, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

5.375485382s ago: executing program 3 (id=6718):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6800000010000108fdffffff000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000400016803c0001"], 0x68}, 0x1, 0x0, 0x0, 0x44004}, 0x0)

4.777799351s ago: executing program 3 (id=6721):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.701548309s ago: executing program 5 (id=6722):
r0 = open(&(0x7f0000000200)='./file0\x00', 0x40, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9ab}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$VT_RELDISP(r0, 0x5605)
writev(r2, &(0x7f0000000240)=[{&(0x7f0000000200)="d93db731205681d52d10713337237ab8f409e9d0286ac4f933a70765062bd617b586b1232882b4bd1d68", 0xf000}, {0x0, 0xffffffc0}], 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0xc000)
openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]})
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r4, 0xffffffffffffffff, 0x0)

4.591300792s ago: executing program 7 (id=6723):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00000000e100000000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)
r3 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0)

4.310915607s ago: executing program 4 (id=6724):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000053000000000000000000440f22c041", @ANYRESOCT], 0x53})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.222848613s ago: executing program 9 (id=6725):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

3.80580929s ago: executing program 3 (id=6726):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000580))
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r3, 0x4004743a, &(0x7f0000000300))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00))

3.494717916s ago: executing program 5 (id=6727):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x38, r1, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}], @key_params, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

3.164600368s ago: executing program 7 (id=6728):
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000000240)={{0x1, 0x0, 0xfffffffffffffea8, {0x0, 0x8080000}}, "cdb372b4dfe02964a59572ecc37526989e90f15cc175ae8c93ae45591f356c6884a1eb49a1ccc74c2260aded1979bfd746a27408d1220c39493a1d3b65f5306464393183b3b654e5237f83855fde05bc36e88baa2c07c6acd1e5d8c2b3736f1ec8fb98c1b5c20bae0c02c146f4182375c277e8647f577021416f8ba515ffa35cddd261d521df3e841a9179cda39879511c2e9ab06778ce9ffa6f2c9370d7af33bc74d16360a42aa2ced6433463ef4bbed671371e8eba18f2aa973f65ff1b5b35c7c67638ba4aaa64a717f556fe32f70ab1f227b75eaace9c63811a4abc99987e6c8964cfac90a0ca3384510dc63e3e3935540ce749bfa6a8785ee00fe862262ce28ff980e350a64be310b5f576ccfb5a2ba166b324b4bbe9f23030a79f16f20258d077d87f7b1e5b8ca402ce6e51b3236729fde5e6f96d7a94c8db3cc00fdab35e2544ebb424632bb9d82cbfb21146bfeb80e5f5e26ed89a6c521920b5c02cd9cf8063e1ef18919946124f64f749f5c2e3d603af2b7a2d2d24acb6ebe5f47b988dc51e690d9aea44fece3a353bae1b80dcae49c8cb6443978623b0ec80cd0feb0a134a51fdd2b1912a45c6ca41414273268c676bbef4ab3e2f7ac5e061d6dcf0041af2cc971a27b616444ae913033933ed4b1d89b96c8ee9edc86ee12d5917695796906d4822fb3a931df763e3a8e8893ae4749765bdbae4377ce47fb5e26890cb5178c03dd0df248bf35caf84f3cea3d7780860cd51ea04f28dd6ce80820fda0ffa3f33d38adb2d68d41db8ab27d4cad8b7abb026827738fb9c59d043199cd27c2bdf9711acb36926c730e216de7ad2de0326676916586ec8325f4b13735e34c4d60bd27e2fde3edc95dc59cb69c1dc25569da425488b6b6e9a63b17964ce1fa57bf2c7508ed199cf64a5cbc23b01cdf08b1ad4337f1b0aa02a6c137fb90e32fd7e204966170aa80fca868a45d496be7758c47f83760208793eb1600b6ebf4d1d2dcaa2b741f1c0b9f8844b9e68ec7f7123083c69f1a97b66961279a6aa3498f146f7e517c2f5a9c0b0673b93dca4fe0c48d53c8f5f89bb7ab0476e00a13e020370077a55c28abccb585bcbdf29966a4db1c3ab0f3f58e54640032484e08072aac638b9c9dc9655a525e9016d9b24358ba477695875e3abd484ff3adb92069825841c3bd1870f708cc25288ee5cc4a6d7fab62eaa724a7acb4ee5952db977b4da11597891f5c5af6086ddf387deb19ce0995ba175f830c94b5adac04d8618a262b3059fe96d5b18690e5adf3e592ae77fed8214ef468d0cacdbbdb1712cff009e03146b57bab5b8302a5ed0f75f59c63877ad8fea5ec596c667ffc2337343e1726e79985bf7c663f8dca6ae731dd96486568d0c0e4c3a3860d7250e04373cc55018eda3ac9077cd2c5317df8992b548e34344ca97a9ed3b6f8bf1a97e060231657706c9e8ce8f03805b111d4bf1a559f4cf0822a20cd9ce06b56c5f051317e187d76a303af82d2053286d5d3cee381602170f5bb4036fb34c080992e9f7d509aa230935233dac608f533ae2a26c5e5710e6c2ed1bf61303cc3c47465791333dae385f91de77c3357fbedbbb64ae3b868ee90b98ab647fa0dcc85bfbab33058667b95106519c7ba80246f73391919fb575dedfe436fb190e828fd58ac25537a4ba5ef0a97c595ce67a740d1cfd84a05d3462d9203dd6ea94f60dc03a29c3c81aa25dce4b330fa7500234016373add8120018ea6b5fac8597fcc8404c793658db3277e2a7e042cb56420002922183f14af74d970dec12a781763c1d9d69cf664b065a9b09491b1ff043e9c9a2098975c17e82a5d06b9f1081c43a539669e95991d866f3105e0b327ab8659e23bf1b196603c7406221e47494b765a114077187295dfafc261ea9ad3064b3449c6e8ef5e2517f609995adf82710d6c23a83e06f61c8186017afa6b2de5b28082770edfc81ee72e46fd1365d0a7583e3609ce420e54cc7a2d57542b924c6c5c9c896d068912adf22a97b3547502d0181d2c69729c539921ab16c466ba6d1d518c3e787fb0e9f708c9a1bc6d428355f0a3bd574397a6f8eda6a1503854a1bd4004719db60a9b3fefe434464d9f2aaddf44ee98c503ac606b7d4d8bac4efa557a77fa5a31ed8c8b48cd1ee6e4e7731ffb273bf21838f4e0cb8eec8a2cbd8acd40c15fcc3959ec3b4ea86680fb1e65743acfc164c6ae830f81a00c83102085d6ae8c7b4424ee0e86673015d98449252de73a25bfbe1697ff06aecf299b2a0e7ce452ba6bcba6b6da2c494cf0ce51cbb555cc2a371bf5a595748486825b0798221f40d2c29396431d13a03248874b893c7880d3b87cf845858a31f68fe57b032e3e0204fd4fb23fd5b2357d8e4f6052dd058b3bf6cd913b4341446e62895d6a367e4233e25ef3aabfb7f35a2804938e3181b6f551ac4a947ff016a12dffb53e7101b6ee911fac7637b2786cf95a4611376d0ac7b1e61c763040550e0c00ddb39a11086e08941c518a5ebedcff2c9477f7be26ad4dc48d837b85d082b4a54c8ec3f1caff75f7fb8f1282df6c5b336c2e56c0f35d9c5dd38fc91001e950f5fb41b58a620a9ee5e6b001a637aad4ec9ffd09eb762fd0d1d8058ca0e544329ee8693547095264c46d9b716fe56ff991b28dc056caefb0d08c0c509ab0eafeffc280684f8654b18323eddff28b4e778a674b4d5b85df786bb12ca24e1980e56032d1d32eb472954eed24b99bbc404dc920e16d4f8e792d6fe581efa82420085155ab9716dc642b44e2a9215cdaaf3df4fa5ad66a26804ad87b7520c132fdb595ea560eb408b5d519cb31c2c6ed2a16fe971d7ca71b7530af7478f06509cc988b96b27dd3e667ce4b08ca685ae818527103addba74d71d094e7a989a1d973fc9f1cfebe848c35279cfff728928f77af22430daee46cc9242fa4afe5197e6b42811396f9136fbd545826e020a910fa790acf9292472b7ee3b34723d6f56781d5c061be6e535e49bfcc292a1208645c730b6aadc94e56f05c6f8ca71c7fde81b687190accb75b08f131d61d6536cb3810eb2b6006336f700f1e6ea8104de9c9c6c9f4566a3783d253e3153e9550b91d547430bbe6dc2b586ad5eb67c7add5b009fa44c416bfbe28e524ee6a2d0b016331037010fa882db5d35cfa359d1c7a173cf913e11b8888d0f37b75011f26ce9f97b132dd6f50cbf4bd7d1f9201c55b7ebc08c4e2df4a3b35d2980bf8ee63b8091fed356f764c0bbcc95a91afeb4a2c1deb3fc0c44fa76d768fed87d737bb3380794e4b67932e7492e6558ca53599a446664031ef83e6a6d5362d89eac11c767932f477201d2953b4bb6058f4a3baca2968719edbf41ca5da5be2efeb9bceb38e2f1394ff41d9e93ecc746175b8e5fa2f5bf903663cebc1266ca7a2f8c57340c1ef42e4fc8a85d76ce24237d16f1ac13d32bfd1121017e9a72ad3fb0e952a296ff9a79bdc5be6d8691696720d97daa7c27fb9489e47584c00c854779de5980490afbacad0d0774a7f13e424b0ea955a87b7e296a40eca7ab8f45ae76170da77fff6b554c50dcdc6a261e8ebb7d2f24583023d001ff218ec7844fb4640736f04e9f7d968aa74bef26f65eae961a4857a946d3b221818a798d65bf74f8c0ac1b4529e36183c49606890643573722d467f4c464e68069955e561ccfd4423c2a240cfbb96efb668844ba0a1ceb910ad4ef06cd0f13f7ffa85744bdd0dd16ca27f62179b3916868187421b6d9f9c698d6542a02d4c124373ce0f10cbbc6b9a18385d99519f06a24aa9a4f5560157880233ee8352f2e9de0ffa333bb50932587a70153a37f25263693b86dd6a61f7d1f40cac0f205b65fa2faa3098254fb084160c271addea6711ecae589870450b941db419bb27c8b597982b704ba0ea0189e7b5cd6b72e3529cd77e4a79c752f2f7af6aa43ec9eb0bbefc91a02a85871771189c1f9a0742e8e6fc2d71575e20631dee592f0ed44c9d8f6a22e7d7844445066ca5e8bb97dd5c2ca0365d7c33563ceca884e8e14ba21733c4d2415c1be9369298fbd616fd792bd767555aa2deec8f45e92e10fcc88079cf0093ca2e38adc797845548005a0660b5cbf6423d966ebdccb6ce9d5d476bfd562dff0dd1f8e576d424c0f5cbfe68a3a571e860e5665861a133bc8eb3d9838e9a88f18edb12dfec18a488ad1177ca22f6f763beee9c1e0dd61344997dbbc6de56800f15d2b04a4d83a0b79adb12c54aa7c418d8fd0c96b5797a003b8313d14093fdadd4b530233dd1176e86090e0cc5401d6f98529de8bb6094b8e2f02b53f562a4c115655dc2619811d8caade655b767a5d4fac6c10784bf5bb06e9f535fd1304f383e39bbc5ce58a5f2f9deb9af1d6df6b491fbcbb9053f9bc73da0ae2e815ae72aff41c71ab7adc71074dfa6906724f18b74a344f7911994ee8ee843fd991de053dd9fae152d02b4fe0818c6313aee7df2f32009221f6c2d0ef9b53b7c2e795d64dcae34e5fab88e6b112b935fa836c6868f72077c57a42a940d3c0a667f3d0b674a3de2aa8c3443748c3a5ac949f72ed49220a9cbf0896794f58e12b74a1d7c7bbf8bec7d8aa055855c34a6c25d6fddd22a73725ca3daf8e357b8173508be65d329a4b97820cdb1c7a98d222a839b4da2a33ac687ab4004f5e1d90be7dad53a50ab4d6bc04135e0a9f31af27dc75eae3b9e7fd7459455a4cdd7faf94c5fe701d66d2006719b9acb72db3c89ca61bddea7c0be7ec769ec1cbfae11a77f36a59966f042e5dd32ece56932b083f0cb68c92194c6a4ca0267186b5f3ebaa25f63b6a1b60a2a5c78b9b5b488962b2ce4854b51ab2bc001231b6be3fcdc5563b0950165da87745e387c1205ba808287a8cebfaae10ff461c2933d775c6cddaa936d1907e29b5b4e1ef0a000aafab5363dd692560a291a71f06552647144cac4884a8ae8f2dade616384eeafa54f84737d1613beb945faaa4a316ee2e2a3a094187b5edba42358e930c89bfeaf4620bada8aa6d6c8800d1b19548a308b8310a0b51c8ccc7db60aa2a04fd8b21769a32eded238f93f476b69a6548a8a17aee1d0c4476db41e4eba24d9351d3f98fac043f423ffead379b6cbfb05aaf705ff0dca6e5f6ba36d00d1bc98714a92c8ac1e7cbf441521c98e2b913dd7a5d8595e0479537029de96e2991652243fe3093594720a0538b1687711bf0bc46a1453ebe60c5d33bd798b66f19e69c90e55c2b68b62d1a759a3519630798dd4434fa658b013e28fe9befca82abc1f89a3b246f2fd44df84f88dab2792fc67b3ef2ef8eef84e441e2a7ff5a83e3784a5636a7d4775f5b3063d8e190bfcedcd8083d864d0cbb2fcca7af05cee2be552d89c801e760348dadf01ee4dbb9fb09d5b6c993ab9ac9ff7d5e1e104ab3a894f6cc9067ad64c5a97d3e12efd17820b3c07e4ce302a20fd4c5b5de8752bc4e609fbe9e6cebe713f309229883790ab6dffc22864f7b02fd9026a07299f8cf1e799acdd448428199165abf20eee23988cfcad773c7bc483f941f994c07f255e6cd72e7198f34bcbcbd801abb84e6e383d7bf6e217ee0281f4691beba5d17ef8bd59d7474540dda647ca3bdb8e280a2e6b7a7688bc677a25b2186b1e59e637737366733d75f02a597b7cabb18e75a1722d2327f4f2f101955ca88636ae97d5740ba61d7867c5141becd39f7fc5abb5b96142e0995046c2ab369ac46c18159d5a3569df964e69e7686471ac756bf0515fee78904fe8fcec2096b5f3e00", "8f9bea13d6c1793efefda669a3bfc1a1f2d2afea1c14a5b35aac4a522cce409cb88f5802ab78a0dc4ad9e13501a073e6fc60f1778eecc8a6f5299ba9f7dcdab9079dc269bb0d7bb287afa53a930cfb99ca80b3c23dd58d7a4d8ceadf2787fc4f8c638dcd55f8e962ef362db8ae2d407ea8f04c151b89947d52c901335b5ca070883017289368b02ae4676286906bf2f984ae3b2f4ce4d345ea814a725ef388f09b6b6dcc519515885e6e5062d9cd7e801d8a14b1c5b86c404a3bcfb968a48710eb7c451630b0e3895739f51e1379f25a9848fd01021cc53ab10691091090b2cad44133a51465c16c2257cdde467cdae5616e809ad2f3ca71a0b4ae46b5b62142b1d6f782c4286dbea20f02bae71821c1c956172806c55069c3e33f8811a31a44856a1d0521c3e81c12b6dcae2b0e5f006a9468614031c6ad977aa589e4076f55a5528d7b408fd429da83d78bc7dbb794b4117379334fb9167b872d0459a457ae425f768052a583f23ff60a29f11659756f40240b1939fb8b72c3fbe3963680fdcc09900ab387757c9146d223ccdfd5aa26682d39aee3e4b327748d02f82964c117fd480804952654de00db09934cd5c1786b35453f18515ec8f28ee9aee0bfd367eafdfccb54ed29fd08bbea75ed8b6a93c23cb337ae900ba89dcbb3d87191e1e56de67175572aa09f2eaa4fc1f31055b08ce99c30dadc63c743de7fc3e5e0511c98d6b37132f66f09577f6a5f9d113865830876d2f33887136d976525d195790184b7eeaf82169128911c37856b5e75db9999269b252f12d07c62236fac6835a3c13261c527d03d33df946ddfa40c85548ddb9179cf5d963246e215fa0f76472f9f24493aad8db71422f1d1c31a454980f2499294f858de9e8a4937f832b21104c843d084ba15466453f9fd830a1d7d5dbe801ef67c2d6ba52cefcaffa798dd47e9d1e94729956b62ccaf200ff3c32e41cabf86de920f74e1c9e00391909b622505388a3d297b4095f5aa3c17ef5e68c4b3ff18855fd13ff2fe3b1746155d149baaead01ce8d975730b235b1fca6a158f219d3256489d1421e9a008434ae4acc01e583a3145633bd217a6b74d4165fddc31499b6bde7341aad811e80ee6aefdb5aa993926b57d90c0098babdf172c2ec2fe85ba0b75bdc898ba9a2dc7383533b70f3eae8c5c91526a9d5aa99f4a91c9a4235b05558f9871f1e2254a2300e7bd5b4c0fa0bae78e00a53400ca2d1bd03f9d47c82a0e8a17519b53ab0274dd5fcab49ef76a567c156b947b38744657321da66d2983024a67adc00adcde04f35fc2cfeb39c0adcaa508ee7cb8b7a6b73b4deeba620538003f11f390d108c466a2058db84b122b62844f6aebf2d119ea050ba34a1152c439b4ee0491d9417398ec2b7154bdb39ffadb6385c52108f61cc0847cc8e499b3009b00ea000d1c84848c8213d82aa2c87d9c7b15fdf23454190b5c18f563985383a42c2d600155970c15cde8da2d14ef5908704966c286d59a5141bff15ed1e8b7c1252d8cbd641c70f8129ca870fa1235155cf642095b20d88de5c0a0ac6e8969c05996481d1e8e7f9cae627ad6cd374bffa2c8714c84e735384c4064c2e194f26ea16d3d99259cc394d2c4553578ad251c3fe2b88b316dd3533b644ec59390868fe5e7f79fa721ae8dd5ded8ceefaad3879b8c5577bb831079b44fab7db38f0b61d74ed192b2c61cfe6bed13049db2c6b85434e46194230ab022f7d74be00a844023d9b423eb03ccfc0ad3e61b950cd9801941fd8e5d4b90154ae9f173b42fcd658190758f21af8ff9086d4eb12bc3496bfecd99211c1048b3ce4dd25f0934d7f17d45f50084c4ef7c31625080a1c1cec43922d89d1945f675d980e8f2b374c198fb6e857d099c33aeececaac17ab9c12c343051e7dd2f8786883339dbc643af493745974a4da505844e0419dbddb4eca492713d006a5ff47d78dfac1642acab8caa7bda595b6b9532edf6da9ee99711822fabf8e8783dc8f156d1490f40ed6aedb4f97ce55269a2070b4aa3fc51ef22d9fa8342a03ef1b27831f83ade237f4344797eb29f9bbc6aced4005f4b379a1e0b060b4f9cbfce975b9bb2b53e1228c91753a7dfe6d67282d565c1ef42a15c1ff0d49f1128694336eaa277fd691de0748740241edb9250ab53e53523b2217fd4d554fe482c35d8ebdce8c2d053ea2b035a5e8f9ea2e683b24e418698e48b6bb8275c6938c61a6fcafb1f7c73a344db76bdc8cafb1a10b13121e62e3d9b92ad50241ec0908d73255cb72ab5d144757a55c116343e6e6c61bb0999615ddca343e02a5e3438cc9f66b1619c4467b12e615918d2f27392977775c165530dc0059bb41bd6103e612ef5bcd7f2df54ab86a05836b0bb685c05e935da8dfe4144217603c6e4f703d8062af788c7acf61285baaf7c7043a0602fbe8d61daabcf07156f7ee60debca3787d1f4b60f39c341df2908bf7944a5753883626920f1e82eeb374409fa0b331053a9c6bd3ab48682d228ec04d7cb3eb94917d00bc97b46ec14f1681013969cda5ea2c95fa390b3d6422ce0ac242690fbf352d757c9fbc66d06b0e4578e43f032c5f033d54618d178ef0fabdb00108d23cae66bd4ce059709b01e5b8ffec5595865a1c77c0bd8a1f2cb5f13d2b49450b23d021f64247966fd07bee6538fb0565b7eb41489566bc066107a345d705335bc918fe2e3c4edc50872fd25933aaa908cd78eec4e414d46c035c734af8a5b8d47fe62a4a9c49da0cf6547cc8d6702a2468c8d6fbe0ec7d90888d0bf3a0c7c42507d0baf458ce087d4c7725f42edad430abf233b064186c111b4c1fc2861e74426a31d04e2ade9d7acd8f0ac376b712d1eb20175b93b6900291b5625f90276f0857af6b0d108ddb0d772f501e687196c7caafc90010403596a6b5735e28ec6363896c8719e6002dcea716038e7b773c250c98aae730a7f39d995d0c737ff6e29c7a548c69896355b73d50eff7f7a1238f66601d10e4ccc6fb5e924a59bb41da1eba811f5acb22e8bc3719f3568d0fdc0868b29df0727f5cd50290a1845e22d523cde3002560fef504bd2c9a291c7a81a4f2b5b8a015f379009e3e8baed5d35c4a03e09afd37d7fe9d86e86eb53701ae8016d5a19ce5e96e11549ba09e3c2a6700ea84796091f6ca47d4c68fb1e6f4448e1b72f6d4b8af491b635208b31356140db8134e5a1594e47c7ad68dcd2399f49731c60f5f6c101955d4c31275df3d4ce3207e8dc03b87cae229f1f1d09f0064ef7b0727f787efef0369222717129287a9b3a375e6aadd40b6fdaea3d43cd59febe098b7f80d72343bb147a20b22b5de8fbd32bf4ce64f3ad2510dad9c243327e7c706b06004d1cb82e9cc113d74bb9cb820e360c9a8992b884a65234b93250f7ff8e7271983c6505cdf0524b5a8e60f8b3d86281a903ee62d3010d62a788d360182c1106486ee1673f5b7da5a2a154cbe53697305907f64140283f78b9b3b78d2a420586bbac1f72b4388258a0e7c1cc26048cbf3e47c593e9d3300e98931801efc3bdd0ed74e0d3b4f881c66b71a401d9719a1231394ffd04b35bb3c5dcc5ee18696e8327ef9f0f7d8ee218662ec6e747d5c009ba9462d0fba519be8f5f951a5bc077a6eaca928536f35e5929863357cc025fb80c5806d3b7a9f2645e1f6d3239bf763e9ff16fe6bf30d6139f2a117fa1db0d6d2c6aaecf1cacc1b28b24587c9bfd48e52f37651cc97c35d3dc3834b7f973213d0edefdf42a239da89bf1b735767f9e38119de3fd24dbdb34c38068888dc8ff11d19b1950772e283903ce51b1c13e86d58b283dc8f8a3c9456115b19a0561f3aa9c7eca553c4e5bfc20b5da4b32e607a57c2577ab2a65cedb2dd754a2363b37b138ea37e2e3546eea289da7475850e393e7331416bcf4ec75f0c6e654df1fc513e0dcc52ba57e9a128d148cf42d35fb9c7168c959e1ed6e4811fba1662c22194101a6d8787e037a35888117c854a2ef8f685076771ab5aefc8135cfa4c2a25680c6566e0fd19eee7cc86ece140efb6fab4200eabc09d834239abf5f48b46ea51797ee393693270da94c3e73859c01d1042e2eff0b1c4ed41ea560f38b8483d94b9dace687bbe8993fc4e2872b686bf299bb0dce34874d940fd2c36b5270aedd09e5e5a952d70f191e011c7e269219477fe8f5ded564f14fda6461b64d84ec32543a7ed663d8d27d8b8893942e0b7167f3f7b936f8f1fe623248d9815c5969f3a22f0fdefb527d9a870d7ece5430a9adcfee9eef05d235a0c87989965b20bad18c96d696e817c95693fec426ff81f1250e81c244058722243cb3e2df722ac46554a368a90a81206628fcc889cca832a8d4ed20188db0005b1b1c494e3dcce0622dd72ee35f4b4ac447909937bf67807344f5a629230752645aee6c70a885a80ea0e491fdef70648bfa0060ad78b122f2cc0637feb6c5754073d71326bb5a5c0b8c9890fffab1360d647d3a7b4e4bfb29c3162f311d7a1a41c3c5f739542ec723fff2c1e086dd79b1f22f3ff5a512e7ec7dfa54cc6883ae22b949139b1f029f8674ea97c5fb8125a3dafebddd524acdd1618c9f9b9fdf0ea659c4bd4b8da12cae75d1f5ae611b8fa7fd23ff0ff7dcf8a10540120d03d72db15d0775075c1c30ba7e6a07ee6633fa6fa396ca3a5799a7905db5d49e8e8ce00eb7a9af5f2c60749bc28c4b188054e21f44f28d2d1258326ae27a1b14d4704ffb93ff506bbf07e0e4e1bf2502fce11eeb83b9c491a68db0744a61ec449f5338c0b40d77ed16de2d935320bbd2cea2a164f26e7b619ddd81448009adeadfdcdead9df5a1c6da9aca64f373dfaf7cb940aac9f5eedb7a5d49eb74dc0e0819b05f328e9a4ddf3ef0a27cf01a853e02bc69970a32930c48509d726600dc7ee95e119d4cb28f87aa13b7ff846c338b5f9090586ff7bd983721d4a4b5a2e9a3e1495644483bf14861d524196f0d73265688794d6b3b4ce8b3f994c56a82a02a35aeaf9f79c08f5280a6ba0187eae965e412f14cb379869c997564b0a37349dc535882d5d4054d18bf44cbfccbdb8b377761096c974b3dde6a9dc767937bc3430a7fb614671e73ea867b4cd499f2581766510ad70811cda49b69b5afd380ae2ad43281e6640d4f20b2615f3c0b20f7d45c69a9cbbe7933776e07043b141664c059f1c6de17d44eed8b6242d6e8e8b3b86cff4306a9657e6d6f0c429f52138c6c5f7d155bc713432ca75bbf77c3a2c06e546474a7c327d10c46be64e6729643a9455420c48677a23c92f05e3e56f7fecbee4dea0b9eac600739cd068305bb6aea50d5d1042f821e78f2942d603c46a1e4541756bac183b640935dffe8309e3e90a170ca3d126375a0177b1d94b72b622607af60a2cfb9b63464689237fcdbb752e89335aa96c615a59e39fcd89a3a39445e78fb5dd491e29f638c162c886a762b16850863305496ca80974c3d39892a255f9a26b438662e6bc67e1d5115acff5bee940368df7e182ac1cc24331adb6e155ecfa1257d2f47a6b959f2bcf2dfbf86613c7761746ed85fd7e2a3c7c8602ee5143b100bd0a5026146becd255004fd8728bcfad605fad03e754ff1245e7716884e7e6898158ca4e9ba58cf09d8afe65fc18c2529b43a14e7eb7451b8072d68124be7b9133301d840191435de4704e2dda8ccfa87013f733aa10431faf7e46be7a391809af91e5e98d63c80a13c4b4fbb95b44ae5540f62f43036daef02b5dd404c0b08d46fa66fbdf0b4ed839494aa4c85194dac555e4061481c6717a33067"})
listen(0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xe, 0x0, 0x0, '\x00', 0x400000000000008})
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x7f, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.740490858s ago: executing program 4 (id=6729):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000380)={0x28, 0x0, r3, r2, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000280)={0x48, 0x2, r2})
socket$netlink(0x10, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.507606262s ago: executing program 9 (id=6730):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000040)=0x1)
syz_open_dev$sg(&(0x7f0000000600), 0x92e, 0x100)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000100)='./bus\x00', 0x10040, &(0x7f00000004c0)={[{@fat=@time_offset={'time_offset', 0x3d, 0xffffffffffffffbf}}, {@fat=@nfs}, {@rodir}, {@shortname_win95}, {@utf8no}, {@shortname_winnt}, {@fat=@gid}, {@shortname_winnt}, {@uni_xlateno}, {@shortname_lower}, {@shortname_winnt}, {@rodir}, {@shortname_mixed}, {@uni_xlateno}, {@shortname_lower}, {@shortname_winnt}, {@uni_xlate}], [{@hash}]}, 0x4, 0x36a, &(0x7f0000001840)="$eJzs3U9oY0UYAPAvfWnSXdD2JgpC9CZo2e5NL7ZIFxZ7UQn+OYjB7aokVWix2B62rQfFo+BRT94U9OBBPIqgiDcPXl1BVsWD7m3BxZHkvSSvSdrtLnal+PtBk+nMfDPf+0PyGl6mLyxG+8J0XLx69UrMzFSiuvjYYlyrxFxk0bcb42oT6gCAk+FaSvFnyo22zUwOqdyGtACAY9R7/38pIhoxl9e8+fVh/ZN3fwA48Yq//08d1ueAzwEiXjuWlACAYzb2+f/9+5prvZ9q/9dq6a4AAOCkeurZ5x5fWol4stGYiVh7e7O52YxHhu1LF+OV6MRqnInZuB6RXyh0Hyq9x3PnV5bPNBqNnfhlLpoRMVUENvMrhaWsF1+PhZiNuSK+uNpIKWXnPltZXmj0RMTuTm/+WKtsNqfjdDH/j6djdXjh0R+k9xRxfmX5bKMYoLnWj9+J2BveqNDNfz5m4/sXB8Ok1L+DcWX50kI/6WH8ZrMeFwZ74cBPQAAAAAAAAAAAAAAAAAAAAAAA4JbMNwbmBuvnpO5zvlLO/PyE9t76OHl8sT7QXr4+UKqnSOmPNx5qvpPFvvWBRtfn2bSQIAAAAAAAAAAAAAAAAAAAAAxsbNWi1emsrm9sbbfLhZ31ja2piOjWvPrtJ1+divE+NyhU8ynqEYMpGsW02+1WyvqdUxYxHp51J+/XfPT5IONyn/pgKyamUT+4qdO5476f3x/W3Jv1R/572CeLyRuYldJ4dGTktTvzlG5mRw0KZ8s19fHZL6eUSjVvlcMvPT8+YFQiqjd/4LbbU3Fwn9QtfHPl5bv7e7/1Zco98ODs05ff+/C3dqvTnTl6R7C2vnE9tVuVfucjzF4Ml3qHYHhuVCIvVMpnQvWwAff217SyH35/5p53vzvaTkjlmte75/NInyzfnE9Hw2t5oZvmSNOpYfh0sRGd1ekJJ/+NCrdwTO/64IuPU/rp1yNPMTQ19rJR+XdefQAAAAAAAAAAAAAAAAAAgLLSd8ULxZd9pw+LeviJ488MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG6f4f//LxX2dmOk5iiFv3YmRNVX1zciav/1ZgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8D/3TwAAAP//D7VfEw==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x1a5801, 0x44)
socket$netlink(0x10, 0x3, 0x4)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r0, 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

