last executing test programs:

39.135543787s ago: executing program 3 (id=467):
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_tables_targets\x00')
ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB=',\x00', @ANYBLOB="6e6f6465636f6d706f73652c6465636f6d706f73652c6e6f626172726965722c6e6f626170653d2753a91c030000006f6d706f73652c7569643d00000000", @ANYRESHEX=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x5ec, &(0x7f00000012c0)="$eJzs3U1rXNcdB+DfHY/14oKtJHbiloBFDG1TUVvSuKnbTd1SihahBApdhYCwx5HwWAnSpFVCKer7th8hXegLdJddIF1k1a670jYUutdO5d65I00sWZYsxTOqnwfOnHPm3HvuOf/7NneEmADPrYWZNDdSZGHmzfWyvrXZ6mxtth72y0nGkzSSZi9LsZIUnyV30kv5evlm3V3xuO28/sWlT6698/nbvVqzTtXyjcPWO5qNOmU6ybk6P63+7p68v2Z/hmXArvcDB8O2s8/GcVY/4XkLjIKid9/cZyq5kGSi/hyQ+urQeLajO33HusoBAADAGXVpO9tZz8VhjwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOkvr3/4s6Nfrl6RT93/8fq99LXT7TPh32AAAAAAAAAADgFFzbznbWc7Ff3ymqv/m/VlUuV69fywdZSzuruZH1LKabblYzl2RqoKOx9cVud3XuCGvOH7jm/LOZLwAAAAAAAAD8n/p9Fvb+/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKOgSM71sipd7pen0mgmmUgyVi63kfyrXz7LPh32AAAAAOAUjD+h/dJ2trOei/36TlE9879cPfdP5IOspJvldNNJO/eq7wJ6T/2Nrc1WZ2uz9bBM+/v98X+PNcyqx/S+ezh4y1erJSZzP8vVOzdyN++lk3tpVGuWrvbHc/C4fleOqfhR7Ygju1fn5cz/WuejYaqKyPndiMzWYyuj8cLhkTjm3nl0S3Np7H7zc7m/hfJIO6WYX6jzcj5/HumYzw8cfS8fHvPke7/899JSZ+XB0v21mdGZ0lN6NBKtgUi88lxFYraKxJXd+kJ+ll9kJtN5K6tZzq+ymG7amc5Pq9JifTyXr1OHR+rOl2pvPWkkY/V+6V1Fjzem16p1L2Y5P897uZd2bucHuZXbuZ1bmc9sZgf28JUjXGkbxzvrr3+7Lkwm+Uudj4Yyri8MxHXwmjtVtQ2+sxelF0//ftT8Rl0ot/GHOh8Nj0ZibiASLx0eib/tlK9rnZUHq0uL7x9xe9+q8/I8+tP+u8TESefz9Mrj5cVyZ1W1Lx8dZdtLB7bNVW2Xd9sa+9qu7LY96Uwdqz/D7e9pvmp75cC2VtV2daDtoM9bAIy8C9+5MDb5n8l/Tn48+cfJpck3J34yfnv81bGc/8f5HzZnz32z8Wrx93yc3+49/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE9v7cOPHix2Ou1VBYUzWRj/9U5lVMZzxgqPvQIM+8oEfNVudh++f3Ptw4++u/xw8d32u+2V1q251hu35t5off/m/eVOe7b3OuxhAl+BvZv+sEcCAAAAAAAAAAAAHNWz+E+DYc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONsWZtLcSJG52RuzZX1rs9UpU7+8t2QzSSNJ8Zuk+Cy5k17K1EB3xeO28/oXlz659s7nb+/11ewv3zhsvaPZqFOmk5yr89Pq7+6J+yt2Z1gG7Ho/cDBs/wsAAP//y6MMbw==")
rename(0x0, 0x0)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
ftruncate(r2, 0x2088002)
preadv(r2, &(0x7f0000003240)=[{&(0x7f0000000100)=""/7, 0x7}], 0x1, 0xffffe53f, 0x0)
lseek(r0, 0x5, 0x1)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x12)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x13)
sendfile(r1, r0, 0x0, 0x100800001)

35.279829694s ago: executing program 3 (id=482):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, 0x0, 0x0)

25.71832422s ago: executing program 0 (id=509):
io_setup(0x3, &(0x7f0000000140)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000a40)=[0x0])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r4}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
r6 = openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0)
write$UHID_CREATE(r6, 0x0, 0x0)
r7 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGRAWPHYS(r7, 0x80404805, &(0x7f0000000000))
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7ff, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)

24.527885575s ago: executing program 0 (id=510):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
close(r0)
r1 = inotify_init1(0x80000)
fcntl$setstatus(r0, 0x4, 0x2c00)
r2 = gettid()
fcntl$setown(r0, 0x8, r2)
fcntl$setsig(r1, 0xa, 0xe)
rt_sigprocmask(0x2, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0xfb, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x3, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x80}}}}}]}}]}}, &(0x7f0000000740)={0x0, 0x0, 0x34, &(0x7f00000002c0)={0x5, 0xf, 0x34, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "b0a79eda64613faa1f00decb70c3164d"}, @ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0x7f, 0x0, 0x2, [0x30, 0xff0000]}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x9, 0x3ff}]}, 0x8, [{0x6, &(0x7f0000000300)=@string={0x6, 0x3, "4e0f2362"}}, {0xfa, &(0x7f0000000340)=ANY=[@ANYBLOB="fa0302c3c1815afa87d74ed6e8830d0514d6b0beb5d72add92a0c2c819da979433ffe4228a3f33e3dff7dd2319cfd05c8eab9e25cce5f209bec81241e0ad2ebedcff20ab62a436c77dadb51e6bc62cfc2bf61a8fb4d04b595811a8abecd09b643d3b1f5ea32416b59a2e5f02a66a9aa2d8bf2983f8241b1e746d7c79335045765d2c6bc21916e35d0181071eeddaecb5ba0b760d4fefeb6cf1391707b23bd037289596ed2e007d16b090ced1953e03fba99d765aa5029d2f809176df8ca5b64e86021ad9a3668e88cbbd5e9dbd5d6366660fe0c0d90f413b27b37727f7b8774b65a0bbe7e6eb09c2aa8c180f59047c62a04302a1677c774e5ba0"]}, {0x0, 0x0}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0xc04}}, {0x4, &(0x7f0000000540)=@lang_id={0x4}}, {0x4, &(0x7f0000000580)=@lang_id={0x4}}, {0x0, 0x0}, {0x0, 0x0}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x34}}, 0x0)
inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')
socketpair$unix(0x1, 0x650dc889f5ce8ba7, 0x0, &(0x7f0000000080))