2.427286514s ago: executing program 3 (id=6731):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6800000010000108fdffffff00000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000400016803c0001"], 0x68}, 0x1, 0x0, 0x0, 0x44004}, 0x0)

2.34590811s ago: executing program 5 (id=6732):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000c88)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
r8 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32], 0x5c}}, 0x40)

1.875005181s ago: executing program 3 (id=6733):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000180))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)="f89fcfb587a4792b", 0x8)

1.750909219s ago: executing program 9 (id=6734):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x92e1, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.57139915s ago: executing program 4 (id=6735):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x51}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.313609738s ago: executing program 5 (id=6736):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.252795948s ago: executing program 3 (id=6737):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x90}, 0x1, 0x0, 0x0, 0x4008824}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x401, 0x2000, 0x10000, 0xb998, 0x0, "194f2f83c2e798c3584770116cdbc8819592b1"})
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0xa04c, 0x35e8b531, 0x1, 0x8, 0x13, "53af0f0b4ecf6c29bf81c173f4a8f5f73eb62f"})

1.142679993s ago: executing program 9 (id=6738):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c80)=@delchain={0x140, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x110, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0xe4, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xd0, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x84, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa1ed950478a7e526d5afbe8006f3724cd7d7553d2825013cfb6f6c75b881ba7"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x3}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x40}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x140}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

554.036971ms ago: executing program 5 (id=6739):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000053000000000000000000440f22c041", @ANYRESOCT], 0x53})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100"/11])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

513.581704ms ago: executing program 9 (id=6740):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg$sock(r0, &(0x7f0000006740)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x5c2e, @mcast1, 0x8001}, 0x80, 0x0}}], 0x1, 0x24064044)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000500)="ccde1b1a4ca56624e9f99b266b90f34996b5e4b40aaac1b1ddf415caac0b1ee33131327d3473a2fc7ae73d68ebfb412583feed906281a0b736206e9c25b3d437212f7a21a90b8e441fb49a7f7912d5ee000515d6460081e527862d3438b5b8ad211e024938fa4cc6f7936a253069707f8066bf967d63384f775e4980cab242bb0eb03f60b95b2ce1b58c5c98bc6230b574a0e6ab905f327e5ab5444e1ad6c1fc4628b1120b13fea9ff6d64075430c3dc77cae3d043", 0xb5}], 0x1}, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000280)={'pcl812\x00', [0x2f00, 0x5, 0x3, 0x2, 0x0, 0x1, 0x1, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x80, 0x3, 0x4, 0x7, 0x70f]})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

195.330366ms ago: executing program 5 (id=6741):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'ipvlan0\x00', @random="08f199646398"})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x60000, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f0000002080)=0x64, 0x23b)

64.184377ms ago: executing program 7 (id=6742):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}], @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

0s ago: executing program 9 (id=6743):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6800000010000108fdffffff00000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000400016803c0001"], 0x68}, 0x1, 0x0, 0x0, 0x44004}, 0x0)

kernel console output (not intermixed with test programs):

(device loop8): ext4_ext_check_inode:523: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[ 1665.859084][T19700] EXT4-fs (loop8): Remounting filesystem read-only
[ 1666.368706][T19700] syz_tun (unregistering): left promiscuous mode
[ 1666.527377][T21970] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1666.626473][T21133] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1666.662626][T19700] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1666.793680][T21133] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1666.945653][T21133] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1667.104468][T21133] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1667.532040][T21133] bridge_slave_1: left allmulticast mode
[ 1667.538245][T21133] bridge_slave_1: left promiscuous mode
[ 1667.545370][T21133] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1667.563119][T21133] bridge_slave_0: left allmulticast mode
[ 1667.569681][T21133] bridge_slave_0: left promiscuous mode
[ 1667.576637][T21133] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1668.109660][T21133] bond1 (unregistering): (slave gretap1): Releasing backup interface
[ 1668.147530][T21133] gretap1 (unregistering): left promiscuous mode
[ 1668.154899][T21133] gretap1 (unregistering): left allmulticast mode
[ 1668.305367][T21133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1668.320613][T21133] bond_slave_0: left allmulticast mode
[ 1668.340693][T21133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1668.355022][T21133] bond_slave_1: left allmulticast mode
[ 1668.366177][T21133] bond0 (unregistering): Released all slaves
[ 1668.407933][T21133] bond1 (unregistering): Released all slaves
[ 1668.564905][T21133] tipc: Left network mode
[ 1668.993650][T21133] hsr_slave_0: left promiscuous mode
[ 1669.029406][T21133] hsr_slave_1: left promiscuous mode
[ 1669.039030][T21133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1669.047077][T21133] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1669.056481][T21992] netlink: 48 bytes leftover after parsing attributes in process `syz.7.5618'.
[ 1669.153241][T21133] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1669.161438][T21133] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1669.282303][T21993] loop0: detected capacity change from 0 to 512
[ 1669.343726][T21133] veth1_macvtap: left promiscuous mode
[ 1669.350573][T21133] veth0_macvtap: left promiscuous mode
[ 1669.356599][T21133] veth1_vlan: left promiscuous mode
[ 1669.362483][T21133] veth0_vlan: left promiscuous mode
[ 1670.281885][T21993] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1670.295828][T21993] ext4 filesystem being mounted at /586/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1670.451875][T14060] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1670.462376][T14060] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1670.472227][T14060] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1670.487306][T14060] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1670.499948][T14060] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1670.912620][T21133] team0 (unregistering): Port device team_slave_1 removed
[ 1670.956412][T22010] xt_HMARK: proto mask must be zero with L3 mode
[ 1670.970505][T21133] team0 (unregistering): Port device team_slave_0 removed
[ 1671.240250][T21133] team0 (unregistering): Port device dummy0 removed
[ 1672.317216][T14003] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[ 1672.469335][T14003] EXT4-fs (loop0): Remounting filesystem read-only
[ 1672.540590][ T5808] Bluetooth: hci0: command tx timeout
[ 1672.853376][T22028] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1673.054767][T22004] chnl_net:caif_netlink_parms(): no params data found
[ 1673.278558][T22030] netlink: 48 bytes leftover after parsing attributes in process `syz.7.5630'.
[ 1673.374077][T14003] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1674.194796][ T2999] bridge_slave_1: left allmulticast mode
[ 1674.201406][ T2999] bridge_slave_1: left promiscuous mode
[ 1674.208428][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1674.295451][ T2999] bridge_slave_0: left promiscuous mode
[ 1674.302736][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1674.619733][ T5808] Bluetooth: hci0: command tx timeout
[ 1675.507783][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1675.536528][ T2999] bond_slave_0: left allmulticast mode
[ 1675.555790][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1675.569996][ T2999] bond_slave_1: left allmulticast mode
[ 1675.577349][ T2999] bond0 (unregistering): Released all slaves
[ 1675.616073][ T2999] bond1 (unregistering): Released all slaves
[ 1675.718708][ T2999] bond2 (unregistering): Released all slaves
[ 1675.756741][ T2999] bond3 (unregistering): Released all slaves
[ 1675.865520][ T2999] bond4 (unregistering): Released all slaves
[ 1675.942870][ T2999] bond5 (unregistering): Released all slaves
[ 1675.976431][ T2999] bond6 (unregistering): (slave veth5): Releasing backup interface
[ 1675.998641][T22051] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5637'.
[ 1676.023488][ T2999] bond6 (unregistering): Released all slaves
[ 1676.584785][T22004] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1676.596492][T22004] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1676.604843][T22004] bridge_slave_0: entered allmulticast mode
[ 1676.615506][T22004] bridge_slave_0: entered promiscuous mode
[ 1676.630406][ T2999] tipc: Disabling bearer <udp:syz2>
[ 1676.636438][ T2999] tipc: Left network mode
[ 1676.665241][T22004] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1676.673706][T22004] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1676.681897][T22004] bridge_slave_1: entered allmulticast mode
[ 1676.692594][T22004] bridge_slave_1: entered promiscuous mode
[ 1676.702476][ T5808] Bluetooth: hci0: command tx timeout
[ 1677.090813][T22061] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5641'.
[ 1677.181530][T14060] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1677.206080][T14060] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1677.218220][T14060] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1677.240400][T14060] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1677.268625][T14060] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1677.353688][T22004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1677.367707][T22065] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5642'.
[ 1677.527092][ T2999] hsr_slave_0: left promiscuous mode
[ 1677.560248][ T2999] hsr_slave_1: left promiscuous mode
[ 1677.568565][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1677.592148][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1678.233294][ T2999] team0 (unregistering): Port device team_slave_1 removed
[ 1678.371425][ T2999] team0 (unregistering): Port device team_slave_0 removed
[ 1678.637840][ T2999] team0 (unregistering): Port device dummy0 removed
[ 1678.780123][T14060] Bluetooth: hci0: command tx timeout
[ 1678.790325][T22004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1678.857136][T22067] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1679.274149][T22004] team0: Port device team_slave_0 added
[ 1679.339421][T22004] team0: Port device team_slave_1 added
[ 1679.349997][T14060] Bluetooth: hci4: command tx timeout
[ 1679.484686][T22083] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5647'.
[ 1679.992591][T22004] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1680.000866][T22004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1680.027553][T22004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1680.083728][T22004] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1680.097550][T22004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1680.131034][T22004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1680.543029][T22094] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5651'.
[ 1680.571344][T22004] hsr_slave_0: entered promiscuous mode
[ 1680.582428][T22004] hsr_slave_1: entered promiscuous mode
[ 1680.592451][T22004] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1680.600458][T22004] Cannot create hsr debugfs directory
[ 1680.657395][T22096] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5652'.
[ 1680.956375][T22062] chnl_net:caif_netlink_parms(): no params data found
[ 1681.135507][T22102] loop6: detected capacity change from 0 to 8
[ 1681.310545][T22102] SQUASHFS error: Failed to read block 0x63a: -5
[ 1681.317278][T22102] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1681.325469][T22102] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1681.361080][T22107] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1681.406215][T22102] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1681.414421][T22102] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1681.428049][T14060] Bluetooth: hci4: command tx timeout
[ 1681.436257][T22102] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1681.444359][T22102] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1681.494656][T22102] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1681.502931][T22102] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1682.305668][T22119] netlink: 'syz.7.5657': attribute type 10 has an invalid length.
[ 1682.408740][T22119] team0: Port device dummy0 added
[ 1682.538308][T22122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1682.866330][T22062] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1682.874874][T22062] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1682.884752][T22062] bridge_slave_0: entered allmulticast mode
[ 1682.899145][T22062] bridge_slave_0: entered promiscuous mode
[ 1682.920924][T22062] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1682.929338][T22062] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1682.937317][T22062] bridge_slave_1: entered allmulticast mode
[ 1682.947719][T22062] bridge_slave_1: entered promiscuous mode
[ 1683.255540][T22062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1683.285553][T22062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1683.424576][T22004] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1683.486815][T22062] team0: Port device team_slave_0 added
[ 1683.498347][T22004] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1683.499836][T14060] Bluetooth: hci4: command tx timeout
[ 1683.567914][T22062] team0: Port device team_slave_1 added
[ 1683.579661][T22004] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1683.587656][T22133] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5663'.
[ 1683.615623][ T5858] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1683.763153][T22136] team0: Port device dummy0 removed
[ 1683.842038][ T5858] usb 10-1: Using ep0 maxpacket: 16
[ 1683.860192][ T5858] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1683.875099][T22004] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1683.894641][ T5858] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1683.907165][ T5858] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1683.915387][T22138] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5664'.
[ 1684.036840][ T5858] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1684.047799][ T5858] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1684.056810][ T5858] usb 10-1: Product: syz
[ 1684.061529][ T5858] usb 10-1: Manufacturer: syz
[ 1684.066612][ T5858] usb 10-1: SerialNumber: syz
[ 1684.176061][T22062] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1684.183878][T22062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1684.211352][T22062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1684.268327][T22062] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1684.276349][T22062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1684.304642][T22062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1684.396975][ T5858] cdc_ncm 10-1:1.0: bind() failure
[ 1684.417293][ T5858] cdc_ncm 10-1:1.1: CDC Union missing and no IAD found
[ 1684.432023][ T5858] cdc_ncm 10-1:1.1: bind() failure
[ 1684.541745][ T5858] usb 10-1: USB disconnect, device number 6
[ 1684.733483][T22062] hsr_slave_0: entered promiscuous mode
[ 1684.744845][T22062] hsr_slave_1: entered promiscuous mode
[ 1684.754653][T22062] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1684.762772][T22062] Cannot create hsr debugfs directory
[ 1684.815167][T22145] netlink: 'syz.6.5666': attribute type 10 has an invalid length.
[ 1684.875322][T22145] team0: Port device dummy0 added
[ 1685.334680][T22004] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1685.523280][T22004] 8021q: adding VLAN 0 to HW filter on device team0
[ 1685.559640][T22152] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1685.608635][T14060] Bluetooth: hci4: command tx timeout
[ 1685.729770][T13299] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1685.737634][T13299] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1685.886543][T13299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1685.894543][T13299] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1688.003252][T22062] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1688.155513][T22062] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1688.187667][T22062] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1688.244390][T22062] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1688.510637][T22175] netlink: 'syz.6.5675': attribute type 10 has an invalid length.
[ 1689.331784][T22062] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1689.496146][T22062] 8021q: adding VLAN 0 to HW filter on device team0
[ 1689.543947][T22004] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1689.603938][T13299] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1689.611818][T13299] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1689.721897][T13299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1689.729730][T13299] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1690.193194][T22004] veth0_vlan: entered promiscuous mode
[ 1690.242408][T22191] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1690.335717][T22004] veth1_vlan: entered promiscuous mode
[ 1690.641690][T22004] veth0_macvtap: entered promiscuous mode
[ 1690.728625][T22004] veth1_macvtap: entered promiscuous mode
[ 1690.954308][T22004] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1691.005471][T22199] loop6: detected capacity change from 0 to 2048
[ 1691.081563][T22004] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1691.192856][T22004] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.202403][T22004] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.213609][T22004] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.224527][T22004] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1691.271539][T22199] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1691.522926][T22206] netlink: 'syz.7.5685': attribute type 10 has an invalid length.
[ 1691.549737][T22206] team0: Port device dummy0 added
[ 1692.079918][T22062] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1693.633798][T22234] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1693.741409][T22234] tipc: Resetting bearer <eth:syzkaller0>
[ 1693.808656][T22233] tipc: Disabling bearer <eth:syzkaller0>
[ 1694.263790][T22244] netlink: 'syz.7.5696': attribute type 10 has an invalid length.
[ 1694.729577][T22062] veth0_vlan: entered promiscuous mode
[ 1694.834979][T22062] veth1_vlan: entered promiscuous mode
[ 1695.096673][T22250] 9pnet: Could not find request transport: f
[ 1695.211872][T22062] veth0_macvtap: entered promiscuous mode
[ 1695.301317][T22062] veth1_macvtap: entered promiscuous mode
[ 1695.510217][T22062] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1695.608625][T22062] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1695.670440][T22062] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1695.679722][T22062] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1695.689179][T22062] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1695.698302][T22062] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1696.363261][T22269] bond0: entered promiscuous mode
[ 1696.368682][T22269] bond_slave_0: entered promiscuous mode
[ 1696.376054][T22269] bond_slave_1: entered promiscuous mode
[ 1696.391219][T22269] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1696.825973][T22272] loop9: detected capacity change from 0 to 2048
[ 1696.989667][T22272] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1697.053633][T22281] netlink: 'syz.7.5707': attribute type 10 has an invalid length.
[ 1697.164652][   T30] audit: type=1800 audit(1752983273.622:3604): pid=22272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5705" name="bus" dev="loop9" ino=18 res=0 errno=0
[ 1697.550029][T20495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1697.980813][T22294] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5709'.
[ 1698.250837][ T2999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1698.259647][ T2999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1698.409841][T13299] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1698.418244][T13299] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1698.986212][T22304] netlink: 24 bytes leftover after parsing attributes in process `syz.9.5713'.
[ 1699.553074][T22313] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5715'.
[ 1699.566323][T22313] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1699.809514][T22320] netlink: 'syz.9.5717': attribute type 10 has an invalid length.
[ 1701.009688][T22318] loop3: detected capacity change from 0 to 40427
[ 1701.057577][T22318] F2FS-fs (loop3): build fault injection rate: 690
[ 1701.066135][T22318] F2FS-fs (loop3): Image doesn't support compression
[ 1701.074210][T22318] F2FS-fs (loop3): Image doesn't support compression
[ 1701.086059][T22318] F2FS-fs (loop3): invalid crc value
[ 1701.467168][T22318] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1701.521606][T22335] netlink: 244 bytes leftover after parsing attributes in process `syz.6.5723'.
[ 1701.652313][T22004] bio_check_eod: 4 callbacks suppressed
[ 1701.652430][T22004] syz-executor: attempt to access beyond end of device
[ 1701.652430][T22004] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[ 1701.673852][T22004] CPU: 0 UID: 0 PID: 22004 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none) 
[ 1701.674039][T22004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1701.674151][T22004] Call Trace:
[ 1701.674221][T22004]  <TASK>
[ 1701.674286][T22004]  __dump_stack+0x26/0x30
[ 1701.674499][T22004]  dump_stack_lvl+0x1df/0x270
[ 1701.674727][T22004]  dump_stack+0x1e/0x25
[ 1701.674920][T22004]  f2fs_handle_critical_error+0xa6f/0xc20
[ 1701.675165][T22004]  f2fs_stop_checkpoint+0x65/0x80
[ 1701.675364][T22004]  f2fs_write_end_io+0xb4b/0x1920
[ 1701.675592][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1701.675806][T22004]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1701.676010][T22004]  bio_endio+0xe27/0xf80
[ 1701.676263][T22004]  submit_bio_noacct+0x214/0x2710
[ 1701.676523][T22004]  submit_bio+0x5a9/0x5d0
[ 1701.676717][T22004]  f2fs_submit_write_bio+0x92/0x250
[ 1701.676904][T22004]  __submit_merged_bio+0x16f/0x6a0
[ 1701.677088][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1701.677291][T22004]  __submit_merged_write_cond+0x458/0x9a0
[ 1701.677504][T22004]  f2fs_write_data_pages+0x4bb2/0x5480
[ 1701.677811][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1701.678037][T22004]  ? blk_add_trace_split+0x330/0x4b0
[ 1701.678225][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1701.678407][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1701.678607][T22004]  ? free_unref_folios+0x2a2b/0x2aa0
[ 1701.678829][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1701.679033][T22004]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[ 1701.679274][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1701.679456][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1701.679662][T22004]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1701.679860][T22004]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1701.680058][T22004]  do_writepages+0x3ef/0x860
[ 1701.680300][T22004]  ? _raw_spin_unlock+0x30/0x50
[ 1701.680524][T22004]  ? wbc_attach_and_unlock_inode+0x131/0x680
[ 1701.680779][T22004]  filemap_fdatawrite+0x207/0x260