21.308579886s ago: executing program 0 (id=518):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000680)={&(0x7f0000000600)=[0x0], &(0x7f0000000640), 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={0x0})
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0)
recvmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000bc0)=""/62, 0x3e}}], 0x1, 0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$netlink(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x10, 0x1004}, 0x10}], 0x1}, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, "00050000000000000000000000000700"})
r6 = syz_open_pts(r5, 0x0)
r7 = dup3(r6, r5, 0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000002c0))
poll(&(0x7f0000000480)=[{r8}], 0x1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'erspan0\x00', &(0x7f0000000300)={'syztnl0\x00', <r9=>0x0, 0x20, 0x700, 0x8, 0x6, {{0x6, 0x4, 0x3, 0x0, 0x18, 0x67, 0x0, 0x0, 0x0, 0x0, @local, @private=0xa010101, {[@noop, @noop]}}}}})
sendmmsg$inet6(r4, &(0x7f00000006c0)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000000c0)="f529a2881a62aac20fc784dd11b17ec981c5e782ed725f0efd318e717577ccd2eef8973748bb3cfdece922c56ae73df61cc9dcc1dad437733f3ad7708873365af8f294d37060ee29bd6afac44c82fc91e854796c3e3f8e4ce3a2e2c4a174f69c235b47348daf9d69ed1c1de13e12ca5aa5c1770b22ea115314803c583f9837aca3", 0x81}], 0x1, &(0x7f00000001c0)=[@flowinfo={{0x14, 0x29, 0xb, 0x4b77}}], 0x18}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)="49f325de1796d6491ea9c0f1b54fa7", 0xf}, {&(0x7f0000001840)="2f6e5afa9de5cfa8cba0ed03163e5a33aee1984220ad4303934ef9cb0b2afd64a0885fe86dff09f28d5ab647e5ac6d8afc721c64abdd1ffe3f7e956a03f655c5b22d792ca31d53e947ca9bbb57a37d15224254f2f6ea1f491effb8610ac2eecda50cba55facf6d38054828f3e0447df77e219c2d72054fd4117338ef3fef9c821b352c0d209a4084795e12fdbd83f06a5cc222525ca3f9b1e80c035cbfb20f52a5e0c21c0a93972596491ae81b24959ea23747715f65116282bb5fe47bed0f3697d88343b9585e2e99cf86b7ddaf0907733a7574869392d83f303c44afb3247ba0b80e2576d05da1948532ce02dd64b3e89462e1be09881d4f8a092fd79b2e69aef74034c4c60640f23bd4185745b76a512215f3333d90e4fdb62952a97d48cb8e849a601e0270aa351be1889562cf1d54ffa051b8cb09e81055aea2d67500e34aeda6834cc713e1a7eacac90fb0c7e30ec18544e7023bcd9f07af90e13d9728fbd304e62f65aac88cc07e035a92715d789c62ec9639a6510e01ac96c422f1738769e40c704c3c458cd0605fc874d211599829ccc2c8578ac8c408201ce27f802551b5396ee89deafa16f89d30b3b9d721fd244e1f924a8b8c183f438aa43ff84964470ef53d77c3e14c3c24cbfeda8196a6d5b5d12acdd6fb6cbe7e4f15f7c54370275f974cfe7a16354c0621708df8b214f849fce658d1d8ef7e2462d54dc4a21251ccdb83560b1ae1735da844d96df8fadae31688687b368e5f2f5f8cd36708bb103211157ca2ae585beac9b5a032dde1991b9c764109e2e1bebdc24c0b535f330b2bae307892b52c42c1b21f6826c262847ccd6a70d3d35c3972b257ccf75169bc2329b7aa066e8d0ac6cf3c70460a9415249372693d16868b8a2e58f712e6d785d0ec9f2b34acc448914332acede6a4cd8fe98f4a7bc4223b64551e39843fd3c4cce915b19e5564805fc399f7a1c37943ab238d31bce9b378025f1f815ee3db521e1d8dcb50d3b40c1f88089cbd19e592b91345128836193b7b146781f5b7c2b3f64f12af47340d697c023f7f548766c3830390fde7861a920bb930c333d9753002dc940cee1af2d79949f874effce983b032ede6d8c67ac5ee4ab87b71457c3e933c74b7024abc463cdf699347a17e2f96c5a3edbbd3eb9c0a9dee3041eaeb070febfa18d68e14afc09a26fff3e7c214c934374ec81dbe5b1a5de089171d02964943d4ab630ea77490b86ac21d19675def61ba9ba8bc97e0b4441707ffcba4f43427041d9e59f70f21edfd764b1187293d9bf6873c895b661e074415f6db8c281a56fc71f1658eec4b151c024845c517acce24e351a604f4619d5bc2f374c75f7211ce55be7d68b6d395d17df9fb46c8e857c4ded9517f4ad041797b2426fdf20305508b9f59977804efe679db8ee08e76bfa79c770c3d2d855e81c0a5a53da0326ca07bf7fe7eb7c3bf7207e430fdc35094271f98065a36623e88f0bd5443f879eda9b0c725039e91ed253911171b3110bd0a4ab26e093b9552d72ed7b8c9ddc6e3c41d04f11ff1bd7a2ae7e255e23504f643cbf0c60c381296e7eba106388ef04d8a4368a9901b045e374d8212f7e6acd2ac4fe2f26dd7d41c8cd1cad82a996e04dd5c4a011881aa69e449e4e164c091ab690dff8018b4d26df851d57f1cb2d76d14883c68cc1c183e706ad8585f08f584c7d0444e9f009fa2e11354b102e84163792b51deb1cac49e0da2cc878aecf2e57a0c6c4409f2e42b8ce364d18017b48783f88b9d99118e02ed6761c8f48ddc9250cb4fc195fbcd23296ab9ae53ad778c7046f2db8c9cf11f5622831ee9e9c3c09d5d64aa768116e241d0ebc0831ce1dd5f77f34c1379bf6ada4509a3e7fd0bbe0032e7e0617fb3f96e1bf1d3cb1281226c517fbfd7853dd5d22bb63e7c4de057e0aba41e842baaee3e5dc05885e412990232e6e39da6810a0ad7e78b89e9c1dd33630ae36f7f66bcd9a893fe508a222189ae9a9f38aab63eb0d3734808c05f12f29930359e221f989a2533d0e874ac8cc43f9b132fd94ff96dec389893e6e70ebbdda5fbc4e679f9c88787dbefa84cca302adeecc230b90a64fe2dbb0ef14afbfe22e8e9be650fdba50c6d717cbe13f602186563542ae0e2a1d7f5ebfabeb3aa0fbf82e604b818d218e442edf00ee4d9044231deaee010ea2571b07ec5ff7c9b6fc2ecf6d0ee3a4de149974b7d5cfa91155cdacc614916e8603acc32886b73a5bb39c97397e3ba38e6fe6c0696ea035c499f8c7e58666f997249a9d26142d129bfe45ebced5de3be9577d0f4deaeb981d2d8a923d547eb1df5228ebe1bd57939b99b39401a00e409fac82c2b8303d76a8efa890d81006c8cf6eac0af3060482c6c3b1ca3dacdfc8d6d888c3d26cea42330f68b50275c9d497f7c7b1505ed6af057b405a84c416f37e40ef271268333725124873617c944b0464a9a7fc19c7af819121c4bc3974d45dc2fd757557df627584923006b69cff3248aeed2310e6a7c0402997d182698d9337757119ed12bc7334c284e031df6893df03ca2f6e693aba94990d1df4d82f1fd7923b2670763f5c7c1a09dc1948c47f0add122377041759d81a1e3bf4575a3cbc40b4d493df3f79d47d7638426e6a89f48c76194737d532899602179268998042cf7fc7fd9ce426fb1c0ea59de7c39e11995badda26e57df378320a4ec2a2ceee1e311dafcb3d9b1ace84cb9d96bbf4f046c13298fc1d79d75daea8c34f9dba7e8be8cc1b283b57eecfbf42818a3ceb923c6088a072684ced4140f7bd24adba740d400fa18866d223e98a34ecd4c7a0fcc9a7c5be86166d65b07f6b57e861e59da49eb0ae3bd04a7b3b154f57ad5fd194f78df18b490e8c0887fc1228a016918585ad646dd9a2ebc9f15c857671f05c56b0feaf886dfe7a5d847ec347d16be10c5cb2c4a43b0c3d5873553019857e7f02b3532a4b1026217afaa5f03d07032545d1e4de04a67448e03e5f50da027167bc0af060bfce703b71f2edb1b9df8ff8ce236b86f784c819659780e018a10af0ab5aabdfcfb753d045ca891d9932c5e8379641316d83484b3b903e46abbd48a67ba136b7c4ea16e127a1f8030741252bebb0b03fe2ceb0b7629f33350fcce6c2450ba20ce93db429adca8e8520cd738468a18a5b74389f85d78f8e95667f040fe35fef0d673523f095b7eb3a433d746433bf81d7f3252ef615f6989f6220a7c091989794c530f2a40c3578c22f2084286a58c9eaebcd8c0df4cd8a71dc0d481e6936e60c3b1cdf1e3c147610ac79f0314b8dd366e2bf9310c2c0f5fb5792e5d09ab448cc8c53ccad6f1d3f9ea4edd3316c8838ab09ad85aab3aaf15c8d3c494bc42304f5b4ac76b462781fd1ba5795b8dd2d24ed737c41a4fdf6e31f9122636f0c9842d9f0323f6ca262a575c837b0e282d6712c460f13cfea5f9692565db1c0b549b9b83584dd206549cc32adf5ea04f73085da870463fb6e9dea4a6171cb29a851c9f767b8013a5d74a6c5ada95d2981c4d3af99cd54af35ac702c7cf46b851db44f547269a682fe0989cd68193de21e146d9ed894d03ecf1a8388d0ff2264baf4f21ac4109ef643c4af6bef0fdb165c7a54b2bcf088e163bb880a4c5c1c1664dae17a6d541a695f35b5479679b7bc2bb9468784a1ff02f7b65962f5641aed0ae34381ecf92cf8c1422c4dd3b97873852964e7085cae37e8746c973bf4cf6838ea79c3f408399e32bfcd19fca3ddded1719762df679830b5cf0d8643aab3ec69dbccbd4b71f69f397cba2ae10d137fbbbf5cf704fc7f97e00792cf0b36a6c3a5e5f0cc3c7c208eba904fd3a9698307929a27be6eb9cdbd5eb49a96352f5d961ff7913599073fd5fe4c5f9419f16a894d03e8c17c2fd166d1de64bf76a8a9f8743da49366edad9a69ceba196f32dc931b6ef5acd7baa4d2133c50258aa0bfa99354dc3288ff85f7e0c71d8ac9f61b0e256b24d4e984c8018576f9bf28d5c22021fe874de0711a26bbf240a8d7bfe074b7ef2655a2fce9e1e8dddb2bc6aa799b1c1ac6bdcca8a284cae2f0ac9069d85e9c8cbb46a70bff32ff59e19e6e7b8a1a1c1cce2a180af0aa7d51369bb7b02d29c102d5659170163e5bcd21991734c24715b77dd28fbe85c4552befb9f033ebff7a4d32bf6cde82b9602f7811cdd6ddae23f48bd95ac1a9deb51f9647acde78134bde90fa79c226e439abecdd1fe2b5473aa79fec6ae56e30356e8644fdcad83ab334d504a1eaac3dccd15be0b67d5067118fddd8f3bb9c73d987542cf7379b2ccef559fa927abd97ea0051106720f381ecd5272b21b4db1a2bdf7efe1b64a5b6ea192f5346eceae495cb018efc851fc36fef529c8ceabf25763c4c9768760f53f4f5ae110b45105fd32c1ebd9d33450e38f74398bf598fd7fb72ab3334f48c97bf89a99f529ce761af4e6bc19bb2de83538ea78f5746023307aeb5d0ae4991d69470df8b1aa0ec5455f56b82f7c3c681f4a27d32b9abe975641114b812def0edf06c4f02847eb17d8abe9ed51e1b20e6d2bdcf1fb899d7540b9c7d4bcb464a52d788eb9425f8f9825311b6d23c6c46a0fdc5928502a360599406c5e980fdc186b8c21a6f43f316140f32f4d9ffa1b742168fe210869889e5ba770c4cfdc9ed0c266e86e2d563437c7b7c465f63adfb3112cfb18666c309682839e40a79ea28962c049385d4ff7229ceb675a42d78fab5ae7b4ec85a76b2d930e56f1b70670e6cd748b0debc5e5180f3eafbb340026e8381a999050eb8df8a1e9d358de069d6606d2e942b53643b93144b9825e3f4ae1fec8bbc328ee894d828bcd925c7b6c0f3ee785381042f5797b9f16deea67069b3d51bbebffc34d7984696ae3342d8487e711af8202f939dd2534f3cdb529c7a0cf8c71a1bbb27037c607b5b2f4ef679bd739e04762ba7dcc6adfd2aebc75550667f95a3039f269376e389bd6e82698617b3c32b240518d1cc26b59fed2e5334d74e36a49a2dc9c77b4feeecf51ddba1218f493f5eff0951ea152288ca13cb780100b247d1a47f31f89c11b3e33ddbb1370fa3ca2b588da73314151703fd2f31633dbbe0fe6b432fa798550b737ef5b3adfa738ff0a306b47fba8cd61588d0de2ffca521a48a58d22b184807e2eadb3f3d78db943b7fcc40c99a7fadacaee3fbb3358459c5d02e7e57728339b39a89ab88390beef31f79dd2a933a4bd5bae78a20e34104e07bc344ddd40698c654a5c46eb9733cc9f51c94bac465543b7697e67175b4b3b779af7b8944fe8271cfef242996a2567ca89298a2cacc4cf6e21d89cd4c1b2d5bcc3dead47563cdd925593be4d74f10cda48b8af96c4f1ca53258eb8aba30f5e4dfee8e45dd3b7db2bc2f4135339d392918df474229dec40b103ec273ef4e68f7f8c66d6d76826e54006e2e4f99ec567dcaae01851a42e3f05f748cbf0ca238ccdeb8e73b39e9fea7f1beb5ea35482b34f181572eea9d3efb253647da3dec9406892cfc6ef6b6d9d3ef75dd049e73980717cdc55da75ea76b80e60c41fd3a620afe793469037e8a2796d77a17b7c91a3eb552584d0df837573c854f5a0377c43979d2530e100245bc3cc9545179942fc14ecd4448b8cfc9e8c8b329560842783b72d496b34809f334a54cf843a019e0071bb5429fc4ed2466767e0f10a542d4e5654d6ac16f93f214bda3017845afa", 0xfc0}], 0x2, &(0x7f0000000380)=[@rthdr={{0x68, 0x29, 0x39, {0x33, 0xa, 0x1, 0x99, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x8}}, @hoplimit={{0x14, 0x29, 0x34, 0x6}}, @dstopts_2292={{0x50, 0x29, 0x4, {0x88, 0x6, '\x00', [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x9, 0x20, "97bb65cf03349dd837877403e520d9af627de9d0ae941069b38aa1a10f85c90b"}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}}}, @rthdr={{0x68, 0x29, 0x39, {0x3c, 0xa, 0x1, 0x9, 0x0, [@private0={0xfc, 0x0, '\x00', 0x1}, @empty, @local, @initdev={0xfe, 0x88, '\x00', 0xff, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@loopback, r9}}}, @hopopts_2292={{0x80, 0x29, 0x36, {0x2f, 0xd, '\x00', [@pad1, @generic={0x3, 0x63, "27cc274361cb27ffffeddc906d903e49dd10490ec94ca6126719a01a43c9d48b464ca07447a0f87c49ea24077ef7e9fbb381c339ac049edec93977c712c2ca1bfbd2d4d8992b8b806e23895128dd71abd6a65dd443f7c09bfe0cdcfc6b24088003167a"}]}}}, @hopopts={{0x38, 0x29, 0x36, {0x0, 0x3, '\x00', [@calipso={0x7, 0x18, {0x3, 0x4, 0x5, 0xfffe, [0x10001, 0x2]}}, @ra={0x5, 0x2, 0x7}]}}}], 0x230}}], 0x3, 0x0)

21.075781577s ago: executing program 0 (id=519):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x401000, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000080)=""/157)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000440)=ANY=[@ANYRES16])
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f0000000140)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
creat(&(0x7f0000000180)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
utimes(&(0x7f0000000280)='./file0\x00', 0x0)
write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
fallocate(r3, 0x0, 0x0, 0x10fff9)
chdir(&(0x7f0000000140)='./file0\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
rmdir(&(0x7f0000000180)='./file0/../file0\x00')
getrlimit(0x0, &(0x7f0000000000))

20.658612483s ago: executing program 0 (id=521):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xfd}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}}, 0x0)
r3 = socket(0x2, 0x3, 0x67)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c)
sendto$unix(r3, &(0x7f0000000180)="200000d9", 0x4, 0x4008000, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e)
sendto$unix(r3, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x7, 0xd0000e0}, 0x6e)
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x0, 0x9f, 0x9, 0xa0, 0x8, 0x471, 0x311, 0x81d5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xea, 0xf5, 0x1f}}]}}]}}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000700)=ANY=[@ANYBLOB="06000880cf99107e676166fbbaa6dac8a044239aecf7ee28c73f0111cd99d0e4da2bf8415cfdd09d5793e576b44bb0ec95c997dce71eede23c50b6ec0bb9f84e21c275373718854dc3cdba83064c64e67c757fb255c5ddd554d00f927182eccabd74dab0a5a0c56a504d87072be560771ce874383232cb65ccb15d7607a363a45f19d17b9e05314375a4ddfc347c44137b2400f19d19ca83db972d574111c71e102cdcb5d2741ef4c57c1085ddc57beb472db438cd2d894899e563fb225d62a83d8e456fe3dbea3603aec7b4d42537c974168a77a00866b9558405463fb177fa151b6f446a85d658740e66", @ANYRES16=0x0, @ANYBLOB="000000000000000000001300000008000300", @ANYRES32=0x0, @ANYBLOB="0400130006001200000000000400ac00"], 0x2c}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="b9800000c00f3235000800000f300fe095a6520000b8010000000f01d9c402d53b9e0700000026f047ff4d14f30fc775ddb9c5090000b86c000000ba000000000f300f08450f01cb4a0fc72b", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000380)=ANY=[@ANYBLOB="010000000000000001000080"])
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = memfd_create(&(0x7f0000000080)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xb9\v\xb5$\xee\x84\x1cn,B\xd5?\xe5E:+Pm\x1d\xb4\xb8', 0x0)
pipe2(&(0x7f0000000240)={<r7=>0xffffffffffffffff}, 0x800)
splice(r7, 0x0, r6, 0x0, 0x4, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)

19.699839427s ago: executing program 0 (id=524):
r0 = io_uring_setup(0x30d3, &(0x7f00000000c0))
socket$qrtr(0x2a, 0x2, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
connect$qrtr(0xffffffffffffffff, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r1, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x38, 0x0, 0x0)
listen(r1, 0x20000005)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

19.191413271s ago: executing program 3 (id=485):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket(0x1d, 0x2, 0x6)
getsockopt$nfc_llcp(r0, 0x6a, 0x3, 0x0, 0x20000071)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/15], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r3=>0xffffffffffffffff}, 0x4)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r3, &(0x7f0000000000)="a4", &(0x7f0000000040)=""/100}, 0x20)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r3, 0x80286722, &(0x7f00000000c0)={&(0x7f0000000080)=""/52, 0x34, 0xfc000000, 0x7fffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f00000001c0), &(0x7f0000000300)=0x4)
fstat(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000600), 0x40880, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@cache_none}, {@version_L}, {@dfltuid={'dfltuid', 0x3d, r5}}, {@access_user}, {@msize={'msize', 0x3d, 0x8}}, {@access_client}], [{@pcr={'pcr', 0x3d, 0x11}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@hash}, {@smackfshat={'smackfshat', 0x3d, 'GPL\x00'}}, {@measure}]}})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r6, <r7=>0xffffffffffffffff}, 0x4)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000940)=ANY=[@ANYBLOB="400100001000010000000000fc000000000000000000000000000000ff8cc200000000000000000000000200"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc000000000000000000000000000001000000006c000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1c}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xffffffffffffffff}}, './file0\x00'})
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2006000000000000000000000000000000000000000000000800010000000000cddf0ded05e5ddcdfb9b8a864017645bb4273c73d64792c348445fa2bf56995a3022a78ba4e563"], 0x20}}, 0x0)

18.997573298s ago: executing program 3 (id=529):
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x88700a, 0x0)
umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
getpid()

17.363788772s ago: executing program 3 (id=531):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x3, 0x0, 0x0, 0xee01}})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
shmat(0x0, &(0x7f0000ff9000/0x4000)=nil, 0x7000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'syz_tun\x00'})
socket$packet(0x11, 0x3, 0x300)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mounts\x00')
r4 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x1}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x2004, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)