[ 1701.681039][T22004]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[ 1701.681302][T22004]  f2fs_write_checkpoint+0xfe2/0x2b00
[ 1701.681692][T22004]  kill_f2fs_super+0x2ff/0x970
[ 1701.681944][T22004]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1701.682159][T22004]  deactivate_locked_super+0xc8/0x3c0
[ 1701.682428][T22004]  deactivate_super+0x12f/0x140
[ 1701.682679][T22004]  cleanup_mnt+0x6fb/0x780
[ 1701.682883][T22004]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[ 1701.683151][T22004]  ? __pfx___cleanup_mnt+0x10/0x10
[ 1701.683368][T22004]  __cleanup_mnt+0x22/0x30
[ 1701.683579][T22004]  task_work_run+0x206/0x2b0
[ 1701.683792][T22004]  exit_to_user_mode_loop+0x2a6/0x330
[ 1701.684016][T22004]  do_syscall_64+0x1e3/0x210
[ 1701.684202][T22004]  ? irqentry_exit+0x16/0x60
[ 1701.684369][T22004]  ? clear_bhb_loop+0x40/0x90
[ 1701.684569][T22004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1701.684771][T22004] RIP: 0033:0x7fa80ad8fcd7
[ 1701.684906][T22004] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1701.685057][T22004] RSP: 002b:00007ffea91072e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1701.685216][T22004] RAX: 0000000000000000 RBX: 00007fa80ae10b55 RCX: 00007fa80ad8fcd7
[ 1701.685332][T22004] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea91073a0
[ 1701.685442][T22004] RBP: 00007ffea91073a0 R08: 0000000000000000 R09: 0000000000000000
[ 1701.685566][T22004] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea9108430
[ 1701.685677][T22004] R13: 00007fa80ae10b55 R14: 000000000019f6a4 R15: 00007ffea9108470
[ 1701.685821][T22004]  </TASK>
[ 1702.047592][T22004] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1702.055084][T22004] CPU: 0 UID: 0 PID: 22004 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none) 
[ 1702.055274][T22004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1702.055387][T22004] Call Trace:
[ 1702.055452][T22004]  <TASK>
[ 1702.055518][T22004]  __dump_stack+0x26/0x30
[ 1702.055746][T22004]  dump_stack_lvl+0x1df/0x270
[ 1702.055970][T22004]  dump_stack+0x1e/0x25
[ 1702.056172][T22004]  f2fs_handle_critical_error+0xa6f/0xc20
[ 1702.056446][T22004]  f2fs_stop_checkpoint+0x65/0x80
[ 1702.056665][T22004]  f2fs_write_end_io+0xb4b/0x1920
[ 1702.056926][T22004]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1702.057135][T22004]  bio_endio+0xe27/0xf80
[ 1702.057399][T22004]  submit_bio_noacct+0x214/0x2710
[ 1702.057645][T22004]  submit_bio+0x5a9/0x5d0
[ 1702.057832][T22004]  f2fs_submit_write_bio+0x92/0x250
[ 1702.058028][T22004]  __submit_merged_bio+0x16f/0x6a0
[ 1702.058221][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1702.058446][T22004]  __submit_merged_write_cond+0x458/0x9a0
[ 1702.058674][T22004]  f2fs_write_data_pages+0x4bb2/0x5480
[ 1702.058981][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.059207][T22004]  ? blk_add_trace_split+0x330/0x4b0
[ 1702.059393][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.059584][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1702.059787][T22004]  ? free_unref_folios+0x2a2b/0x2aa0
[ 1702.060019][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.060234][T22004]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[ 1702.060496][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.060675][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1702.060855][T22004]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1702.061053][T22004]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1702.061268][T22004]  do_writepages+0x3ef/0x860
[ 1702.061503][T22004]  ? _raw_spin_unlock+0x30/0x50
[ 1702.061720][T22004]  ? wbc_attach_and_unlock_inode+0x131/0x680
[ 1702.061954][T22004]  filemap_fdatawrite+0x207/0x260
[ 1702.062229][T22004]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[ 1702.062476][T22004]  f2fs_write_checkpoint+0xfe2/0x2b00
[ 1702.062846][T22004]  kill_f2fs_super+0x2ff/0x970
[ 1702.063082][T22004]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1702.063293][T22004]  deactivate_locked_super+0xc8/0x3c0
[ 1702.063542][T22004]  deactivate_super+0x12f/0x140
[ 1702.063777][T22004]  cleanup_mnt+0x6fb/0x780
[ 1702.063970][T22004]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[ 1702.064219][T22004]  ? __pfx___cleanup_mnt+0x10/0x10
[ 1702.064420][T22004]  __cleanup_mnt+0x22/0x30
[ 1702.064620][T22004]  task_work_run+0x206/0x2b0
[ 1702.064820][T22004]  exit_to_user_mode_loop+0x2a6/0x330
[ 1702.065030][T22004]  do_syscall_64+0x1e3/0x210
[ 1702.065210][T22004]  ? irqentry_exit+0x16/0x60
[ 1702.065358][T22004]  ? clear_bhb_loop+0x40/0x90
[ 1702.065535][T22004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.065721][T22004] RIP: 0033:0x7fa80ad8fcd7
[ 1702.065841][T22004] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1702.065979][T22004] RSP: 002b:00007ffea91072e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1702.066129][T22004] RAX: 0000000000000000 RBX: 00007fa80ae10b55 RCX: 00007fa80ad8fcd7
[ 1702.066239][T22004] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea91073a0
[ 1702.066337][T22004] RBP: 00007ffea91073a0 R08: 0000000000000000 R09: 0000000000000000
[ 1702.066440][T22004] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea9108430
[ 1702.066546][T22004] R13: 00007fa80ae10b55 R14: 000000000019f6a4 R15: 00007ffea9108470
[ 1702.066699][T22004]  </TASK>
[ 1702.423977][T22004] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1702.432679][T22004] CPU: 0 UID: 0 PID: 22004 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none) 
[ 1702.432879][T22004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1702.432994][T22004] Call Trace:
[ 1702.433063][T22004]  <TASK>
[ 1702.433129][T22004]  __dump_stack+0x26/0x30
[ 1702.433367][T22004]  dump_stack_lvl+0x1df/0x270
[ 1702.433603][T22004]  dump_stack+0x1e/0x25
[ 1702.433812][T22004]  f2fs_handle_critical_error+0xa6f/0xc20
[ 1702.434076][T22004]  f2fs_stop_checkpoint+0x65/0x80
[ 1702.434289][T22004]  f2fs_write_end_io+0xb4b/0x1920
[ 1702.434561][T22004]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1702.434778][T22004]  bio_endio+0xe27/0xf80
[ 1702.435049][T22004]  submit_bio_noacct+0x214/0x2710
[ 1702.435289][T22004]  submit_bio+0x5a9/0x5d0
[ 1702.435490][T22004]  f2fs_submit_write_bio+0x92/0x250
[ 1702.435695][T22004]  __submit_merged_bio+0x16f/0x6a0
[ 1702.435905][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1702.436115][T22004]  __submit_merged_write_cond+0x458/0x9a0
[ 1702.436366][T22004]  f2fs_write_data_pages+0x4bb2/0x5480
[ 1702.436676][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.436915][T22004]  ? blk_add_trace_split+0x330/0x4b0
[ 1702.437102][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.437287][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1702.437494][T22004]  ? free_unref_folios+0x2a2b/0x2aa0
[ 1702.437737][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.437972][T22004]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[ 1702.438218][T22004]  ? kmsan_get_metadata+0xfb/0x160
[ 1702.438404][T22004]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1702.438583][T22004]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1702.438772][T22004]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1702.438962][T22004]  do_writepages+0x3ef/0x860
[ 1702.439196][T22004]  ? _raw_spin_unlock+0x30/0x50
[ 1702.439426][T22004]  ? wbc_attach_and_unlock_inode+0x131/0x680
[ 1702.439667][T22004]  filemap_fdatawrite+0x207/0x260
[ 1702.439946][T22004]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[ 1702.440209][T22004]  f2fs_write_checkpoint+0xfe2/0x2b00
[ 1702.440583][T22004]  kill_f2fs_super+0x2ff/0x970
[ 1702.440818][T22004]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1702.441049][T22004]  deactivate_locked_super+0xc8/0x3c0
[ 1702.441309][T22004]  deactivate_super+0x12f/0x140
[ 1702.441539][T22004]  cleanup_mnt+0x6fb/0x780
[ 1702.441735][T22004]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[ 1702.441987][T22004]  ? __pfx___cleanup_mnt+0x10/0x10
[ 1702.442187][T22004]  __cleanup_mnt+0x22/0x30
[ 1702.442388][T22004]  task_work_run+0x206/0x2b0
[ 1702.442588][T22004]  exit_to_user_mode_loop+0x2a6/0x330
[ 1702.442797][T22004]  do_syscall_64+0x1e3/0x210
[ 1702.442974][T22004]  ? irqentry_exit+0x16/0x60
[ 1702.443127][T22004]  ? clear_bhb_loop+0x40/0x90
[ 1702.443308][T22004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.443486][T22004] RIP: 0033:0x7fa80ad8fcd7
[ 1702.443606][T22004] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1702.443740][T22004] RSP: 002b:00007ffea91072e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1702.443888][T22004] RAX: 0000000000000000 RBX: 00007fa80ae10b55 RCX: 00007fa80ad8fcd7
[ 1702.443992][T22004] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea91073a0
[ 1702.444093][T22004] RBP: 00007ffea91073a0 R08: 0000000000000000 R09: 0000000000000000
[ 1702.444190][T22004] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea9108430
[ 1702.444298][T22004] R13: 00007fa80ae10b55 R14: 000000000019f6a4 R15: 00007ffea9108470
[ 1702.444446][T22004]  </TASK>
[ 1702.798213][T22004] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1703.904328][T22341] netlink: 24 bytes leftover after parsing attributes in process `syz.9.5726'.
[ 1704.334051][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 1704.993710][T22351] netlink: 'syz.9.5730': attribute type 10 has an invalid length.
[ 1705.739527][T22361] loop6: detected capacity change from 0 to 512
[ 1706.032184][T22361] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1706.045843][T22361] ext4 filesystem being mounted at /525/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1706.079888][T21133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1706.088104][T21133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1706.286578][T21133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1706.294938][T21133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1706.951941][T14719] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[ 1707.009933][T14719] EXT4-fs (loop6): Remounting filesystem read-only
[ 1707.719269][T18667] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1707.892896][T22386] netlink: 'syz.3.5742': attribute type 10 has an invalid length.
[ 1707.936123][T22386] team0: Port device dummy0 added
[ 1708.752754][T21133] bond6 (unregistering): (slave gretap2): Releasing backup interface
[ 1708.805029][T21133] gretap2 (unregistering): left promiscuous mode
[ 1708.811942][T21133] gretap2 (unregistering): left allmulticast mode
[ 1708.967189][T21133] bond0 (unregistering): Released all slaves
[ 1709.014778][T21133] bond1 (unregistering): Released all slaves
[ 1709.098400][T21133] bond2 (unregistering): Released all slaves
[ 1709.154374][T21133] bond3 (unregistering): Released all slaves
[ 1709.184840][T21133] bond4 (unregistering): Released all slaves
[ 1709.210673][T21133] bond5 (unregistering): Released all slaves
[ 1709.335112][T21133] bond6 (unregistering): Released all slaves
[ 1709.368275][T21133] bond7 (unregistering): (slave veth5): Releasing backup interface
[ 1709.391780][T21133] bond7 (unregistering): Released all slaves
[ 1709.564433][T21133] tipc: Left network mode
[ 1709.787918][T21133] hsr_slave_0: left promiscuous mode
[ 1709.808191][T21133] hsr_slave_1: left promiscuous mode
[ 1710.483981][T21133] team0 (unregistering): Port device dummy0 removed
[ 1710.859188][T11091] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 1711.489432][T11091] usb 5-1: Using ep0 maxpacket: 16
[ 1711.508161][T11091] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1711.558543][T11091] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1711.569805][T11091] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1711.625972][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1711.654360][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1711.672894][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1711.682388][T11091] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1711.692160][T11091] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1711.700802][T11091] usb 5-1: Product: syz
[ 1711.705278][T11091] usb 5-1: Manufacturer: syz
[ 1711.710338][T11091] usb 5-1: SerialNumber: syz
[ 1711.725444][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1711.738413][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1712.018263][T11091] cdc_ncm 5-1:1.0: bind() failure
[ 1712.038681][T11091] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1712.046146][T11091] cdc_ncm 5-1:1.1: bind() failure
[ 1712.059756][T22409] loop3: detected capacity change from 0 to 2048
[ 1712.172634][T11091] usb 5-1: USB disconnect, device number 2
[ 1712.210617][T22409] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1712.422729][   T30] audit: type=1800 audit(1752983288.882:3605): pid=22409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5754" name="bus" dev="loop3" ino=18 res=0 errno=0
[ 1712.846907][T22004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1712.974543][T22410] chnl_net:caif_netlink_parms(): no params data found
[ 1713.487335][T22434] loop9: detected capacity change from 0 to 128
[ 1713.569063][   T30] audit: type=1800 audit(1752983290.032:3606): pid=22434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.5762" name="file1" dev="loop9" ino=1048779 res=0 errno=0
[ 1713.820823][T14060] Bluetooth: hci2: command tx timeout
[ 1713.854917][T22439] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5763'.
[ 1714.232627][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.232627][T22434] loop9: rw=2049, sector=140, nr_sectors = 8 limit=128
[ 1714.247616][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.247616][T22434] loop9: rw=2049, sector=156, nr_sectors = 1 limit=128
[ 1714.261932][T22434] buffer_io_error: 2 callbacks suppressed
[ 1714.262017][T22434] Buffer I/O error on dev loop9, logical block 156, lost async page write
[ 1714.277079][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.277079][T22434] loop9: rw=2049, sector=157, nr_sectors = 1 limit=128
[ 1714.291246][T22434] Buffer I/O error on dev loop9, logical block 157, lost async page write
[ 1714.305834][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.305834][T22434] loop9: rw=2049, sector=158, nr_sectors = 1 limit=128
[ 1714.309528][T11091] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1714.321454][T22434] Buffer I/O error on dev loop9, logical block 158, lost async page write
[ 1714.337238][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.337238][T22434] loop9: rw=2049, sector=159, nr_sectors = 1 limit=128
[ 1714.351384][T22434] Buffer I/O error on dev loop9, logical block 159, lost async page write
[ 1714.360590][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.360590][T22434] loop9: rw=2049, sector=160, nr_sectors = 1 limit=128
[ 1714.374843][T22434] Buffer I/O error on dev loop9, logical block 160, lost async page write
[ 1714.385191][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.385191][T22434] loop9: rw=2049, sector=161, nr_sectors = 1 limit=128
[ 1714.399326][T22434] Buffer I/O error on dev loop9, logical block 161, lost async page write
[ 1714.415009][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.415009][T22434] loop9: rw=2049, sector=132, nr_sectors = 1 limit=128
[ 1714.431015][T22434] Buffer I/O error on dev loop9, logical block 132, lost async page write
[ 1714.440487][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.440487][T22434] loop9: rw=2049, sector=133, nr_sectors = 1 limit=128
[ 1714.454512][T22434] Buffer I/O error on dev loop9, logical block 133, lost async page write
[ 1714.465277][T22434] syz.9.5762: attempt to access beyond end of device
[ 1714.465277][T22434] loop9: rw=2049, sector=150, nr_sectors = 1 limit=128
[ 1714.479318][T22434] Buffer I/O error on dev loop9, logical block 150, lost async page write
[ 1714.488345][T22434] Buffer I/O error on dev loop9, logical block 151, lost async page write
[ 1714.681227][T11091] usb 5-1: Using ep0 maxpacket: 32
[ 1714.699869][T11091] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[ 1714.708479][T11091] usb 5-1: config 0 has no interface number 0
[ 1714.769884][T11091] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1714.779557][T11091] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1714.787909][T11091] usb 5-1: Product: syz
[ 1714.792679][T11091] usb 5-1: Manufacturer: syz
[ 1714.797628][T11091] usb 5-1: SerialNumber: syz
[ 1714.833366][T11091] usb 5-1: config 0 descriptor??
[ 1714.921820][T22410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1714.931266][T22410] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1714.939605][T22410] bridge_slave_0: entered allmulticast mode
[ 1714.950417][T22410] bridge_slave_0: entered promiscuous mode
[ 1714.994991][T22410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1715.003682][T22410] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1715.011962][T22410] bridge_slave_1: entered allmulticast mode
[ 1715.030640][T22410] bridge_slave_1: entered promiscuous mode
[ 1715.416983][T11091] usb 5-1: USB disconnect, device number 3
[ 1715.423351][T22410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1715.484329][T22410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1715.766460][T22410] team0: Port device team_slave_0 added
[ 1715.803617][T22410] team0: Port device team_slave_1 added
[ 1715.919294][ T5808] Bluetooth: hci2: command tx timeout
[ 1716.069060][T22410] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1716.076635][T22410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1716.103843][T22410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1716.168253][T22410] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1716.176062][T22410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1716.203070][T22410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1716.708439][T22410] hsr_slave_0: entered promiscuous mode
[ 1716.720450][T22410] hsr_slave_1: entered promiscuous mode
[ 1717.202677][T22463] netlink: 'syz.4.5773': attribute type 29 has an invalid length.
[ 1717.265431][T22466] netlink: 'syz.4.5773': attribute type 29 has an invalid length.
[ 1717.320839][T22463] netlink: 500 bytes leftover after parsing attributes in process `syz.4.5773'.
[ 1717.522208][T22468] binder: BINDER_SET_CONTEXT_MGR already set
[ 1717.528552][T22468] binder: 22467:22468 ioctl 40046207 0 returned -16
[ 1717.979739][ T5808] Bluetooth: hci2: command tx timeout
[ 1718.630412][T22478] 9pnet_fd: Insufficient options for proto=fd
[ 1718.652353][T22479] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5780'.
[ 1718.661849][T22410] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1718.769484][T22410] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1718.830962][T22410] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1718.911162][T22410] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1720.054099][T22410] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1720.061476][ T5808] Bluetooth: hci2: command tx timeout
[ 1720.186351][T22410] 8021q: adding VLAN 0 to HW filter on device team0
[ 1720.234890][T20770] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1720.242831][T20770] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1720.362607][T20770] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1720.370424][T20770] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1721.772987][T22511] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5791'.
[ 1722.199683][T22410] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1722.262708][T22517] bond0: option ad_select: unable to set because the bond device is up
[ 1722.668323][T22410] veth0_vlan: entered promiscuous mode
[ 1722.783818][T22410] veth1_vlan: entered promiscuous mode
[ 1723.087782][T22410] veth0_macvtap: entered promiscuous mode
[ 1723.134076][T22410] veth1_macvtap: entered promiscuous mode
[ 1723.295832][T22410] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1723.410268][T22410] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1723.526589][T22410] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.536065][T22410] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.548179][T22410] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1723.557712][T22410] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1724.092902][T22532] netlink: 'syz.4.5800': attribute type 29 has an invalid length.
[ 1724.210829][T22532] netlink: 'syz.4.5800': attribute type 29 has an invalid length.