15.327833719s ago: executing program 3 (id=537):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
keyctl$clear(0x3, 0xfffffffffffffffd)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000000)='logon\x00', 0x0, &(0x7f0000000300)='\x00\xb2\xd1)\xda\xff|\xd1\x85b\xc977\x00\fJ\xfc\xb4\x1e\xae\xe8:`\xe9\x9ew\xf5l\xee\x8dg\xc2\'\x88\xe9\xf3\x05\xe02\xe6\v_\xe9\x89\x86s\x8dh#%\xe4\xb1\xd0\x93\xceh\xfcsP)\xd9\xce5+?\xc6\xf7\xc0[G\x15\xde-x\xa9\xe5,\xec\xf6\xfb\xc9~2\xa1\xeb\xb3Pp\x93\x90\x17\xb2\x95\xe7\r\xae^\x92n\xbd\xf3\xb1\xac\xe3sf\xc9X\x05j:\xb6~\xa6#\xbf\x06t\xf2\xb5gd\xd7\xcc\"A_\xecu\xe8<dR}\x8e\b\x16\x8c\xa6\x01\x11\x97S\x99k\x1e\x03\x8e\xea\v}+\".\xda,\xfe\xb7\xbf\x01T\x99\xbdF\xd4\x925[\xd1\xeb\xdf\x98\xfa\xb0\x93\xc3>\x84\xe3\x92J\xaa!\xae\xa2\xd7\xf3\xc6J\xb9i\x9d\xb4{\xee\xf0|\xd9\x05\xaa\xbb\xfe\x12\xa0\xbb\xecY\x0f \xa3\xba?#\x90\x8c,nNQ<pCoa\xf2\xd1\x96\x8f\xf3>\xa1\xedsa\xa1\x8b\x12\xad\x88\x8a+~U\xdfhR\xf8\x1f \xa8e\xbc\x17<;N_5\xd6\x8f#R\xa0\x13\x18\x855\x8bP] \xfd\x80wj\xf5\x90s\x91K\x85\x0e\xafX\x10\x14\x85u\x98uP9\"\x1aG\x8e\xaa\x02d\x05\xeaD\xaez\x84/\x10j\x88z\x16\xb1\xfeX\ny\xd1f\xf4w\xff\xac\xb27\xc1g\xca&4\x10\xc9qI\xa49\xd7iRZ\xcf\xabg.\xba\x02\x83?\xc4e\xdb(\x8fAj\x9a\x17\x13\x06\x8cW\x84\x06\xb2\x8e\xfad \f\x98\xed{\xd2D\xd5@\x1b\xcf\x00\xeck\x19\xe4b?\xff.\xa5F\xec\xe8\xa6\xbe\xadOy\'\x93z\xe6Tp\xf7N\xa1~\x95\xb9\xb7-\xa9\xb1K\aND\xfaQ\xb2\xea\xfc\x12\x96\xaf\xe3\xe3\x05T\xe8T7R\r\xcfN\xa5.G\xa0d\xae[?+\x04W\xbe\xa9\xab\xb0\xe5\xa6Y\x82\x7f\x8ac\x90Y\x1e\x8c L=\xf0D\x06\x91\xd7\r4y\x946n\x149-\x90\xfe\xbdrFa\xc9\xcf\xdf\xd21q\xe1}\xc2$3|\x94j\xd2X\xdfa\xc6\xb7!\x18\x81rs\xb9\xdc\xecI\xc2\x024\x9a\xe6\x9e~\xa9\x88O^.\xb7X\x83\xc6n%\'$e@\x85\x8ek$\x0fg3\xbd\xfc|%\x0e\xe5\x9f=\xf8\xcb\x7f\xea\x8a\xe8=d\xe47s\r\xa1Q:\x9e\xfb\x12\xd5sB1\x88x@G\x8b\x97\x1a\x84\x8f\xd7\x83\x8a)+\xab\xc3\xa8\x99\xe0\xab\xf9\xc4\x81\xb4\xce\x00\xf1\xd69|\bM\xaf\xc7\xd6=\f\x9a_\xe5J\xfd\x82\xa5\x05\x10p\xf1\x18\xeb\xe1\x1f\xd3\xf5\xb7Y\x9a0\n~%\xc9\x82\x85xX\x9b\xbf\x8c{\xc9\xca\f\xeb\xed \x94\x05\x9b\xe0\x1e}\xb9~\xec\xc7', 0x0)
close(0xffffffffffffffff)
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
unshare(0x20040600)
syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0xe0183)
syz_clone3(0x0, 0x0)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x141042, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000200)=0x12)
ioctl$SNDCTL_DSP_GETBLKSIZE(r3, 0xc0045004, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

5.754000146s ago: executing program 2 (id=564):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b701000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$packet(0x11, 0x0, 0x300)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r3, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x62)
connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e21, @empty}, 0x10)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
connect$llc(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$llc(0x1a, 0x802, 0x0)
recvmmsg(r2, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/180, 0xb4}], 0x1}}], 0x1, 0x0, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4)
sendto(r2, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000ec0)={'netdevsim0\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

4.630900335s ago: executing program 2 (id=568):
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = dup(r0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000200)={'tunl0\x00', 0x0, 0x8000, 0x8080, 0x4, 0x7, {{0xb, 0x4, 0x0, 0x2, 0x2c, 0x64, 0x0, 0x20, 0x2f, 0x0, @private=0xa010102, @multicast1, {[@ssrr={0x89, 0xf, 0x13, [@empty, @multicast1, @rand_addr=0x64010100]}, @lsrr={0x83, 0x7, 0x42, [@dev={0xac, 0x14, 0x14, 0x34}]}]}}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)=<r2=>0x0)
r3 = syz_open_procfs(r2, &(0x7f00000000c0)='pagemap\x00')
ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000680)={0x0, 0x0, 0x98})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
shutdown(r4, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xc, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
open(&(0x7f0000000700)='./bus\x00', 0x4000, 0x3)
syz_open_dev$media(0x0, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB="2c8a000000207818aa6eef3d", @ANYRESHEX=r6, @ANYBLOB=',\x00'])
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384-generic\x00'}, 0x58)
r8 = accept$alg(r7, 0x0, 0x0)
write$binfmt_misc(r8, &(0x7f0000000180)={'syz0', "daf4be90af749c8d46dcb7e30b4c5dfd94bbdcac29d23d09fbe881263f210b6a82e1d37a0fe9132485ee78e801eee1be6a13091a426b7209133d9ea57b01283233f019e4fda56e06d4ca892ba1bced899151b22a779ac62b6321b455e7e884d99ab50621"}, 0x68)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000000, &(0x7f00000001c0), 0x1, 0x522, &(0x7f0000000f80)="$eJzs3V1rZGcdAPD/mWQ2m91oovaiCn3BVrJFdyZpbBu8aCuIdwWl3q8hmYSQSSZkJnUTimTxAwgiWrzrlTeCH0CQfgQRCnrjlagoRbd6sRfqkTNzZuNkz2xm3MyMJL8fPDnPef3/n3k5c16e3RPAlfV8RLwZEVMR8VJEzOfTS3mJk07Jlvv4/rvrWUkiTd/+axJJPi1bLMlL5ma+2vXOoFDz6HhnrV6vHeTj1dbufrV5dHx7e3dtq7ZV21tZWX519bXVV1aXCtaeHrqdWbte/9qffvT9n3799V9+6Tu/v/OXW9/N8p3L53fbcdE6r0k5ey0eyrI/GEWwCZjK21OedCIAAAwkO8b/dER8vn38Px9TQxxbJyPNDAAAALgo6Rtz8c8kIgUAAAAurVK7D2xSquR9AeaiVKpUOn14n4obpXqj2friZuNwb6PTV3YhyqXN7Xpt6VqnT+1ClJNsfLldPx1/+eF40tMH+Ifzs+35lfVGfWNylz0AAADgSrl55vz/H/Od8//HuDe25AAAAICLszDpBAAAAICRe/T8//2J5AEAAACMjvv/AAAAcKl94623spJ2n3+98c7R4U7jndsbteZOZfdwvbLeONivbDUaW/V0JmL3vO3VG439L8fe4d1qq9ZsVZtHx3d2G4d7rTvbPY/ABgAAAMboU8998NskIk6+MtsumWvZn6k+K+grAJdGaZiF/zi6PIDx6/cz/6jpkeYBjJ9vNVxd5c4gmXQewOSctwPo23nnVxefCwAAMBqLny2+/z99em0AuKSGuv8PXCqD3/8HLhv3/+HqKjsCgCttdoBlztz/P+0uMPD9/zTtsy0AAGBM5tolKVXye4FzUXqQdsRClJPN7XptKSI+GRG/mS/PZOPL7TUT/2gAAAAAAAAAAAAAAAAAAAAAAAAAAAaUpkmkAAAAwKUWUfpzkj/Qa3H+xbmz1weuJQ/m28P20wHe/vHdtVbrYDmb/rd8ekTrvXz6y8NcefDkcQAAABiV7nl69zweAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7Sx/ffXe+Wccb96KsRsVAUfzqut4fXoxwRN/6exHR3pecikoiYuoD4J/ci4umi+EmWVizkWfTEj4hSRMy2sxh5/GfSNC2Mf/OJo8PV9kG2/3mz6PtXiufbw+Lv/3RenlT//V/p4f5vqiB+tuf5xIAxPvfhz6vFc2Y686eL9z/d+Emf+C8UbbLgRfn2t46P++WWvh+xWPj7k/TEqrZ296vNo+Pb27trW7Wt2t7KyvKrq6+tvrK6VN3crtfyv4UxfvDML/7dL/5H9yJu9Im/0Nv+tbPtfzGrlPtt+dS/Prx7/zOdavnMJtrxb71Q/P4/3Ru/56XNPhNfyH8HsvmL3fpJp/7fnv3Zr599XPs3+rT/vPf/1vlNb3vpm9/7w4CLAgBj0Dw63lmr12sHw1dmh1vrvTRN/+dYQ1ayo6M+s373k07Dx5HGYJWn+qX6/1x5Y5iF05kn/rCp9FZK/T/hF1SZ6G4JAAAYgdOD/klnAgAAAAAAAAAAAAAAAAAAAFfXOP7HsrMxTybTVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx/pPAAAA//9BiNVl")
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000001c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000040)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}]})
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