[ 1724.934339][T22542] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5803'.
[ 1725.183901][T22545] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5804'.
[ 1725.607041][T22550] loop3: detected capacity change from 0 to 512
[ 1725.819165][T22550] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1725.968036][T22550] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[ 1726.081218][T22550] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1726.103115][T22550] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5805: bg 0: block 361: padding at end of block bitmap is not set
[ 1726.208244][T22550] EXT4-fs (loop3): Remounting filesystem read-only
[ 1726.227049][T22550] EXT4-fs (loop3): 1 truncate cleaned up
[ 1726.236349][T22550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 1726.461440][T22550] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5805: dx entry: limit 0 != root limit 125
[ 1726.475458][T22550] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5805: Corrupt directory, running e2fsck is recommended
[ 1726.659224][T22559] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5805: dx entry: limit 0 != root limit 125
[ 1726.671999][T22559] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5805: Corrupt directory, running e2fsck is recommended
[ 1726.941430][T22550] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5805: dx entry: limit 0 != root limit 125
[ 1726.955014][T22550] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5805: Corrupt directory, running e2fsck is recommended
[ 1727.097027][T22559] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5805: dx entry: limit 0 != root limit 125
[ 1727.109521][T22559] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5805: Corrupt directory, running e2fsck is recommended
[ 1727.311369][T22563] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5805: dx entry: limit 0 != root limit 125
[ 1727.323752][T22563] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5805: Corrupt directory, running e2fsck is recommended
[ 1727.451389][T22568] loop4: detected capacity change from 0 to 512
[ 1727.593817][T22568] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1727.608066][T22568] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1727.853171][T22568] Quota error (device loop4): do_check_range: Getting dqdh_next_free 2741 out of range 0-6
[ 1727.864395][T22568] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[ 1727.875062][T22568] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5809: Failed to acquire dquot type 0
[ 1728.092797][T22579] bond6: entered promiscuous mode
[ 1728.098521][T22579] bond6: entered allmulticast mode
[ 1728.105798][T22579] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1728.184512][T22004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1728.257120][T22062] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1728.599193][T22208] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1728.834166][T22208] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1728.848312][T22208] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1728.903835][T22208] usb 10-1: config 0 descriptor??
[ 1728.929070][T22208] cp210x 10-1:0.0: cp210x converter detected
[ 1729.186589][T22208] cp210x 10-1:0.0: failed to get vendor val 0x370b size 1: -121
[ 1729.195444][T22208] cp210x 10-1:0.0: querying part number failed
[ 1729.371259][T22208] usb 10-1: cp210x converter now attached to ttyUSB0
[ 1730.516312][ T2999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1730.524734][ T2999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1730.768554][T21127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1730.778678][T21127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1731.365873][T22612] netlink: 'syz.7.5822': attribute type 29 has an invalid length.
[ 1731.444112][T22612] netlink: 'syz.7.5822': attribute type 29 has an invalid length.
[ 1731.569585][T22616] loop2: detected capacity change from 0 to 512
[ 1731.703578][T22208] usb 10-1: USB disconnect, device number 7
[ 1731.717617][T22619] loop3: detected capacity change from 0 to 512
[ 1731.762786][T22208] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1731.776800][T22208] cp210x 10-1:0.0: device disconnected
[ 1731.855815][T22618] loop4: detected capacity change from 0 to 512
[ 1731.897855][T22619] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1731.911599][T22619] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1731.981329][T22616] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1731.994977][T22616] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1732.044301][T22618] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1732.100150][T22619] Quota error (device loop3): do_check_range: Getting dqdh_next_free 2741 out of range 0-6
[ 1732.112032][T22619] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[ 1732.123972][T22619] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5824: Failed to acquire dquot type 0
[ 1732.206304][T22618] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[ 1732.218324][T22628] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5826'.
[ 1732.229600][T22628] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5826'.
[ 1732.241235][T22628] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5826'.
[ 1732.299723][T22618] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1732.417263][T22618] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5823: bg 0: block 361: padding at end of block bitmap is not set
[ 1732.560136][T22618] EXT4-fs (loop4): Remounting filesystem read-only
[ 1732.599620][T22618] EXT4-fs (loop4): 1 truncate cleaned up
[ 1732.610175][T22618] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 1732.657600][T22004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1732.818400][T22634] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5823: dx entry: limit 0 != root limit 125
[ 1732.831196][T22634] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5823: Corrupt directory, running e2fsck is recommended
[ 1732.957949][T22618] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5823: dx entry: limit 0 != root limit 125
[ 1732.971013][T22618] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5823: Corrupt directory, running e2fsck is recommended
[ 1733.339109][T22636] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5823: dx entry: limit 0 != root limit 125
[ 1733.352843][T22636] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5823: Corrupt directory, running e2fsck is recommended
[ 1733.394468][T22642] netlink: 'syz.3.5827': attribute type 4 has an invalid length.
[ 1733.435170][T22410] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[ 1733.510206][T22410] EXT4-fs (loop2): Remounting filesystem read-only
[ 1733.548319][T22634] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5823: dx entry: limit 0 != root limit 125
[ 1733.567300][T22634] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5823: Corrupt directory, running e2fsck is recommended
[ 1733.796721][T22640] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5823: dx entry: limit 0 != root limit 125
[ 1733.809488][T22640] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5823: Corrupt directory, running e2fsck is recommended
[ 1734.235551][T22410] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1734.372670][T21127] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1734.408057][T22062] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1734.492946][T21127] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1734.540096][ T5808] Bluetooth: hci3: hardware error 0xd7
[ 1734.675907][T21127] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1734.898233][T21127] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1735.239141][T22653] 9pnet: Could not find request transport: f
[ 1735.248075][T21127] bridge_slave_1: left allmulticast mode
[ 1735.254525][T21127] bridge_slave_1: left promiscuous mode
[ 1735.263250][T21127] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1735.288241][T21127] bridge_slave_0: left allmulticast mode
[ 1735.302524][T21127] bridge_slave_0: left promiscuous mode
[ 1735.309814][T21127] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1735.915937][T21127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1735.949438][T21127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1735.968138][T21127] bond0 (unregistering): Released all slaves
[ 1736.438383][T21127] hsr_slave_0: left promiscuous mode
[ 1736.460527][T21127] hsr_slave_1: left promiscuous mode
[ 1736.470634][T21127] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1736.478920][T21127] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1736.490542][T21127] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1736.498562][T21127] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1736.531526][T21127] veth1_macvtap: left promiscuous mode
[ 1736.537464][T21127] veth0_macvtap: left promiscuous mode
[ 1736.544470][T21127] veth1_vlan: left promiscuous mode
[ 1736.550323][T21127] veth0_vlan: left promiscuous mode
[ 1736.699721][ T5808] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1737.216146][T22660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5838'.
[ 1737.225728][T22660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5838'.
[ 1737.235489][T22660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5838'.
[ 1737.526523][T22668] 9pnet_fd: Insufficient options for proto=fd
[ 1737.582946][T14060] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1737.592982][T14060] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1737.603157][T14060] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1737.618209][T14060] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1737.717170][T14060] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1737.836723][T22672] netlink: 'syz.7.5842': attribute type 4 has an invalid length.
[ 1738.251386][T21127] team0 (unregistering): Port device team_slave_1 removed
[ 1738.291296][T21127] team0 (unregistering): Port device team_slave_0 removed
[ 1738.330763][   T30] audit: type=1326 audit(1752983314.792:3607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22673 comm="syz.9.5843" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fbfb6785967 code=0x0
[ 1739.361572][T22682] loop4: detected capacity change from 0 to 512
[ 1739.410691][T22683] syz_tun: entered allmulticast mode
[ 1739.436932][T22682] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1739.529314][T22681] syz_tun: left allmulticast mode
[ 1739.540212][T22682] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[ 1739.550010][T22682] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1739.561628][T22682] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.5845: bg 0: block 361: padding at end of block bitmap is not set
[ 1739.581704][T22682] EXT4-fs (loop4): Remounting filesystem read-only
[ 1739.670240][T22682] EXT4-fs (loop4): 1 truncate cleaned up
[ 1739.679168][T22682] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 1739.950818][T22682] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5845: dx entry: limit 0 != root limit 125
[ 1739.963649][T22682] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5845: Corrupt directory, running e2fsck is recommended
[ 1740.063878][ T5808] Bluetooth: hci2: command tx timeout
[ 1740.181719][T22696] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5845: dx entry: limit 0 != root limit 125
[ 1740.194323][T22696] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5845: Corrupt directory, running e2fsck is recommended
[ 1740.290511][T22667] chnl_net:caif_netlink_parms(): no params data found
[ 1740.291615][T22682] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5845: dx entry: limit 0 != root limit 125
[ 1740.310171][T22682] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5845: Corrupt directory, running e2fsck is recommended
[ 1740.550061][T22696] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5845: dx entry: limit 0 != root limit 125
[ 1740.562966][T22696] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5845: Corrupt directory, running e2fsck is recommended
[ 1740.831596][T22697] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5845: dx entry: limit 0 != root limit 125
[ 1740.844439][T22697] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5845: Corrupt directory, running e2fsck is recommended
[ 1741.006655][T22701] 9pnet: Could not find request transport: f
[ 1741.478224][T22712] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5853'.
[ 1741.488087][T22712] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5853'.
[ 1741.497756][T22712] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5853'.
[ 1741.537100][T22062] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1741.835365][ T5808] Bluetooth: hci4: hardware error 0xd7
[ 1742.146992][T14060] Bluetooth: hci2: command tx timeout
[ 1742.319251][T22667] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1742.327146][T22667] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1742.335352][T22667] bridge_slave_0: entered allmulticast mode
[ 1742.345607][T22667] bridge_slave_0: entered promiscuous mode
[ 1742.386421][T22722] netlink: 'syz.9.5857': attribute type 4 has an invalid length.
[ 1742.455564][T22667] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1742.463617][T22667] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1742.472127][T22667] bridge_slave_1: entered allmulticast mode
[ 1742.483012][T22667] bridge_slave_1: entered promiscuous mode
[ 1742.861975][T22667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1742.910663][T22667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1743.145448][T22667] team0: Port device team_slave_0 added
[ 1743.241757][T22667] team0: Port device team_slave_1 added
[ 1743.401520][T22735] 9pnet: Could not find request transport: f
[ 1743.604265][T22667] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1743.611894][T22667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1743.639751][T22667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1743.757839][T22667] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1743.765262][T22667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1743.797697][T22667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1743.927577][T22744] fuse: Bad value for 'fd'
[ 1743.936112][ T5808] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1743.954244][T22743] loop3: detected capacity change from 0 to 512
[ 1744.016387][T22743] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1744.033788][T22743] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[ 1744.066254][T22743] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1744.241139][ T5808] Bluetooth: hci2: command tx timeout
[ 1744.319984][T22743] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5864: bg 0: block 361: padding at end of block bitmap is not set
[ 1744.376684][T22743] EXT4-fs (loop3): Remounting filesystem read-only
[ 1744.419346][T22208] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1744.431203][T22667] hsr_slave_0: entered promiscuous mode
[ 1744.442447][T22667] hsr_slave_1: entered promiscuous mode
[ 1744.524400][T22743] EXT4-fs (loop3): 1 truncate cleaned up
[ 1744.649352][T22743] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 1744.756295][T22208] usb 5-1: Using ep0 maxpacket: 16
[ 1744.809715][T22208] usb 5-1: unable to get BOS descriptor set
[ 1744.832111][T22208] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1744.842736][T22208] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[ 1744.864965][T22743] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5864: dx entry: limit 0 != root limit 125
[ 1744.878000][T22743] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5864: Corrupt directory, running e2fsck is recommended
[ 1744.882535][T22208] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1744.901919][T22208] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1744.906967][ T5808] Bluetooth: hci1: hardware error 0xd7
[ 1744.910326][T22208] usb 5-1: Product: syz
[ 1744.910469][T22208] usb 5-1: Manufacturer: syz
[ 1744.910619][T22208] usb 5-1: SerialNumber: syz
[ 1745.020380][T22743] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5864: dx entry: limit 0 != root limit 125
[ 1745.033321][T22743] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5864: Corrupt directory, running e2fsck is recommended
[ 1745.061942][T22754] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5864: dx entry: limit 0 != root limit 125
[ 1745.074575][T22754] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5864: Corrupt directory, running e2fsck is recommended
[ 1745.103060][T22743] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5864: dx entry: limit 0 != root limit 125
[ 1745.117408][T22743] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5864: Corrupt directory, running e2fsck is recommended
[ 1745.231906][T22756] netlink: 32 bytes leftover after parsing attributes in process `syz.9.5870'.
[ 1745.327107][T22754] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.5864: dx entry: limit 0 != root limit 125
[ 1745.341193][T22754] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.5864: Corrupt directory, running e2fsck is recommended
[ 1745.393387][T22208] cdc_ncm 5-1:1.0: bind() failure
[ 1745.434489][T22208] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1745.445661][T22208] cdc_ncm 5-1:1.1: bind() failure
[ 1745.570438][T22208] usb 5-1: USB disconnect, device number 4
[ 1745.826586][T22759] bond7: entered promiscuous mode
[ 1745.832241][T22759] bond7: entered allmulticast mode
[ 1745.839753][T22759] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1745.863464][T22004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1746.300267][T14060] Bluetooth: hci2: command tx timeout
[ 1746.304067][T22765] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5874'.
[ 1746.324665][T22765] net_ratelimit: 11 callbacks suppressed
[ 1746.324762][T22765] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1746.689585][T22667] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1746.750781][T22667] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1746.838984][T22667] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1746.934368][T22667] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1746.942011][ T5808] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1747.032422][T22770] 9pnet: Could not find request transport: f
[ 1747.880482][T22789] netlink: 32 bytes leftover after parsing attributes in process `syz.9.5881'.
[ 1748.100486][T22667] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1748.293908][T22667] 8021q: adding VLAN 0 to HW filter on device team0
[ 1748.370393][T21145] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1748.378393][T21145] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1748.437732][T21145] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1748.445608][T21145] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1748.587741][T22796] 9pnet_fd: Insufficient options for proto=fd
[ 1748.637158][T22794] loop4: detected capacity change from 0 to 16
[ 1748.696017][T22794] erofs (device loop4): mounted with root inode @ nid 36.
[ 1748.897416][T22793] erofs (device loop4): inline data across blocks @ nid 36
[ 1748.905490][T22793] bio_check_eod: 9 callbacks suppressed
[ 1748.905581][T22793] syz.4.5884: attempt to access beyond end of device
[ 1748.905581][T22793] loop4: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16
[ 1750.234827][T22667] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1750.505766][T22812] 9pnet: Could not find request transport: f
[ 1751.239449][T22830] 9pnet_fd: Insufficient options for proto=fd
[ 1751.469279][T22208] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[ 1752.515598][T22843] overlayfs: failed to clone upperpath
[ 1753.010280][T22667] veth0_vlan: entered promiscuous mode
[ 1753.102485][T22667] veth1_vlan: entered promiscuous mode
[ 1753.146515][T22849] loop4: detected capacity change from 0 to 128
[ 1753.438063][T22667] veth0_macvtap: entered promiscuous mode
[ 1753.515549][T22667] veth1_macvtap: entered promiscuous mode
[ 1753.822905][T22667] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1753.944380][T22667] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1753.966663][T22854] 9pnet: Could not find request transport: f