3.808027887s ago: executing program 4 (id=569):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f000000a400)="4e5350994ebf71ce3049a58c5d050078bf16b0757a4c27b455e2a547739587dd3380b5df8f40a0696c5bd6cdb672cffe4d870c5c90ca92095b9ebf3e92fe31d8cd74275d857d34a74f7eecc7fac15e2f148d4e9d47bb45b858bbf078999970d180f28d7b2cefd92635d45a563d9229c9fd770efdc0848e52fa5efd9a7e5c94a1ba94b4b7c7507f8b0819bb20910f9f50a83a010abbe126dd9f6a7b84eab6b0d5ce78d2ade77a5f7e4e997df1d03ffab4b4c945d803e4457909013127a98769c938c237f37263bc509a42bc56ff2dbf80e847e2c407009eef94f18e1e59069d62298fdbadae007ffbdf403c5049a4530ac0abecceb5608da02754c9a575af52c0b7e41226e2d642a814861c4310c935bcbae413516dde2132652b39c7aa0218a6ce65dabb4494965209ce879ba7e7e59039db5c1d36d6a7f86d72dd59954fd6f46124a2506b245a0db11aa89d2feb312a6596ea2fecaa7b6021f37a255f628da7ff6b6c36b514d3b6be34e505f9dac6acfb888198004699fb350ac93431533554658c4957df36703591438d6488bc03dd8290a75ebb367a481a50e79a46b04d005649cabd79e5c6326c066bc2b6fc5febb87ef66d832ef31a16c2a450a0b990fb549a5d810c928d1a81fa1dc795db2607ac7d46cb5716b68acdeb00987e429fe6a394632c83b43336e7b51d9cfdb50e83d8c6ba1784d9f74c16b476e048e65e7ac0af683b347d7377ac1795422e00e5bd8da9b313af83abb3348861116de7a99959169b7dff9f7d9b7a6d107f2e76670a6214a419bf8298f80eb570fa29264ba57a383c5ec5836ce33104ecaf1aec76e311280a1d2c8bd7abff3a5a242e6a637f7db63038ef5d78aca9c680d72b60da4dbeb0e1e683ddc82898647c589a81b8f92db06711d8a0af05560cd77fa7005283db71e8da21713fccd450822062b994d152aaed2cdcf0dec9c60617e15ba4df628da4e71279bf9d1eee5c7f055c27cddfdd45f9225d5d5529ef7119e2e3c9838e7362971e069be487797e949b24297de19c61340d1cd7a2bfa3880b91a71e934720a59e1e0ea992d2a1633a0852ad8addfcab73a291e35745e694a6471f429b124305886c1f79f67c78de3f3ec998c91e7fc59d26766cd446f6f0de603f2c6892e13cdaa37d9e8e118d098b6986ccd991993ec152193e7d77394b05b99e7d310c506707f1be52249438fba9615f6dad2ec7244fedf36e34ec311b7d6bee64271d6491079e161190ded7e28e2ada4307a9b2986c267b1a30d2f720ff23408011f1d589ce9ee77f981c7833656ccf7df5b3a87ec253ff7c7ef1e67ceeb10c93e3fa683cdadad65850ffbc402b7744e94cdecef9db9d264c755c53d36278df23d4c9685fdefa69f7588a33b8a64b35191ee81abcb9765577d175cb06e31c582807ff7243bfef44961fbc0f8a235242f51ee991ea621803d4dcfed90d26f004b299425bf219f6d185fe6e088ae44601b03defada18794feac93787696a5d419f09f769bc590f43d2df6a131f6895da2de120c2644685e57b1d476c6aba5881e954fb2575356452b118b942cb02b4ea0fcf8f1bbb9a23b6e32c9d0accd3dd861452a3ad77b38fe709e216974932deb5397fd8033ff0e073d93ac0b4be762bca0424d69bd57b22ba914133f87671a29498b268c2911e793215463ca2164e38059456107dcb29beedfd6277e2b41a11d1c6f1361b19875c9384f04f9c53c1856d71f360a8fafe05f7aef750ec0cf2bfcfa971c017ad071b69a18fdaf970b384d4c889cfa5a0397dbe89543a5c64e2645d6edf959aa60709ce0225fe6c3266c7ef62157ac8e78fddcd8a1f2ca5b58128218d19276885515775326aeeee0226cc810843eb05144bf8e2fe3340cf60b32cafd96d23cd7d0d3adcbdfec9a2a3d88307c362633b1c5637608ea8476d900b3f836a9734b5ecaf5e82983577128d3f74b903b0e3bf64326c1b564ae42aeeb0c07702b63a9ff74a2af6b45e5185a53f36c17bc29dfbc0ea28ca5cca43a15d751e9887ad3e6a87faacb6a278c4c8a8d21b9a77b9776f33102a6e645e99cc5cbc543ed0674282c2b9f8e5d14c2599aa9ac8f81438c77f2b9368bdac82edcdc5366f39adec9e9a3fbd55b79abc16d2ebff26b7d0c88f18b486e5836333575e3fc7808cb423b44781c57965767862922b4ff32d9bae76296843a46f430211c27ef9db168430026a5691623284dfd459dbdd1f1a6ec9bfad666507e6eacb1e2a7866da2e12e6d596d0bbb150500590013d9288af20596447f97bf1744eb9cfb244d8fca269b1fb71e14de664be4e95d83fff1b8abcfebcf3e78c1c66d28f260fb0c19f9fbcd2abbdd7dd7246e49dc25d954bf25f810a2ff6f9069dfdc62e7170fe3b0964b2ac95024256dfa3e7a426be5bb5f707fd82c2b3afec5d5dcf5bbb8fcb6dbc1b59f6c5330966c70d8b016956903a4278817414ba3652a102d7e7e37ecc79400267fc3bf7601c0731f87d479c33f100735e748874155267f708cea49d549e93cf7a398b20373dc90ad9afd56d9c77cd24e2c4a18f7130b366c7fe5b26bc4d11ca1ed1b98fa0b4d7396f82ae6593f4575d19f4d8fd586c991129e5cbe15c8bacc89c3ee15ca471dea966b5c48ede0d3ba2a7e28c75c04e6a4aa49a61f4e391ffe78eb5e40a5ef349f3aa4d15f2291cc86ec7e47ae301bf0b6083dae44b695820a893d46732553ef15ed1c16d28268d52a7e3a7e7c009d0c0708a356d3310c1ebcbcca4d7acf433e34bfc9fc115498142dcc725e7a16879c75e4c2f01c6c98b39619f3248bf530e6ee593467e38cf4026cfdc4db6296565722d587f3c580750b1453ecc141c0461495551297d88ae034acbd4f5e80ce198e6640c4c1e9501529988109cef006eb2090a6fcd974d7f60290b78f1a8ce3051ac2d69636c3219f0a6ad8c254764396a1684b2fd9805b1853525f2e640e513197283cc4d4073ac033e0539a88f08aabe1423cd40b8a7e073437d812b57a5d39a0531dcbe13f4466e89efc66c2a1e4b39a3e0b3073c9d44e6cf9b85f4df5c4e03628d05bc0f94ec04234c9eca4ed17463f190406834b02888728f625371cda75d15ec19efebd59f00ab659eb94eb88bcb2110862a369ad599610c1530fcc118f5b82205bc5215fe3623ac8ec297d8ff4eee75ace20731c5d505e6605c26203b7f754164c9463f0a6eefe3a2880b8e06e7bc66bb2adcc1a3f9b0325f5ec31d12a25f1f73c2aa6bb3a7680d786a082a63b13cce1822fa6a4b085a871ae3409eecbc1fd8661b5d52bb2b8b72f23e24a225075f272ed2ba0c6c5c693811a0ef8db6da7cfe7c966c647f0187ad223eedb1012a5b7af103e98464ac768c79b21ca45b12a52cf261de0d367442cda71c4b8ee39c94ded1b22ba06c13836cb467ebab4efea07bdf1e3de8da56a0ee6d4f848011253cc21fa421a39943513d3167b7a73e0d752b861c49814bc5410ebe53a0264f76068c91ee6ec9e2daa343482b2f0f06e605c5aaf81f2a3cd570efc2094b4bc452f9526f1bbe7b22b694fb8109a5a987fabf6250912d6099e67da9cac79e8b6f2cce4702d1f17cbc5d06c38b8a48155ec758369c185ded839fb58cd736fbb74105fe5baf44e7e3ed06843f23601b60a43b1f88fd29e9b3f58479f9b95392a39d5ba1a31ee4441ca2d1fb57c0a8678a07a724b7a65b2ab16d1da197f435bce3ef003fce27fa2f0a67c9dd6c930a4bcf59e79e57b70fa8eae6fe34972958c28b56642d14ea89bf4d7d6f7fcbcf4fda8bd08fc9fe424de4359112b11f81fbdc1505658363697713ff6e1f8ca3c4be34a79993a9091f6017cda6c7489ae5c07062555231427c3eb42a049f42d22a060983b044a7d34ab5d2b5386cca79af72396a48aad6b8dcd7855410fc6106e4a165994f26efff1e7ea0aa8f560333b5dfdb2a0d899b0fda955155f90c75effd3c9535d88508e836feb7807d57b2a57cca42d3d08fe7de60d2a33376f49bdacdd3f814bd0927f417f15ad62a10b302f1cb390aaf82b0bc6af46bbf990b6ada45ef83ce13029d167c65134e7b82b59ddfdc367e61c40defd2732ccebb1d4000f6c742df964e1fb390c255d2b1dfc745c6ab34af8096b5b67aa179e3f341854f7a69f7bf47664c832037ec7a78f8e27209e3f20f833fb6e8c0fc4a40920a5ad2b0618982ff72540009d5db82f0f5bcaed2a27f35d1e50eaa0cf8e48c7a2d43c25d0264db750a7f33b44a4bfaae576cf9ee7594ed204513899566564ed8bbc97ed18b1d8868f926a5c70ac06fbac1eade46792186be7bf8ffa3301239edd093449b7d77192782b5111c14169d2b4a1b3443ad62e4abdf11aac6a5b89a5b20ab0ad0abd949b9d64582c67ffce018e7e46de4091fcc77a65b971fc67c8d9cbf0c341ca764b1056ee5014d9865059616a525a1d46ae2fad159afe86dd1df9b8246411827e19535ca0aa9f83050b06e70aa2737f27e93d584a9cef878a642e9361efaa5d20bd8da901fa2e064656f686d3b3ea31d1d850ae9196b7764548f5c6450a32a717e09b6b7e75d43fbbda76e43a24f186d5578933f408bfa28e0435cde525fb91e71d92d704cc5a9b5e3db7aaec46d2b1f8dcb3f921f69bd7397c96a1e132c39c8f1656cea4365c779abf76199cb5b6aada022edec5c901cdafa2e7f3765af9c8b20cb1a6785085fcb0dc901367b89051bdfdc6b68c5215fd04e2b3c7e1c454a4d21132953b25c50995af0f7159a5a8d0a1621f4808f126a5bd40ddc79fed90f49925ee367a57a05c070fbe39fe2c213e7c1724a907ecfa69efe6e021c06a262471a4377f3c9809e9fee4f375e27c31b6afbb2151da86b7cab63c7b4fa4b77fb30172b9d0d78b1c0535ec0639c4910b5eeecbb5b8b5c8aa74c140e7ad347812e36db3097a7ff85c09ab2c0020202307f50efefcdb497b9c060ca68c4be54a9165b4cebc6b2e2e14e5ffb9213142418faedcdf26fd326b7672399e71cfffe3ed712ced5317c254f9199ee10c24c802d102bd8749513d3145201ca4e01bc7c8bbcf430afa541ec5665f86dfb143be648521bb0f2b029018201444787f644f8c88b79e754e6ea9c797babdaec72a9680abadf3a41684cdd57c2b6e833acc0846be5aa927f1b1b36562d2acb9ecfb758455230d050daec6748ba280a5edc86d48e3f8af0f8f4ffb18ae3cd3c19a82d504a4fd52bb62289ae8026572a497fe268f87ef4b4b5886aa07eeb698b7cbf99683f710afc9ed1f8a488883ce0eb8f7fd055b82a9fe21a409caa231c41ba151008e9658919c611e157d7f3926a5e4248532a6860e615b9c86e9fea212128d96ed58c9b84ef22706071eb69f492e4d8321ed9faf6c6a8928f86172bdc930244583ea15be497d9ce4ae79cb3e6293a8512ffaa9e8e358f3c7c7117001fb92891a40b84f9126cc3def5cde67f463bbac9668b9f56c3e4ee72fceebb47e52fc226bab213d8193516e7064459fd1365350a95c5a1c3ac44a73bbba2a4c17ebe49dd781bff1995cd706b77bb533117594ad63566f4c0730beab85ff4c713b7f10b95480fe99a0f676c51ca11116b21e87887b462aa9770e85509e4e60f198148115f0a3ce6028516a946178d1acacf7767f6be7277891369eff67762aa58f928d48b7231e44d899cea8289003349117a53d61bc27b207fdc91c9db61e677d1e1a1bc6a1b6e8564130b335233db4b5de8d62324e6d0ccb2b08c2ff922324eb8c506711142d4b8d7a21223ef0a3d534fdb0de58be95cd827152f71bdd0a82766b62b4c87536f0b7e7df343c4263187da887de6e65d11d0360e2376c1d71c367ae85edeed8f767d24c644b1a9b455ded1dc3cc224f99936a6ee66931c45e5e3db2427719ab2d5cd9c20d9bb0ec004b69bccb00649f3d8e34a3572c257de114b9f027d76bc7db9007175cc03b9e2061b6b3fe7409e009b5371544e56fe438cbd361e5b11efbf2d79d1c250a1e73ca8c601c4f4d1e3761290950421c48c7daa45965e472f5ef3c4b8597444dc5dc01cd25358055b5000617f3e7291da3413e3f0853b1271366612405c35ff1b785b984d921b518425628a533a29ab65d3c11f44c6daa86f8b6457ebb9419274c481aa6f3fa4547641670aff58b9cc62c0993d49a509f02dee755ee5f1fd2710c995c43a91c4f873afa1bbdff19427cba2641052a8f361ecbc72e8a6cf587e83f8bd3110c95fb080edc77a6d43cd58c447b0e02261e4109500c6458dce70acb17aa8f9dc1d15b94a61354164031b5d563c25d0246fc45e6401cefceb501e1468903e5d677759dbe3f24bd48ce55ff8b8f26529fb3b2d669202a1e8a498984b449b4830a0126b18f0e78182c9ce78fe0c448c0e27845b926cfde28fa85e156fa98fefaeb19ed1247c9643b447b4342c94c114d3c4c35eed4d5b49aa70e6aad45bfb557f15e8fdb2d6e3d10d8338a13fe3f187751985b37a5bb10b750f79e36fc2e2ee9bdecc3ed156e202ed7b45a94809d77edaa398042fc6a825a4848c334c557303d24eb3f8e01be06995ceb283c70272b00da61c3381628f0e372fe2fcc779ff7daf7e4b7f2686c39d3fab674b8867b62b0bf9d5cfd0c1d3b270521f55f147de75142ffd7fc9ac7e5dae7ca2fdf26a9222d060823852409dd040cfd1f66f218c6dbdaaacddab34b123af22f97384d64fac64d84fd638c96378c8f9532a11927d48440bc777ff8b8b9be88f930f3b579a713c0bc449dca3a3bd5f2efa98240ccc594299e44451dc60c6c5c9edd0d7b777912b3dc40c57e0ea5f4425cd7047e686c7304f04ba9f7b5de6ad2bd524f1d29f8802a524441fa286015adf4589431710aa4d76de8a956dc1d39c0a13abb7fc309d24222d036e204ab6bb46ef8a7595d9e4512e0b9d5f8fd719a4e3072e1d806967045789c67a1681f2a9f1f4b19f4f5e1afdafc17db7a6d5196161499e62ab4b0ec27648f3eeb1fb2b78f8ecf9b05cf9509a3b9e2a361238deb1c91bdbc8b1d11bbeb939fd9da811cd439069da0ecc00665d72357aac01f259a0325409b201859cc0569e0eba67a7a9ca7e8b78078d9370bd3e37f0571680ede60cb6bbfe69435d6ab5efd80cf051d119a7004fc0b600844d49218d844de8f521524a47ee50229c7da25e42a8639b5db225e7f23967f5d4f8a297aff04a3cbedc2985b6393a5ba0b26b6c7b4ca22d369b35b410799d1ad02825104d34f73408db1948438597931ed1c1c260e78340517bfa2f734537dbdf5ec303518ff4640efe7f7b1c2f46babdb9247ce8eabad9718a8b9ddb7a18d5e87ced554c9d6de78f85d293349590c6c32483534bc968b24a28eb54b9515589d6dd8eb51a5ad0b4d896ce92250397cbc404323fcdf0ee47ed634e0c58213bc5b35a72b21a098e11b79c061430dc817c1e0c79a5b6ed3b002979933f1b83a17f250b1bd5c4958df4d75531ca03efbda89f6a92fe08c23ad9014ff562a7f3dcde578d6825b9847b5df04dbca4f2aa52d8e0f4cf8183ce121e39b50358a9796acde0372a8ff97769874a80ab997cd889145aad4888c06963c2f5b82f53a748a6729fbc79d35c06d84e05c62e44ff78040e56ebfc6efcf0d8b49337d5a17c4041f0d5a8b616244d585a162b69db073accd9071d12df5b326a43b834bbffc2f2a60deafcbddf1c6438a1769d6fb09fbe1990e89da12164ef237f326edb5be64bb64b143a030de8a99b3c5e543c871cb581e2be090a92134aa587701f864907cadd7c1ce20fcf8f5dc7f7ecd06a6c19d89a92ca0ad4393c208b80bba990c7a3702a9c79bddde75d5db244719ac32191b6ceb041ab541fb47680a97dc0422b8a50d91e32cb08cd341b0b099aca5bd12b69d4f89d10b755b351a6489180b786a3bebac926532a4a2d85b07bce6c090d1aaaff079e36d5394a612f1351b90c13a0fa6bf9d188d548dfe6fa51a9026edb52009c03ed45ac51d05c58a957bcc67e05a588985ba00d79f33ae9cdd5f5721d9fdc72ee6e880708be87e8a60c3c035c146f2091d1b9a4c2cfa56f292fe1ba62290d4e56c05669291bbe917f3cac51802a2cc8e9c90dadfe666c233c5a5bb71ee17deec51ce60c73f57bf9ecb84873afcc44815131810c6c1217bea485ef9aa2785e859b25315ef8aa3a274982786e45d622ae831fb76010d69a181b069e4cc55d4436edb10d1119b0c6000c6d5cff7c72f740a59dc0507e7a952b69403c62673f122c9d1264fac6ce2262e86cd8d6a402672f88530fc2d16f31736dd497a4e853253ac8d5aff8d1376895e9f5519b2490cc2a2412ba0c99cec855f668837310035e92fb646486de1b0acffb91ae7516df3eeef381456b55e65baa58e71461c928687e699d2b21814805591382e95e1b970aaa53259917f070281f2336b7d570249d838b3f1a32753c336864e15f4561badf8fee034a29c52ff3fca7456ae140f83e3b2fd5b57c9aef3f20c664200d235f236ec47dd2fc20b14dc6000812237aea992d987e5460679e8c5b76d931ef6d951e6c7087e3106b6ce2db9de6f228fdf3ffc38710c0e8d5000a195a79d1fa2301038f5b27c40b09c34c025e5099d40c2204ea0eae985263c9101cab88d6857a320c9e497f22348a24861a5fb8d734e08cad09f9933748ff01eab22f17756f58688dc1b486a397563ee9ad0784b8833cdb5f7c6bcf76d9c1105f71c3c6aabefd70dc6cd5c66d31caf916145ac5ed7fa070b4277c0448ab1eb78c943be9aeab0587d321a4bcb7754f070881178f8be668b686124899fac252519f4b60ec42db766a908755040463125c26850177402a977246d36d23afac0a11889d54640bd8f6f670d686cfd33f6fc5d90cf6cbd63d9d0fd201dd4c74dbbab899f3c23c0b7e37ea0b2aff421327200d0da58b5893a4186ae3652cc6e11c2c2a0e52184a3872532acce98c94cebf4f31333663a620f0dba0ffd89c3124380075bd28caa6d449a050b3661b8fbaf4747b77c4928b1378fdc8c7a7b38ade1aeec44bdfacc8271d0b132b2029b0f3582f9919f5c8cd543abc9caf6b82b197cd482c3ef61a64743506342bf50a3c1ff544563bb8b2002911ee1fad698f4ac133ffed5bfe81239c918207a03c7a8bd71a0a502aea78d38e970e3ab2abf754b598acb79cf276792aa08724d0ba24f2a694912ab795b3f45f52dec50d9bfbc99ae27e1d2c2216afec6709d6513a64b29ef58255bbe18478c5d4f15f74ea63a1e15487752eec8fd019f1d4a7aa25277664754bd2d7cd3a7a018b92c56d965a1974885363757286da9e055ef7fac17876f0a64c1026a597733b897a9155ecbf420159ae8e5209aa83a3544fff1fb4566f2d54f95e3bbd30dcca5f24397e4bd47ff01292f0d6fe9dd47a810e0c25382fa69b4987d1afd9b69ef125110ad6b240eaa9c85829a2646f9ab7874bc02bfa8346cc9190943e9d46b44880670b1e2aa3a29e83be5472d7418885a353faade6e8b18f4b588607bbb758588d1e2f11a9dfa1c4d61be50249f1ee32e6ff8c0c7722aaec1bc79654a4772efc578bd6a14c79abcc77a4e09c8b6c6ea35cd3ab31e35268fb55db843176f8042f8ce7be0ddd4ead6dbdad0ef9e7cb2323db5cc48119a72b27306b8ff6366c0bc682a85ab9e2cf2238b6d6eb2e38a97d5577e6334cb2aa6e7c86e489e876f9d7053577a5cb57f52812fab7c4bd7b19a34c228ffb67dcac9281612f778b58c580c140542200fd00cb3ad81d93420df93c5af2493f646d8de797102fa0a65247317882fbf171520f00b2c7638623b823ff11444fdde453570f99f9099b60061a908b83383ba8b82bb78edd074dccf9342afdf8d11a6129ba6ea7030f3629056264f1736c2b926171b6dc7e1fa455a473de656390495f3b6ad2f9f46f35eacb075628ff739ef78f28ba683448068c7f18fb63f28ba7dbbb78999100dde0a94e8b8570817c7114c13e139ceb333782b29a84a5b19497fa785915c7680dd7f972cb59ba22161f60886e5cb3c3e808726cbf96bc4da78914eee565c6d9d18e70d22cf8c0244cf3cf488c3550eaa400bc0f26d64e0f1bc8d0301a841d954073a641f3ef883d81f4d5db8e9df708e64e640b38df7295f7fe573863653086bae5507c880ab7fdb7a6c5ce77027ffa7395233d3ce536d77ae6c2e9c8ffb6fee78a3bcb3b5f888bd595caa3a5586948776b950a89cde4db8247ffff27491c882b430afdd60e7a22324f6635a9aa7139f3e624c6d9ece60f7f8153b2080cf0544fbf8e1c436503766e670b902604ab521e11aa5a65cedd64cfaf898ac5f55c08c87693c323517bcb0d99c28f5e072d4f6540c7ead70138d47c1a67fd72bd6ef5613af33a0af311c3d0a631ca2a2dfbe35d1021eb610e40b9be128683235a788b5a4cacf99babee382458d59e8aa1dd7bba7e09dd30c055a3df8ed721a1778b2c6ed587a403566325cd19962edd7831caa44a6b716517bad502130e7cf6a5ce5288dc84c0170f622ae0b1e1166a9c2c0771d91df9f9dd82ae210469602ce38964746c1c1d04321aae7d464eb801dbea7ec39505457e778208774d72673626c998b002c46a9b4b1e390d9344f0ca62212a1b6d41043a2100b35196bce42d40caa0ea9a486bf8526fd1f0f0d362c2cac463ea7377a20b54b9435442ca529fc00da4fd7e27c4eaf14215a06857b54254c26346956fd7fe215a5ce57ec38cedf50a3c759e563a4fd87494f00e7bd9b44f3b7e99c6ef67187056a21d2fe1ac9d24125b1947eb293189fdc448b591af4d9b8eb091d6bbb5e50fae79d000044e282bb2ab6c63cc9562b151c214e45015354e62be63e1881238b907f7bdb791ff44a4e03fa29dbd26db2f49d0f4729b7cd9ba69a65b0b493466d35d09b3f590c67c31660d95e2ab4af2c9f1df91f04ce5a57dde2d75206b42e3423126774d76593c2f713ae279d7092506b513fd5d18f0f52d3fafd7141dfd4a0de1063754dba865faf8dc0f6be9d90ef21ec86a275533f6ad4b4e360dc775413f29eab8b3daac6279b9abfe163ea2f183e09ed91ef67fbb090875109288a182cfdcc46d90678efe5edceda6518335e678438cac4bb47d376f3f0e12aa55301735d7f42653c073d6a4a37b2e17d332dc1be6b50918c007b14886307cc39250e81efecd63d24067a49994572725a9df1760caac13a28f5255556b27ec245e93969b85cdec7cd1c2d2a433d3f9572b93054a7ce8adff81bc1d30884d5fc4791e251bd907e37af5bec74235c3e2f804e4e0450b715289942b7859ad207bafcfec1b586dc15e7911fe6d20aa3d02fcd47e9956780e300d7c53c17dfa15754deb4c20efebc7270bda0fa6b37fc88c6be4250cac38c1b8186b364482026ab52d65d3a691903fccc39772277011bfaa421adba76bed9731077bec885ce88d40f36bbd2a839c67dc4b862c968491b877d4fd13fc90f8da57a29121e12f78e85af765cd66e72ba513593fe1cdf20019985b065d828707d8e509c6834eab188deea5c9ee97955f4b07d37b6fc7beed73be94887d423a349f35bb8782bc670ceaec870d97f061bda02ae73f6d575f81e0b6326eae6c1b3085cc584686120e12dd9ad8ce44036bec8a189f9", 0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90}, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000004300)={0x50, 0x0, 0x0, {0x7, 0x26}}, 0x50)
syz_fuse_handle_req(r0, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x10)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
openat(0xffffffffffffff9c, 0x0, 0x80041, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x98}}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r5)
sendmsg$NLBL_CALIPSO_C_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r6, 0x125, 0x0, 0x0, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x24}}, 0x0)
sendmsg$NLBL_CALIPSO_C_ADD(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x24, r6, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x24}}, 0x844)