[ 1754.073906][T22667] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1754.083303][T22667] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1754.092756][T22667] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1754.102146][T22667] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1754.384172][T22862] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5906'.
[ 1756.567078][T22885] overlayfs: failed to clone upperpath
[ 1759.367297][T22905] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[ 1759.378095][T22905] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[ 1760.929949][T22905] loop3: detected capacity change from 0 to 4096
[ 1761.021030][T22905] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[ 1762.149381][T22905] ntfs3(loop3): Failed to read $UpCase (-4).
[ 1762.332427][T22925] overlayfs: failed to clone upperpath
[ 1762.686754][T22927] loop4: detected capacity change from 0 to 128
[ 1763.819068][T22943] loop3: detected capacity change from 0 to 256
[ 1763.829602][T22943] exfat: Deprecated parameter 'namecase'
[ 1763.836057][T22943] exfat: Unknown parameter 'dis000000000000000006'
[ 1764.098458][T20770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1764.107176][T20770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1764.306532][T20770] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1764.315779][T20770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1764.549933][T22943] loop3: detected capacity change from 0 to 4096
[ 1764.572470][T22943] ntfs3: Unknown parameter 'M;ھe�رv���x��jS�4;ݾggؙ����v�M�s�\;���%Ϊ)�~dُm�`�]j���v�]y�V�׮��F��~j�حv��nw\:������k?��7v�����m����8�������'
[ 1765.438139][T22958] overlayfs: failed to clone upperpath
[ 1765.495739][T22960] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5940'.
[ 1765.541571][T22960] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5940'.
[ 1765.771912][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 1765.801082][T22966] loop3: detected capacity change from 0 to 128
[ 1765.945317][T22966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5941'.
[ 1766.669085][ T5858] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[ 1766.858181][ T5858] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 1766.870720][ T5858] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[ 1766.884001][ T5858] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1766.891023][ T5858] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[ 1766.900423][ T5858] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1767.018232][ T5858] usb 6-1: config 0 descriptor??
[ 1767.028654][T22975] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1767.356123][T22975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1767.366726][T22975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1767.451208][ T5858] usbhid 6-1:0.0: can't add hid device: -71
[ 1767.458114][ T5858] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1767.510093][ T5858] usb 6-1: USB disconnect, device number 23
[ 1767.926083][T22992] overlayfs: failed to clone upperpath
[ 1767.950338][ T5858] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1768.151348][ T5858] usb 6-1: Using ep0 maxpacket: 32
[ 1768.193678][ T5858] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[ 1768.205653][ T5858] usb 6-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[ 1768.219434][ T5858] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1768.226432][ T5858] usb 6-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[ 1768.236010][ T5858] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.322083][ T5858] usb 6-1: config 0 descriptor??
[ 1768.420529][ T5858] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1768.427228][ T5858] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1768.553003][T23000] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5958'.
[ 1768.774807][ T5858] plantronics 0003:047F:C055.0007: item fetching failed at offset 2/5
[ 1768.820272][ T5858] plantronics 0003:047F:C055.0007: parse failed
[ 1768.827588][ T5858] plantronics 0003:047F:C055.0007: probe with driver plantronics failed with error -22
[ 1769.080128][ T5858] usb 6-1: USB disconnect, device number 24
[ 1769.660171][T23015] loop4: detected capacity change from 0 to 256
[ 1769.680235][T23015] exfat: Deprecated parameter 'namecase'
[ 1769.686885][T23015] exfat: Unknown parameter 'dis000000000000000006'
[ 1770.406570][T23015] loop4: detected capacity change from 0 to 4096
[ 1770.445284][T23015] ntfs3: Unknown parameter 'M;ھe�رv���x��jS�4;ݾggؙ����v�M�s�\;���%Ϊ)�~dُm�`�]j���v�]y�V�׮��F��~j�حv��nw\:������k?��7v�����m����8�������'
[ 1770.829859][T23028] loop5: detected capacity change from 0 to 128
[ 1770.911704][T23028] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5971'.
[ 1773.299671][T23061] loop4: detected capacity change from 0 to 128
[ 1778.896355][T23092] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5998'.
[ 1778.906316][T23092] netlink: 72 bytes leftover after parsing attributes in process `syz.5.5998'.
[ 1779.582946][T23107] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6006'.
[ 1780.274783][T23117] loop3: detected capacity change from 0 to 128
[ 1780.574164][T23120] loop5: detected capacity change from 0 to 128
[ 1780.675474][   T30] audit: type=1800 audit(1752983357.132:3608): pid=23120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.6011" name="file1" dev="loop5" ino=1048788 res=0 errno=0
[ 1781.087602][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.087602][T23120] loop5: rw=2049, sector=140, nr_sectors = 8 limit=128
[ 1781.102268][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.102268][T23120] loop5: rw=2049, sector=156, nr_sectors = 1 limit=128
[ 1781.116468][T23120] buffer_io_error: 8 callbacks suppressed
[ 1781.116550][T23120] Buffer I/O error on dev loop5, logical block 156, lost async page write
[ 1781.131982][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.131982][T23120] loop5: rw=2049, sector=157, nr_sectors = 1 limit=128
[ 1781.146386][T23120] Buffer I/O error on dev loop5, logical block 157, lost async page write
[ 1781.156298][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.156298][T23120] loop5: rw=2049, sector=158, nr_sectors = 1 limit=128
[ 1781.175722][T23120] Buffer I/O error on dev loop5, logical block 158, lost async page write
[ 1781.185735][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.185735][T23120] loop5: rw=2049, sector=159, nr_sectors = 1 limit=128
[ 1781.199998][T23120] Buffer I/O error on dev loop5, logical block 159, lost async page write
[ 1781.209086][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.209086][T23120] loop5: rw=2049, sector=160, nr_sectors = 1 limit=128
[ 1781.223103][T23120] Buffer I/O error on dev loop5, logical block 160, lost async page write
[ 1781.232343][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.232343][T23120] loop5: rw=2049, sector=161, nr_sectors = 1 limit=128
[ 1781.246382][T23120] Buffer I/O error on dev loop5, logical block 161, lost async page write
[ 1781.256500][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.256500][T23120] loop5: rw=2049, sector=132, nr_sectors = 1 limit=128
[ 1781.274908][T23120] Buffer I/O error on dev loop5, logical block 132, lost async page write
[ 1781.284859][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.284859][T23120] loop5: rw=2049, sector=133, nr_sectors = 1 limit=128
[ 1781.299249][T23120] Buffer I/O error on dev loop5, logical block 133, lost async page write
[ 1781.308248][T23120] syz.5.6011: attempt to access beyond end of device
[ 1781.308248][T23120] loop5: rw=2049, sector=150, nr_sectors = 1 limit=128
[ 1781.322520][T23120] Buffer I/O error on dev loop5, logical block 150, lost async page write
[ 1781.331876][T23120] Buffer I/O error on dev loop5, logical block 151, lost async page write
[ 1782.775118][T23157] loop5: detected capacity change from 0 to 512
[ 1782.786440][T23151] loop3: detected capacity change from 0 to 128
[ 1782.796877][T23147] loop4: detected capacity change from 0 to 256
[ 1782.825931][T23147] vfat: Bad value for 'time_offset'
[ 1782.893553][T23157] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1782.911861][T23157] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1783.503910][T13299] wlan1: Trigger new scan to find an IBSS to join
[ 1783.700450][T23167] loop4: detected capacity change from 0 to 128
[ 1783.779467][   T30] audit: type=1800 audit(1752983360.242:3609): pid=23167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6029" name="file1" dev="loop4" ino=1048789 res=0 errno=0
[ 1783.945161][T22667] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1784.922840][T23180] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6036'.
[ 1785.346692][T23187] netlink: 'syz.7.6040': attribute type 27 has an invalid length.
[ 1786.167563][T23200] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6046'.
[ 1786.680420][T23206] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6049'.
[ 1786.690700][T23206] netlink: 152 bytes leftover after parsing attributes in process `syz.7.6049'.
[ 1787.121874][T23214] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6053'.
[ 1787.446793][T23216] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6054'.
[ 1787.456590][T23216] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6054'.
[ 1787.466325][T23216] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6054'.
[ 1787.573585][T23220] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6054'.
[ 1787.583264][T23220] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6054'.
[ 1787.974944][T23226] fuse: Bad value for 'fd'
[ 1788.460548][ T4479] wlan1: Trigger new scan to find an IBSS to join
[ 1788.780302][T23239] netlink: 'syz.3.6064': attribute type 1 has an invalid length.
[ 1789.237502][T23239] veth3: entered promiscuous mode
[ 1789.567151][ T3641] wlan1: Creating new IBSS network, BSSID ea:bc:60:5a:c5:a6
[ 1790.144321][T23260] loop5: detected capacity change from 0 to 8
[ 1790.228083][T23260] SQUASHFS error: Failed to read block 0x63a: -5
[ 1790.235539][T23260] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1790.243746][T23260] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1790.297970][T23267] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1790.306324][T23267] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1790.354983][T23267] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1790.363699][T23267] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1791.222882][T23271] vcan0: tx drop: invalid sa for name 0x0000000000000004
[ 1793.582037][T14060] Bluetooth: hci0: command 0x0406 tx timeout
[ 1794.171415][T23299] __nla_validate_parse: 3 callbacks suppressed
[ 1794.171520][T23299] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6086'.
[ 1794.871967][T23308] loop3: detected capacity change from 0 to 8
[ 1794.944467][T23308] SQUASHFS error: Failed to read block 0x63a: -5
[ 1794.952389][T23308] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1794.960386][T23308] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1794.997599][T23308] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1795.005854][T23308] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1795.045870][T23308] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1795.053951][T23308] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1796.173867][T23331] netlink: 236 bytes leftover after parsing attributes in process `syz.3.6099'.
[ 1796.928098][T23342] loop4: detected capacity change from 0 to 8
[ 1797.029087][T23342] SQUASHFS error: Failed to read block 0x63a: -5
[ 1797.035789][T23342] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1797.049340][T23342] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1797.120922][T23345] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1797.129627][T23345] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1797.166703][T23345] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1797.175422][T23345] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1798.267961][T23365] loop9: detected capacity change from 0 to 8
[ 1798.291357][T23365] Dev loop9: unable to read RDB block 8
[ 1798.297848][T23365]  loop9: unable to read partition table
[ 1798.317463][T23365] loop9: partition table beyond EOD, truncated
[ 1798.324589][T23365] loop_reread_partitions: partition scan of loop9 (�被x�^>�� �) failed (rc=-5)
[ 1799.409271][T23384] loop4: detected capacity change from 0 to 8
[ 1799.552571][T23387] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6122'.
[ 1799.562428][T23387] netlink: 152 bytes leftover after parsing attributes in process `syz.5.6122'.
[ 1799.582312][T23384] SQUASHFS error: Failed to read block 0x63a: -5
[ 1799.589498][T23384] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1799.597215][T23384] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1799.673529][T23384] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1799.682836][T23384] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1801.577965][T23415] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6134'.
[ 1801.597278][T23415] netlink: 152 bytes leftover after parsing attributes in process `syz.3.6134'.
[ 1802.484680][T23420] fuse: Bad value for 'fd'
[ 1804.386654][T23449] loop4: detected capacity change from 0 to 256
[ 1804.396651][T23449] vfat: Bad value for 'time_offset'
[ 1804.782916][T23454] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6151'.
[ 1804.792841][T23454] netlink: 152 bytes leftover after parsing attributes in process `syz.7.6151'.
[ 1804.886745][T23456] fuse: Bad value for 'fd'
[ 1805.898017][T23475] overlayfs: failed to resolve './file1': -2
[ 1807.706014][T23488] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6164'.
[ 1807.715876][T23488] netlink: 152 bytes leftover after parsing attributes in process `syz.9.6164'.
[ 1807.792005][T23490] loop3: detected capacity change from 0 to 8
[ 1807.996866][T23490] SQUASHFS error: Failed to read block 0x63a: -5
[ 1808.004015][T23490] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1808.011847][T23490] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1808.167508][T23490] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1808.176047][T23490] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1809.848220][T23506] overlayfs: failed to resolve './file1': -2
[ 1809.848352][T22208] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1810.069106][T22208] usb 5-1: Using ep0 maxpacket: 8
[ 1810.094006][T22208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 1810.106122][T22208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1810.116479][T22208] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1810.126883][T22208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 1810.138589][T22208] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1810.155458][T22208] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1810.166464][T22208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1810.283417][T22208] usb 5-1: config 0 descriptor??
[ 1810.300400][T23502] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1810.705646][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.715932][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.726201][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.736065][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.745924][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.756000][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.765842][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.775922][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.785889][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.796222][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.806033][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.816503][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.826356][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.836703][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.846552][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.856850][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.867258][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.878123][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.888581][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.899867][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.910573][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.920214][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.927834][T22208] usb 5-1: USB disconnect, device number 6
[ 1810.928398][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.942454][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.950185][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.957707][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.965359][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.973104][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.980740][T23516] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1810.988554][ T5808] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[ 1811.107984][T23520] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6179'.
[ 1811.118132][T23520] netlink: 112 bytes leftover after parsing attributes in process `syz.5.6179'.
[ 1811.345482][T23524] fuse: Bad value for 'fd'
[ 1812.414404][T23538] overlayfs: failed to resolve './file1': -2
[ 1813.427222][T23556] fuse: Bad value for 'fd'
[ 1815.281571][T23578] overlayfs: failed to clone upperpath
[ 1815.593650][T23582] netlink: 244 bytes leftover after parsing attributes in process `syz.3.6207'.
[ 1815.865212][T23588] fuse: Bad value for 'fd'
[ 1816.033353][T23593] netlink: 72 bytes leftover after parsing attributes in process `syz.5.6211'.
[ 1818.866041][T23602] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1819.008027][T23605] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1819.680660][T20770] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1819.866065][T23623] overlayfs: failed to clone upperpath
[ 1820.278187][T23627] fuse: Bad value for 'fd'
[ 1820.351048][T23628] binder: BINDER_SET_CONTEXT_MGR already set
[ 1820.357525][T23628] binder: 23625:23628 ioctl 4018620d 200000000040 returned -16
[ 1820.976233][T23639] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6228'.
[ 1820.986109][T23639] netlink: 152 bytes leftover after parsing attributes in process `syz.3.6228'.
[ 1824.697136][T23663] overlayfs: failed to clone upperpath
[ 1825.034205][T23666] fuse: Bad value for 'fd'
[ 1825.823068][T23678] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6241'.
[ 1825.837919][T23678] netlink: 152 bytes leftover after parsing attributes in process `syz.3.6241'.
[ 1825.933719][T23679] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[ 1825.944590][T23679] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[ 1826.181571][T23682] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6244'.
[ 1827.211386][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 1827.443863][T23700] overlayfs: failed to resolve './file0': -2
[ 1827.607684][T23705] loop3: detected capacity change from 0 to 8
[ 1827.633014][T23703] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6251'.
[ 1827.642931][T23703] netlink: 96 bytes leftover after parsing attributes in process `syz.5.6251'.
[ 1827.746912][T23705] SQUASHFS error: Failed to read block 0x63a: -5
[ 1827.753938][T23705] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1827.762950][T23705] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1827.821694][T23705] SQUASHFS error: Unable to read metadata cache entry [638]
[ 1827.830347][T23705] SQUASHFS error: Unable to read directory block [26067d:ffff]
[ 1828.593343][T23714] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6258'.
[ 1828.603519][T23714] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6258'.
[ 1828.613081][T23714] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6258'.
[ 1829.198365][T23728] overlayfs: failed to resolve './file0': -2
[ 1830.573024][T23745] fuse: Bad value for 'fd'
[ 1831.211069][T23750] loop4: detected capacity change from 0 to 2048
[ 1831.241979][T23753] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6272'.
[ 1831.251759][T23753] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6272'.
[ 1831.266602][T23753] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6272'.
[ 1831.421542][T23750] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1831.633263][   T30] audit: type=1800 audit(1752983408.102:3610): pid=23750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6270" name="bus" dev="loop4" ino=18 res=0 errno=0