3.627738762s ago: executing program 4 (id=570):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
mmap$xdp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
connect$netlink(r5, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r8}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28)

3.272709244s ago: executing program 1 (id=571):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffdff}]})
r0 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x0, @val=@iter={&(0x7f0000001a40)=@cgroup, 0x10}}, 0x40)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f042})
readv(r0, &(0x7f0000002240)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
stat(&(0x7f0000001100)='./bus\x00', &(0x7f0000001140))
sendmsg$nl_xfrm(r1, 0x0, 0x0)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
r2 = socket$tipc(0x1e, 0x2, 0x0)
accept4$tipc(r2, 0x0, &(0x7f00000010c0), 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3f}, 0x1c)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000779000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2000})

3.165358593s ago: executing program 2 (id=572):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x8)

3.164954513s ago: executing program 4 (id=573):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000200)=ANY=[], 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d0000090582020000000000090503"], 0x0)
r1 = syz_open_dev$vcsu(0x0, 0x0, 0x0)
r2 = userfaultfd(0x801)
socket$inet6_tcp(0xa, 0x1, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r3, 0x0, 0x0)
getdents64(r1, &(0x7f0000000000)=""/21, 0x15)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0))
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
ioctl$UFFDIO_COPY(r2, 0x8010aa01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.675657396s ago: executing program 1 (id=574):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = dup(r1)
ioctl$PTP_EXTTS_REQUEST2(r2, 0x40603d07, &(0x7f0000000040))
r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xb)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280))
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, 0x0)
mmap(&(0x7f0000066000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4100, 0x1004}], 0x1, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST(r6, 0x80503d0a, &(0x7f0000000000))
ioctl$USBDEVFS_CONNECTINFO(r0, 0x8004550f, &(0x7f0000002a40))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(0xffffffffffffffff, r2)
openat$cgroup_devices(r2, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CONNECTINFO(r0, 0x40085511, &(0x7f00000000c0))
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder-control\x00', 0x2, 0x0)