[ 1832.015020][T23765] overlayfs: failed to resolve './file0': -2
[ 1832.185139][T22062] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1832.833271][T23781] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6281'.
[ 1834.467771][T23789] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6286'.
[ 1834.477846][T23789] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6286'.
[ 1834.487425][T23789] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6286'.
[ 1836.074401][T23806] overlayfs: failed to clone upperpath
[ 1836.145693][T23810] netlink: 'syz.9.6294': attribute type 1 has an invalid length.
[ 1836.309901][T23813] netlink: 52 bytes leftover after parsing attributes in process `syz.9.6294'.
[ 1836.382026][T23808] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1836.501266][T23813] veth9: entered promiscuous mode
[ 1836.524023][T23813] bond1: (slave veth9): Enslaving as a backup interface with a down link
[ 1838.454455][T23840] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6304'.
[ 1838.464438][T23840] netlink: 152 bytes leftover after parsing attributes in process `syz.9.6304'.
[ 1839.256721][T23850] overlayfs: failed to clone upperpath
[ 1839.541032][T23853] netlink: 'syz.9.6310': attribute type 1 has an invalid length.
[ 1839.699991][T23853] netlink: 52 bytes leftover after parsing attributes in process `syz.9.6310'.
[ 1839.809597][T23853] veth11: entered promiscuous mode
[ 1839.834289][T23853] bond2: (slave veth11): Enslaving as a backup interface with a down link
[ 1841.544074][T23887] overlayfs: failed to clone upperpath
[ 1842.480873][T23892] netlink: 'syz.9.6325': attribute type 1 has an invalid length.
[ 1845.913070][T23906] binder: BINDER_SET_CONTEXT_MGR already set
[ 1845.919683][T23906] binder: 23905:23906 ioctl 4018620d 200000000040 returned -16
[ 1847.157095][T23930] netlink: 'syz.7.6342': attribute type 1 has an invalid length.
[ 1847.356850][T23930] netlink: 52 bytes leftover after parsing attributes in process `syz.7.6342'.
[ 1847.537791][T23930] veth15: entered promiscuous mode
[ 1847.560679][T23930] bond8: (slave veth15): Enslaving as a backup interface with a down link
[ 1849.255647][ T5858] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1849.478587][ T5858] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1849.489429][ T5858] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1849.543639][ T5858] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1849.553774][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1849.562679][ T5858] usb 5-1: Product: syz
[ 1849.567172][ T5858] usb 5-1: Manufacturer: syz
[ 1849.573215][ T5858] usb 5-1: SerialNumber: syz
[ 1849.608395][ T5858] usb 5-1: config 0 descriptor??
[ 1849.688381][ T5858] usb 5-1: selecting invalid altsetting 0
[ 1849.920473][ T5858] usb 5-1: USB disconnect, device number 7
[ 1850.704096][ T4479] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1851.420499][T23979] 9pnet_fd: Insufficient options for proto=fd
[ 1852.842783][T24000] loop3: detected capacity change from 0 to 128
[ 1852.973383][   T30] audit: type=1800 audit(1752983429.432:3611): pid=24000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6370" name="file1" dev="loop3" ino=1048790 res=0 errno=0
[ 1853.546919][T24000] bio_check_eod: 28 callbacks suppressed
[ 1853.546990][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.546990][T24000] loop3: rw=2049, sector=140, nr_sectors = 8 limit=128
[ 1853.570944][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.570944][T24000] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128
[ 1853.585462][T24000] buffer_io_error: 26 callbacks suppressed
[ 1853.585524][T24000] Buffer I/O error on dev loop3, logical block 156, lost async page write
[ 1853.600971][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.600971][T24000] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128
[ 1853.614995][T24000] Buffer I/O error on dev loop3, logical block 157, lost async page write
[ 1853.624044][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.624044][T24000] loop3: rw=2049, sector=158, nr_sectors = 1 limit=128
[ 1853.637874][T24000] Buffer I/O error on dev loop3, logical block 158, lost async page write
[ 1853.647415][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.647415][T24000] loop3: rw=2049, sector=159, nr_sectors = 1 limit=128
[ 1853.661356][T24000] Buffer I/O error on dev loop3, logical block 159, lost async page write
[ 1853.672880][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.672880][T24000] loop3: rw=2049, sector=160, nr_sectors = 1 limit=128
[ 1853.687665][T24000] Buffer I/O error on dev loop3, logical block 160, lost async page write
[ 1853.696779][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.696779][T24000] loop3: rw=2049, sector=161, nr_sectors = 1 limit=128
[ 1853.710674][T24000] Buffer I/O error on dev loop3, logical block 161, lost async page write
[ 1853.720681][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.720681][T24000] loop3: rw=2049, sector=132, nr_sectors = 1 limit=128
[ 1853.734665][T24000] Buffer I/O error on dev loop3, logical block 132, lost async page write
[ 1853.743587][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.743587][T24000] loop3: rw=2049, sector=133, nr_sectors = 1 limit=128
[ 1853.757842][T24000] Buffer I/O error on dev loop3, logical block 133, lost async page write
[ 1853.766843][T24000] syz.3.6370: attempt to access beyond end of device
[ 1853.766843][T24000] loop3: rw=2049, sector=150, nr_sectors = 1 limit=128
[ 1853.784794][T24000] Buffer I/O error on dev loop3, logical block 150, lost async page write
[ 1853.794771][T24000] Buffer I/O error on dev loop3, logical block 151, lost async page write
[ 1853.911919][T24012] bond_slave_0: entered promiscuous mode
[ 1853.918145][T24012] bond_slave_1: entered promiscuous mode
[ 1853.924838][T24012] vlan2: entered promiscuous mode
[ 1853.930970][T24012] bond0: entered promiscuous mode
[ 1854.588970][T24017] 9pnet_fd: Insufficient options for proto=fd
[ 1854.746075][T24018] bond_slave_0: entered promiscuous mode
[ 1854.752484][T24018] bond_slave_1: entered promiscuous mode
[ 1854.758976][T24018] vlan2: entered promiscuous mode
[ 1854.764462][T24018] bond0: entered promiscuous mode
[ 1855.052587][T24023] syzkaller1: entered promiscuous mode
[ 1855.058476][T24023] syzkaller1: entered allmulticast mode
[ 1857.081247][T24051] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6392'.
[ 1861.229457][T24112] loop4: detected capacity change from 0 to 128
[ 1861.284323][   T30] audit: type=1800 audit(1752983437.752:3612): pid=24112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6417" name="file1" dev="loop4" ino=1048791 res=0 errno=0
[ 1861.604345][T24112] bio_check_eod: 9 callbacks suppressed
[ 1861.604448][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.604448][T24112] loop4: rw=2049, sector=140, nr_sectors = 8 limit=128
[ 1861.625292][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.625292][T24112] loop4: rw=2049, sector=156, nr_sectors = 1 limit=128
[ 1861.639793][T24112] buffer_io_error: 8 callbacks suppressed
[ 1861.639884][T24112] Buffer I/O error on dev loop4, logical block 156, lost async page write
[ 1861.658565][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.658565][T24112] loop4: rw=2049, sector=157, nr_sectors = 1 limit=128
[ 1861.673502][T24112] Buffer I/O error on dev loop4, logical block 157, lost async page write
[ 1861.682761][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.682761][T24112] loop4: rw=2049, sector=158, nr_sectors = 1 limit=128
[ 1861.696759][T24112] Buffer I/O error on dev loop4, logical block 158, lost async page write
[ 1861.706328][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.706328][T24112] loop4: rw=2049, sector=159, nr_sectors = 1 limit=128
[ 1861.720921][T24112] Buffer I/O error on dev loop4, logical block 159, lost async page write
[ 1861.730205][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.730205][T24112] loop4: rw=2049, sector=160, nr_sectors = 1 limit=128
[ 1861.744359][T24112] Buffer I/O error on dev loop4, logical block 160, lost async page write
[ 1861.753500][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.753500][T24112] loop4: rw=2049, sector=161, nr_sectors = 1 limit=128
[ 1861.771522][T24112] Buffer I/O error on dev loop4, logical block 161, lost async page write
[ 1861.782376][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.782376][T24112] loop4: rw=2049, sector=132, nr_sectors = 1 limit=128
[ 1861.796482][T24112] Buffer I/O error on dev loop4, logical block 132, lost async page write
[ 1861.805646][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.805646][T24112] loop4: rw=2049, sector=133, nr_sectors = 1 limit=128
[ 1861.819666][T24112] Buffer I/O error on dev loop4, logical block 133, lost async page write
[ 1861.829115][T24112] syz.4.6417: attempt to access beyond end of device
[ 1861.829115][T24112] loop4: rw=2049, sector=150, nr_sectors = 1 limit=128
[ 1861.843167][T24112] Buffer I/O error on dev loop4, logical block 150, lost async page write
[ 1861.852455][T24112] Buffer I/O error on dev loop4, logical block 151, lost async page write
[ 1862.250509][T24118] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6421'.
[ 1862.260563][T24118] bridge: RTM_NEWNEIGH with invalid ether address
[ 1862.720939][T24126] netlink: 'syz.3.6426': attribute type 1 has an invalid length.
[ 1862.819154][T24126] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1863.034077][T24126] team0: Port device dummy0 removed
[ 1863.062452][T24126] bond3: (slave dummy0): making interface the new active one
[ 1863.077726][T24126] bond3: (slave dummy0): Enslaving as an active interface with an up link
[ 1865.249270][T24162] netlink: 'syz.3.6440': attribute type 1 has an invalid length.
[ 1865.358136][T24162] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1865.639858][T24166] batadv0: entered promiscuous mode
[ 1869.450314][T24215] netlink: 548 bytes leftover after parsing attributes in process `syz.5.6462'.
[ 1870.231854][ T5808] Bluetooth: hci2: command 0x0406 tx timeout
[ 1875.383367][T24287] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6493'.
[ 1875.401540][T24290] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6492'.
[ 1875.487432][ T5808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1875.516116][ T5808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1875.529864][ T5808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1875.550756][ T5808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1875.568600][ T5808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1876.366506][T24299] loop4: detected capacity change from 0 to 512
[ 1876.555809][T24299] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1876.571154][T24299] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1877.173337][T22062] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1877.367095][T24291] chnl_net:caif_netlink_parms(): no params data found
[ 1877.661739][T23516] Bluetooth: hci5: command tx timeout
[ 1877.789156][T24313] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6497'.
[ 1878.707707][ T4479] bridge_slave_1: left allmulticast mode
[ 1878.714205][ T4479] bridge_slave_1: left promiscuous mode
[ 1878.723462][ T4479] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1878.822528][ T4479] bridge_slave_0: left allmulticast mode
[ 1878.831505][ T4479] bridge_slave_0: left promiscuous mode
[ 1878.838428][ T4479] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1879.226732][ T4479] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1879.235881][ T4479] gretap1 (unregistering): left promiscuous mode
[ 1879.242755][ T4479] gretap1 (unregistering): left allmulticast mode
[ 1879.461485][T24324] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6501'.
[ 1879.545289][ T4479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1879.603091][ T4479] bond_slave_0: left promiscuous mode
[ 1879.611958][ T4479] bond_slave_0: left allmulticast mode
[ 1879.654098][ T4479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1879.702777][ T4479] bond_slave_1: left promiscuous mode
[ 1879.709905][ T4479] bond_slave_1: left allmulticast mode
[ 1879.717356][ T4479] bond0 (unregistering): Released all slaves
[ 1879.741145][T23516] Bluetooth: hci5: command tx timeout
[ 1879.907466][ T4479] bond1 (unregistering): Released all slaves
[ 1879.946129][ T4479] bond2 (unregistering): Released all slaves
[ 1880.147112][ T4479] bond3 (unregistering): Released all slaves
[ 1880.281677][ T4479] bond4 (unregistering): Released all slaves
[ 1880.371828][ T4479] bond5 (unregistering): (slave veth11): Releasing backup interface
[ 1880.431184][ T4479] bond5 (unregistering): Released all slaves
[ 1880.452557][ T4479] bond6 (unregistering): Released all slaves
[ 1880.476134][ T4479] bond7 (unregistering): Released all slaves
[ 1880.705205][ T4479] bond8 (unregistering): (slave veth15): Releasing backup interface
[ 1880.753308][ T4479] bond8 (unregistering): Released all slaves
[ 1881.061722][T24324] bond0: entered promiscuous mode
[ 1881.067161][T24324] bond_slave_0: entered promiscuous mode
[ 1881.074553][T24324] bond_slave_1: entered promiscuous mode
[ 1881.089828][T24324] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1881.103780][T24324] bond0: left promiscuous mode
[ 1881.110368][T24324] bond_slave_0: left promiscuous mode
[ 1881.117230][T24324] bond_slave_1: left promiscuous mode
[ 1881.412085][T24291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1881.424197][T24291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1881.432602][T24291] bridge_slave_0: entered allmulticast mode
[ 1881.442814][T24291] bridge_slave_0: entered promiscuous mode
[ 1881.462752][ T4479] tipc: Left network mode
[ 1881.639696][T24291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1881.647454][T24291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1881.658058][T24291] bridge_slave_1: entered allmulticast mode
[ 1881.669033][T24291] bridge_slave_1: entered promiscuous mode
[ 1881.819901][T23516] Bluetooth: hci5: command tx timeout
[ 1881.837028][T20770] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1882.193073][T24291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1882.297256][T24291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1882.382364][ T4479] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1882.414884][ T4479] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1883.304339][ T4479] team0 (unregistering): Port device team_slave_1 removed
[ 1883.354006][ T4479] team0 (unregistering): Port device team_slave_0 removed
[ 1883.555993][ T4479] team0 (unregistering): Port device dummy0 removed
[ 1883.928975][T23516] Bluetooth: hci5: command tx timeout
[ 1884.155047][T24291] team0: Port device team_slave_0 added
[ 1884.191130][T24291] team0: Port device team_slave_1 added
[ 1884.457598][T24291] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1884.465244][T24291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1884.497036][T24291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1884.661435][T24291] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1884.669034][T24291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1884.700681][T24291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1885.274814][T24291] hsr_slave_0: entered promiscuous mode
[ 1885.286163][T24291] hsr_slave_1: entered promiscuous mode
[ 1885.295797][T24291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1885.303937][T24291] Cannot create hsr debugfs directory
[ 1885.529436][T24340] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6509'.
[ 1887.510804][T24291] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1887.572603][T24291] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1887.628447][T24291] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1887.676472][T24291] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1888.653255][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 1888.901757][T24291] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1889.089360][T24365] loop3: detected capacity change from 0 to 512
[ 1889.095436][T24291] 8021q: adding VLAN 0 to HW filter on device team0
[ 1889.208879][ T3641] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1889.216597][ T3641] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1889.374926][T24367] team0: Port device dummy0 removed
[ 1889.400866][T24367] bridge_slave_0: left allmulticast mode
[ 1889.413756][T24367] bridge_slave_0: left promiscuous mode
[ 1889.420957][T24367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1889.492469][T24365] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1889.506237][T24365] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1889.544081][T24367] bridge_slave_1: left allmulticast mode
[ 1889.550362][T24367] bridge_slave_1: left promiscuous mode
[ 1889.558851][T24367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1889.606280][T24367] bond0: (slave bond_slave_0): Releasing backup interface
[ 1889.697359][T24367] bond0: (slave bond_slave_1): Releasing backup interface
[ 1889.874452][T24367] team0: Port device team_slave_0 removed
[ 1889.973607][T24367] team0: Port device team_slave_1 removed
[ 1889.986872][T24367] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1889.995190][T24367] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1890.013864][T24372] netlink: 'syz.4.6521': attribute type 1 has an invalid length.
[ 1890.096251][T24367] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1890.105864][T24367] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1890.218023][T22004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1890.287739][T24367] bond1: (slave veth9): Releasing backup interface
[ 1890.346891][T24367] bond2: (slave veth11): Releasing backup interface
[ 1890.499693][T24372] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1890.554002][T24375] vlan2: entered promiscuous mode
[ 1890.559997][T24375] bond1: entered promiscuous mode
[ 1890.567468][T24375] vlan2: entered allmulticast mode
[ 1890.573104][T24375] bond1: entered allmulticast mode
[ 1890.775101][ T3641] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1890.782935][ T3641] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1891.768973][T24392] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6528'.
[ 1892.260890][T24397] netlink: 'syz.5.6530': attribute type 3 has an invalid length.
[ 1892.822956][T24291] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1893.229740][T22202] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1893.443682][T22202] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1893.452670][T22202] usb 5-1: config 0 has no interface number 0
[ 1893.488599][T22202] usb 5-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14
[ 1893.498338][T22202] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1893.507490][T22202] usb 5-1: Product: syz
[ 1893.516691][T22202] usb 5-1: Manufacturer: syz
[ 1893.522870][T22202] usb 5-1: SerialNumber: syz
[ 1893.606300][T22202] usb 5-1: config 0 descriptor??
[ 1893.629071][T22202] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[ 1893.845082][T22202] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[ 1893.852821][T22202] gspca_pac7302 5-1:0.101: probe with driver gspca_pac7302 failed with error -71
[ 1893.930282][T22202] usb 5-1: USB disconnect, device number 8
[ 1894.035302][T24416] netlink: 'syz.9.6536': attribute type 1 has an invalid length.
[ 1894.136611][T24416] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1894.221952][T24419] vlan2: entered promiscuous mode
[ 1894.227508][T24419] bond4: entered promiscuous mode
[ 1894.233984][T24419] vlan2: entered allmulticast mode
[ 1894.239645][T24419] bond4: entered allmulticast mode
[ 1895.070182][T24432] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6541'.
[ 1895.099461][T24432] erspan0: entered promiscuous mode
[ 1895.117078][T24432] erspan0: left promiscuous mode
[ 1895.485846][T24291] veth0_vlan: entered promiscuous mode
[ 1895.579806][T24291] veth1_vlan: entered promiscuous mode
[ 1895.816835][T24291] veth0_macvtap: entered promiscuous mode
[ 1895.889215][T24291] veth1_macvtap: entered promiscuous mode
[ 1896.074390][T24291] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1896.165549][T24291] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1896.249410][T24291] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1896.259256][T24291] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1896.269388][T24291] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1896.278573][T24291] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1896.467462][T24445] fuse: Bad value for 'group_id'
[ 1896.479038][T24445] fuse: Bad value for 'group_id'
[ 1897.048157][T24454] netlink: 'syz.4.6550': attribute type 1 has an invalid length.
[ 1897.161466][T24454] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1897.244925][T24454] vlan3: entered promiscuous mode
[ 1897.250539][T24454] bond2: entered promiscuous mode
[ 1897.256730][T24454] vlan3: entered allmulticast mode
[ 1897.262473][T24454] bond2: entered allmulticast mode
[ 1897.810824][T24464] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6554'.
[ 1899.681595][T24489] netlink: 'syz.9.6562': attribute type 1 has an invalid length.
[ 1899.804409][T24489] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1899.941137][T24489] vlan3: entered promiscuous mode
[ 1899.946543][T24489] bond5: entered promiscuous mode
[ 1899.959188][T24489] vlan3: entered allmulticast mode
[ 1899.964663][T24489] bond5: entered allmulticast mode
[ 1900.029604][T24494] netlink: 'syz.5.6563': attribute type 1 has an invalid length.
[ 1900.357169][T24494] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[ 1900.494949][T24501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6565'.
[ 1901.612606][T24522] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1902.624717][ T3641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1902.633307][ T3641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1902.668225][T24534] netlink: 'syz.9.6577': attribute type 1 has an invalid length.
[ 1902.773000][T24538] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6578'.
[ 1903.102348][T21133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1903.110942][T21133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1903.570224][T24548] veth1_virt_wifi: entered promiscuous mode
[ 1903.577549][T24548] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6582'.
[ 1903.587504][T24548] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[ 1903.839951][T24552] netlink: 'syz.7.6487': attribute type 1 has an invalid length.
[ 1904.388307][T24560] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6587'.
[ 1904.793501][T24567] netlink: 'syz.4.6590': attribute type 1 has an invalid length.
[ 1904.995277][T24567] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link
[ 1905.580622][T22208] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[ 1905.779042][T22208] usb 8-1: Using ep0 maxpacket: 8
[ 1905.807687][T22208] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[ 1905.817317][T22208] usb 8-1: config 179 has no interface number 0
[ 1905.825636][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1905.837556][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1905.849702][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[ 1905.862197][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[ 1905.874206][T22208] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1905.888140][T22208] usb 8-1: config 179 interface 65 has no altsetting 0
[ 1905.901042][T22208] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1905.914805][T22208] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1906.076808][T22208] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input45
[ 1906.155249][ T5146] input input45: unable to receive magic message: -110
[ 1906.209359][ T5146] input input45: unable to receive magic message: -32
[ 1906.271583][ T5146] input input45: unable to receive magic message: -32
[ 1906.296532][ T5146] input input45: unable to receive magic message: -32
[ 1906.327390][T24575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1906.337937][T24575] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1906.422170][T24575] input input45: unable to receive magic message: -32
[ 1906.475717][    C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1906.484727][T22208] usb 8-1: USB disconnect, device number 27
[ 1907.757924][T24603] netlink: 'syz.4.6605': attribute type 1 has an invalid length.
[ 1909.073946][T24625] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6612'.
[ 1910.836412][T24635] syz.7.6617 (24635): drop_caches: 2
[ 1911.945373][T24660] netlink: 72 bytes leftover after parsing attributes in process `syz.5.6626'.
[ 1912.069828][T22208] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[ 1912.279139][T22208] usb 8-1: Using ep0 maxpacket: 8
[ 1912.357952][T22208] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[ 1912.366982][T22208] usb 8-1: config 179 has no interface number 0
[ 1912.373777][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1912.385664][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1912.397669][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[ 1912.410013][T22208] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[ 1912.422001][T22208] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1912.436101][T22208] usb 8-1: config 179 interface 65 has no altsetting 0
[ 1912.450108][T22208] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1912.459955][T22208] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1912.625674][T22208] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input46
[ 1912.689522][ T5146] input input46: unable to receive magic message: -110
[ 1912.761451][ T5146] input input46: unable to receive magic message: -32
[ 1912.860871][T20770] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1912.879980][ T5146] input input46: unable to receive magic message: -32
[ 1912.904634][T24657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1912.914409][T24657] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1912.944493][ T5146] input input46: unable to receive magic message: -32
[ 1913.041438][T24657] input input46: unable to receive magic message: -32
[ 1913.077107][    C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1913.086078][T22208] usb 8-1: USB disconnect, device number 28
[ 1913.374612][T24678] fuse: Bad value for 'fd'
[ 1914.381071][T24690] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6639'.
[ 1915.749527][T11080] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1916.053878][T11080] usb 5-1: config 0 has an invalid interface number: 101 but max is 0
[ 1916.063274][T11080] usb 5-1: config 0 has no interface number 0
[ 1916.223358][T11080] usb 5-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14
[ 1916.234227][T11080] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1916.243180][T11080] usb 5-1: Product: syz
[ 1916.247796][T11080] usb 5-1: Manufacturer: syz
[ 1916.253340][T11080] usb 5-1: SerialNumber: syz
[ 1916.581601][T11080] usb 5-1: config 0 descriptor??
[ 1916.704549][T11080] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[ 1916.882419][T24704] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6645'.
[ 1917.150892][T24700] netlink: 136 bytes leftover after parsing attributes in process `syz.4.6643'.
[ 1917.166509][T24700] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1917.225917][T11080] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[ 1917.234173][T11080] gspca_pac7302 5-1:0.101: probe with driver gspca_pac7302 failed with error -110
[ 1917.698522][T11080] usb 5-1: USB disconnect, device number 9
[ 1918.850569][T24708] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6647'.
[ 1920.621967][T24709] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6647'.
[ 1921.391820][T24726] netlink: 72 bytes leftover after parsing attributes in process `syz.3.6653'.
[ 1923.077968][T24752] loop4: detected capacity change from 0 to 512
[ 1923.099161][T24752] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1923.115350][T24752] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002]
[ 1923.125159][T24752] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1923.176895][T24752] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6661: bg 0: block 361: padding at end of block bitmap is not set
[ 1923.369922][T24752] EXT4-fs (loop4): Remounting filesystem read-only
[ 1923.491674][T24752] EXT4-fs (loop4): 1 truncate cleaned up
[ 1923.507838][T24752] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 1923.840358][T24752] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.6661: dx entry: limit 0 != root limit 125
[ 1923.852852][T24752] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.6661: Corrupt directory, running e2fsck is recommended
[ 1923.945430][T24755] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.6661: dx entry: limit 0 != root limit 125
[ 1923.958496][T24755] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.6661: Corrupt directory, running e2fsck is recommended
[ 1924.210776][T24752] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.6661: dx entry: limit 0 != root limit 125
[ 1924.228443][T24752] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.6661: Corrupt directory, running e2fsck is recommended
[ 1924.316746][T24760] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.6661: dx entry: limit 0 != root limit 125
[ 1924.336303][T24760] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.6661: Corrupt directory, running e2fsck is recommended
[ 1924.442436][T24752] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.6661: dx entry: limit 0 != root limit 125
[ 1924.455127][T24752] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.6661: Corrupt directory, running e2fsck is recommended
[ 1924.693655][T24764] netlink: 72 bytes leftover after parsing attributes in process `syz.7.6667'.
[ 1925.069668][T22062] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1925.726589][T24779] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6674'.
[ 1925.736429][T24779] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6674'.
[ 1925.770423][T24779] team0: entered promiscuous mode
[ 1925.778230][T24779] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1925.870440][T22208] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[ 1926.054119][T22208] usb 8-1: Using ep0 maxpacket: 32
[ 1926.103329][T22208] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1926.114647][T22208] usb 8-1: config 0 has no interfaces?
[ 1926.120759][T22208] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1926.130707][T22208] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1926.221090][T22208] usb 8-1: config 0 descriptor??
[ 1926.676357][T24791] netlink: 72 bytes leftover after parsing attributes in process `syz.5.6679'.
[ 1929.267901][T22208] usb 8-1: USB disconnect, device number 29
[ 1929.649408][T24821] netlink: 44 bytes leftover after parsing attributes in process `syz.5.6690'.
[ 1934.642860][T24842] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6698'.
[ 1936.549446][T24846] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6698'.
[ 1936.746329][T24856] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6703'.
[ 1939.355326][   T30] audit: type=1800 audit(1752983515.722:3613): pid=24871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.6709" name="nullb0" dev="tmpfs" ino=877 res=0 errno=0
[ 1940.493396][T24870] syz.3.6708 (24870): drop_caches: 2
[ 1940.868309][T24889] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6718'.
[ 1942.052653][   T30] audit: type=1326 audit(1752983518.502:3614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24898 comm="syz.5.6722" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663918e9a9 code=0x0
[ 1942.481350][T24910] loop3: detected capacity change from 0 to 8
[ 1943.870931][T24920] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[ 1943.915353][T24919] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1943.943936][T24923] netlink: 72 bytes leftover after parsing attributes in process `syz.3.6731'.
[ 1943.979716][T24925] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1944.046157][T24924] netlink: 'syz.5.6732': attribute type 1 has an invalid length.
[ 1944.102994][  T749] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1944.137738][T24924] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1944.219768][T11080] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[ 1944.465215][T11080] usb 8-1: config 0 has no interfaces?
[ 1944.483852][T11080] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1944.494249][T11080] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1944.503891][T11080] usb 8-1: Product: syz
[ 1944.508937][T11080] usb 8-1: Manufacturer: syz
[ 1944.513980][T11080] usb 8-1: SerialNumber: syz
[ 1944.554702][T11080] usb 8-1: config 0 descriptor??
[ 1944.960556][T24915] kvm: pic: non byte write
[ 1945.003374][T22202] usb 8-1: USB disconnect, device number 30
[ 1945.090185][T22208] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1945.269190][T22208] usb 5-1: Using ep0 maxpacket: 32
[ 1945.349956][T22208] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1945.360928][T22208] usb 5-1: config 0 has no interfaces?
[ 1945.366825][T22208] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1945.376742][T22208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1945.401191][T22208] usb 5-1: config 0 descriptor??
[ 1946.146307][T24947] =====================================================
[ 1946.154167][T24947] BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0
[ 1946.161960][T24947]  sctp_assoc_bh_rcv+0x34e/0xbc0
[ 1946.167292][T24947]  sctp_inq_push+0x2a6/0x350
[ 1946.172397][T24947]  sctp_backlog_rcv+0x3c7/0xda0
[ 1946.177491][T24947]  sk_backlog_rcv+0x142/0x420
[ 1946.182766][T24947]  __release_sock+0x1d3/0x330
[ 1946.187832][T24947]  release_sock+0x6b/0x270
[ 1946.192854][T24947]  sctp_wait_for_connect+0x458/0x820
[ 1946.199303][T24947]  sctp_sendmsg_to_asoc+0x223a/0x2260
[ 1946.205001][T24947]  sctp_sendmsg+0x3910/0x49f0
[ 1946.210526][T24947]  inet_sendmsg+0x26c/0x2a0
[ 1946.215342][T24947]  __sock_sendmsg+0x278/0x3d0
[ 1946.220448][T24947]  __sys_sendto+0x593/0x720
[ 1946.225117][T24947]  __x64_sys_sendto+0x130/0x200
[ 1946.230316][T24947]  x64_sys_call+0x3c0b/0x3db0
[ 1946.239959][T24947]  do_syscall_64+0xd9/0x210
[ 1946.244758][T24947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1946.252572][T24947] 
[ 1946.255023][T24947] Uninit was created at:
[ 1946.259851][T24947]  __kmalloc_node_track_caller_noprof+0x96d/0x12f0
[ 1946.266545][T24947]  kmalloc_reserve+0x22f/0x4b0
[ 1946.271637][T24947]  __alloc_skb+0x347/0x7d0
[ 1946.276214][T24947]  sctp_packet_transmit+0x18a1/0x46d0
[ 1946.281888][T24947]  sctp_outq_flush+0x1c7d/0x67c0
[ 1946.287008][T24947]  sctp_outq_uncork+0x9e/0xc0
[ 1946.292147][T24947]  sctp_do_sm+0x8c8e/0x9720
[ 1946.296848][T24947]  sctp_assoc_bh_rcv+0x88b/0xbc0
[ 1946.302118][T24947]  sctp_inq_push+0x2a6/0x350
[ 1946.306870][T24947]  sctp_backlog_rcv+0x3c7/0xda0
[ 1946.312244][T24947]  sk_backlog_rcv+0x142/0x420
[ 1946.317132][T24947]  __release_sock+0x1d3/0x330
[ 1946.322210][T24947]  release_sock+0x6b/0x270
[ 1946.326893][T24947]  sctp_wait_for_connect+0x458/0x820
[ 1946.332538][T24947]  sctp_sendmsg_to_asoc+0x223a/0x2260
[ 1946.342759][T24947]  sctp_sendmsg+0x3910/0x49f0
[ 1946.348072][T24947]  inet_sendmsg+0x26c/0x2a0
[ 1946.353912][T24947]  __sock_sendmsg+0x278/0x3d0
[ 1946.359043][T24947]  __sys_sendto+0x593/0x720
[ 1946.363772][T24947]  __x64_sys_sendto+0x130/0x200
[ 1946.369102][T24947]  x64_sys_call+0x3c0b/0x3db0
[ 1946.374093][T24947]  do_syscall_64+0xd9/0x210
[ 1946.379777][T24947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1946.385896][T24947] 
[ 1946.388331][T24947] CPU: 1 UID: 0 PID: 24947 Comm: syz.4.6735 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none) 
[ 1946.400976][T24947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1946.411509][T24947] =====================================================
[ 1946.418601][T24947] Disabling lock debugging due to kernel taint
[ 1946.425165][T24947] Kernel panic - not syncing: kmsan.panic set ...
[ 1946.431745][T24947] CPU: 1 UID: 0 PID: 24947 Comm: syz.4.6735 Tainted: G    B               6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none) 
[ 1946.445649][T24947] Tainted: [B]=BAD_PAGE
[ 1946.450064][T24947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1946.460367][T24947] Call Trace:
[ 1946.463836][T24947]  <TASK>
[ 1946.466959][T24947]  __dump_stack+0x26/0x30
[ 1946.471641][T24947]  dump_stack_lvl+0x53/0x270
[ 1946.476558][T24947]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1946.482683][T24947]  dump_stack+0x1e/0x25
[ 1946.487163][T24947]  panic+0x4bd/0xd50
[ 1946.491572][T24947]  kmsan_report+0x31c/0x320
[ 1946.496504][T24947]  ? __msan_warning+0x1b/0x30
[ 1946.501480][T24947]  ? sctp_assoc_bh_rcv+0x34e/0xbc0
[ 1946.506941][T24947]  ? sctp_inq_push+0x2a6/0x350
[ 1946.512028][T24947]  ? sctp_backlog_rcv+0x3c7/0xda0
[ 1946.517418][T24947]  ? sk_backlog_rcv+0x142/0x420
[ 1946.522626][T24947]  ? __release_sock+0x1d3/0x330
[ 1946.527979][T24947]  ? release_sock+0x6b/0x270
[ 1946.532938][T24947]  ? sctp_wait_for_connect+0x458/0x820
[ 1946.538754][T24947]  ? sctp_sendmsg_to_asoc+0x223a/0x2260
[ 1946.544625][T24947]  ? sctp_sendmsg+0x3910/0x49f0
[ 1946.549758][T24947]  ? inet_sendmsg+0x26c/0x2a0
[ 1946.554729][T24947]  ? __sock_sendmsg+0x278/0x3d0
[ 1946.559921][T24947]  ? __sys_sendto+0x593/0x720
[ 1946.564860][T24947]  ? __x64_sys_sendto+0x130/0x200
[ 1946.570136][T24947]  ? x64_sys_call+0x3c0b/0x3db0
[ 1946.575315][T24947]  ? do_syscall_64+0xd9/0x210
[ 1946.580256][T24947]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1946.586596][T24947]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1946.592683][T24947]  ? kmsan_get_metadata+0xfb/0x160
[ 1946.598147][T24947]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1946.604223][T24947]  ? kmsan_get_metadata+0xfb/0x160
[ 1946.609576][T24947]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1946.615663][T24947]  ? sctp_inq_pop+0x15ea/0x19e0
[ 1946.621090][T24947]  ? kmsan_get_metadata+0xfb/0x160
[ 1946.626471][T24947]  __msan_warning+0x1b/0x30
[ 1946.631174][T24947]  sctp_assoc_bh_rcv+0x34e/0xbc0
[ 1946.636735][T24947]  ? __pfx_sctp_assoc_bh_rcv+0x10/0x10
[ 1946.642669][T24947]  sctp_inq_push+0x2a6/0x350
[ 1946.647564][T24947]  sctp_backlog_rcv+0x3c7/0xda0
[ 1946.652709][T24947]  ? kmsan_get_metadata+0xfb/0x160
[ 1946.658314][T24947]  ? __pfx_sctp_backlog_rcv+0x10/0x10
[ 1946.663987][T24947]  sk_backlog_rcv+0x142/0x420
[ 1946.668987][T24947]  __release_sock+0x1d3/0x330
[ 1946.673954][T24947]  release_sock+0x6b/0x270
[ 1946.678677][T24947]  sctp_wait_for_connect+0x458/0x820
[ 1946.684255][T24947]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1946.690650][T24947]  sctp_sendmsg_to_asoc+0x223a/0x2260
[ 1946.696423][T24947]  ? kmsan_get_metadata+0xfb/0x160
[ 1946.701912][T24947]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1946.708043][T24947]  sctp_sendmsg+0x3910/0x49f0
[ 1946.712981][T24947]  ? kmsan_internal_poison_memory+0xa0/0xa0
[ 1946.719361][T24947]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1946.724653][T24947]  inet_sendmsg+0x26c/0x2a0
[ 1946.729435][T24947]  __sock_sendmsg+0x278/0x3d0
[ 1946.734444][T24947]  __sys_sendto+0x593/0x720
[ 1946.739356][T24947]  ? do_futex+0x3a1/0x480
[ 1946.744255][T24947]  ? kmsan_get_metadata+0xfb/0x160
[ 1946.749641][T24947]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[ 1946.755802][T24947]  __x64_sys_sendto+0x130/0x200
[ 1946.761112][T24947]  x64_sys_call+0x3c0b/0x3db0
[ 1946.766131][T24947]  do_syscall_64+0xd9/0x210
[ 1946.770902][T24947]  ? irqentry_exit+0x16/0x60
[ 1946.775736][T24947]  ? clear_bhb_loop+0x40/0x90
[ 1946.780725][T24947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1946.786913][T24947] RIP: 0033:0x7f701938e9a9
[ 1946.791648][T24947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1946.811566][T24947] RSP: 002b:00007f701a1c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1946.820547][T24947] RAX: ffffffffffffffda RBX: 00007f70195b6080 RCX: 00007f701938e9a9
[ 1946.828738][T24947] RDX: 000000000000cf88 RSI: 0000200000847fff RDI: 0000000000000005
[ 1946.836909][T24947] RBP: 00007f7019410d69 R08: 000020000005ffe4 R09: 000000000000001c
[ 1946.845138][T24947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1946.853364][T24947] R13: 0000000000000000 R14: 00007f70195b6080 R15: 00007ffd45110608
[ 1946.861685][T24947]  </TASK>
[ 1946.865255][T24947] Kernel Offset: disabled
[ 1946.869750][T24947] Rebooting in 86400 seconds..