2.665931647s ago: executing program 1 (id=575):
open(0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000000c0), 0x4)
sendto$inet(r1, 0x0, 0x0, 0x400c006, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
pselect6(0x5b, 0x0, &(0x7f0000000400)={0x7ffffffffffffffe, 0xfffffffffffffffd, 0x0, 0x3, 0x429, 0x4009, 0x4, 0x672}, &(0x7f0000000440)={0x37ffffffffffffc, 0x0, 0x9, 0x200, 0xa8a, 0x2, 0x9, 0x80000000}, &(0x7f00000004c0)={0x77359400}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fanotify_init(0x0, 0x0)
fchdir(0xffffffffffffffff)
syz_read_part_table(0x5b5, &(0x7f0000000c00)="$eJzs0r1LZFcUAPD7nhnGFGEkCJYRIiGFJDAptJiBiIzDNCpixCJ1wEILIYUQGTNai/4BUfyCYCP2lou74K4wW4nFsojNNsIuNlO9ZXYe7ipbret+yO/XzDnnnjuHx7mBr1ocLpIkiUIISbaZ//zf+7rarmXtV9Efu6WhSvfowNh4CFGIohDaJ9YeN0+itKP1ryHsp/lImley+frG0eCr3Y4nPz6t9mzF79xZCCFMn23nPu6Xch/tFQ9zi0uz5eW54tRJef78t79+DyGUZlb7NgvVia7CZNzqO4jvcH772/k99f6d42/Tw3rmqq83upv5fF433996Z+201hj+6f+/f+39/vRBdSXd+6X9AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd2yveJhbXJotL88Vp07CN61iW2lmtW+zUJ3oKkzGrdJBfP3e82fJG7ef/8/Fi3wzKk6dlOfPe+r9O8fJyMu1737JPKw38o/Svt7oxsUkd9vRfAH2iuc/tKLW/tc7a6e1xnBI111dSYPL6/tv3PrhAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3Vmmo0j06MDYeQhT+DCEMxh3bzXqSbZ1Had9++juS1ivZfH3jaDCTlrdG0/pBHMJC+DdMn21nPumH8EFeBwAA///1Vn2E")
r2 = socket$inet6(0xa, 0x0, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r3 = dup(0xffffffffffffffff)
bind$inet6(r2, &(0x7f0000000600)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00', 0xfffffffd}, 0xfffffffffffffdcb)
sendto$inet6(r2, 0x0, 0xffffffffffffffb7, 0x20000088, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x6, 0x4)
r4 = open(&(0x7f00000003c0)='./bus\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x8000fffffffe)
write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="0e000000e6f91f070000010000f4"], 0xe)

2.208556247s ago: executing program 2 (id=576):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0xad)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r3}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
fchmodat(r5, &(0x7f00000000c0)='./file1\x00', 0x0)
link(&(0x7f0000000080)='./file1\x00', &(0x7f0000000240)='./file2/file0\x00')
truncate(&(0x7f0000000180)='./file0/../file0/file0\x00', 0x0)

2.208209117s ago: executing program 4 (id=577):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mremap(&(0x7f0000371000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8)

2.196429088s ago: executing program 1 (id=584):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = socket(0x1d, 0x2, 0x6)
getsockopt$nfc_llcp(r0, 0x6a, 0x3, 0x0, 0x20000071)
r1 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$CAPI_GET_PROFILE(r1, 0x80024322, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r3=>0xffffffffffffffff}, 0x4)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r3, &(0x7f0000000000)="a4", &(0x7f0000000040)=""/100}, 0x20)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r3, 0x80286722, &(0x7f00000000c0)={&(0x7f0000000080)=""/52, 0x34, 0xfc000000, 0x7fffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f00000001c0), &(0x7f0000000300)=0x4)
fstat(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000600), 0x40880, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@cache_none}, {@version_L}, {@dfltuid={'dfltuid', 0x3d, r5}}, {@access_user}, {@msize={'msize', 0x3d, 0x8}}, {@access_client}], [{@pcr={'pcr', 0x3d, 0x11}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@hash}, {@smackfshat={'smackfshat', 0x3d, 'GPL\x00'}}, {@measure}]}})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r6, <r7=>0xffffffffffffffff}, 0x4)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000940)=ANY=[@ANYBLOB="400100001000010000000000fc000000000000000000000000000000ff8cc200000000000000000000000200"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc000000000000000000000000000001000000006c000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1c}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xffffffffffffffff}}, './file0\x00'})
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0x7, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2006000000000000000000000000000000000000000000000800010000000000cddf0ded05e5ddcdfb9b8a864017645bb4273c73d64792c348445fa2bf56995a3022a78ba4e563"], 0x20}}, 0x0)

1.838556689s ago: executing program 1 (id=578):
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r1, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'ip_vti0\x00', 0x0})
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040), 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x10000)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001b80)=@filter={'filter\x00', 0xe, 0x4, 0x388, 0xffffffff, 0x0, 0x1c8, 0x2f0, 0xffffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}, {{@ipv6={@local, @private2, [], [], 'team_slave_0\x00', 'vlan0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)
socket$inet6(0xa, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'netpci0\x00'})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0), 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_emit_ethernet(0x16, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000a58d000000000006f30000080009080200000008000b0000000000"], 0x2c}}, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

974.290505ms ago: executing program 4 (id=579):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
creat(0x0, 0x24)
mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x450c0, 0x0)
r1 = open(0x0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x401870cb, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100})

964.625906ms ago: executing program 2 (id=580):
r0 = getpgid(0xffffffffffffffff)
r1 = syz_open_procfs(r0, &(0x7f0000000080)='net/softnet_stat\x00')
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r2, 0x40104593, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, "7f0e279d2e5cf55a61c5c40d6e76943e0347c7cbf6336e676a359b970be7f3f3"})
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000240)={0x0, 0x2, 0x0})
write$binfmt_script(r1, &(0x7f00000013c0), 0xcb)
syz_open_procfs(0x0, &(0x7f0000000140)='status\x00')
r3 = socket(0x10, 0x2, 0x0)
fgetxattr(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="73656375720500000000b63e53f8045f375721b676ee7e4aeefc658ce536b37711c5ddcded0cbc35d7b9c2cf9e5d333d69b3ff875b069d5905d6fb0ed6c8d2e3bf78f6b252c6363eae223f4a9592737997ef1155db57534d34ff72d7c1447ef56f27d958cbbcaa4e4be08b76b0626c7fb5b686b61887b25bf21ec36fb833a3c31bdcc2e219e7a1366603d368532936ca1d959c1744ea92d3761b"], 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0)
ftruncate(r5, 0x8001)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$SO_COOKIE(r6, 0x1, 0x39, 0x0, &(0x7f0000000100))

831.835087ms ago: executing program 1 (id=581):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000080), 0x8)
listen(r0, 0x0)
connect$bt_sco(r0, &(0x7f0000000040), 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000010000000000000000000000a5000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xb9)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r2, r1, 0x5}, 0x10)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000240), &(0x7f0000000280)=@udp6=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r2, r5, 0x4}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000240), &(0x7f0000000300)=@tcp=r4}, 0x20)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="04040a00000000000054d64e1cf33429e26ea36f8b71679240"], 0xd)
sched_setaffinity(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x22, 0x2, @local}, 0x1c)
socket$netlink(0x10, 0x3, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40082104, 0x0)
syz_open_procfs(0x0, 0x0)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

28.059037ms ago: executing program 4 (id=582):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000011c0)='veno\x00', 0x5)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x20}, {@in=@loopback, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0x2, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x7, 0x0, 0x0, @in=@loopback}}]}, 0x154}}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @private, @loopback}, &(0x7f0000000280)=0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000080)=[0x0], 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
ioctl$int_in(r3, 0x5452, &(0x7f0000000600)=0x8b)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000000000007b4ca289d9f8441505eccce736d288eb80c7d1a4d9e3161853422faa0a30f9a0c56e23cfc945cae8403eee6763bab5"], 0x18}}, 0x20000000)
r4 = dup3(r3, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000200)=@deltaction={0x110, 0x31, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x50a}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x14, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10000}}]}, @TCA_ACT_TAB={0x3c, 0x1, [{0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}, @TCA_ACT_TAB={0x34, 0x1, [{0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}, @TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0x22, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}]}, 0x110}}, 0x80d4)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r2, 0x40189429, &(0x7f0000000480)={0x0, 0xffffffffffffffcd, 0x10001})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'gretap0\x00', <r5=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f00000004c0)={'syztnl1\x00', &(0x7f00000008c0)={'syztnl2\x00', r1, 0x8000, 0x8000, 0x7, 0x40, {{0x10, 0x4, 0x3, 0x1, 0x40, 0x64, 0x0, 0x3, 0x29, 0x0, @empty, @local, {[@timestamp={0x44, 0x8, 0xf7, 0x0, 0xe, [0x5]}, @timestamp_addr={0x44, 0xc, 0xa6, 0x1, 0x1, [{@multicast1, 0x2c9a}]}, @cipso={0x86, 0x15, 0x3, [{0x2, 0xf, "37aaaa770bc4c5dba96ecf618b"}]}]}}}}})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x7, '\x00', r5, 0xffffffffffffffff, 0x2, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000005c0)={r6, &(0x7f00000006c0)="9ee27c053c7bb211a89de5dfb189fda60b59e88c72e36b98a33763f5bc76e29ffb3815037d4d32022c81bf5f77feae957a981b1a29be1e8d65db4e7cc47005dd733c2e436baa0fce5525b310ec7700f3a4f03af390af6b7f2fd708fc47d9db99ccf54ea744b116c3419feef71df7c8e8b20c91ddcd2f1aee785b51c2dc969c46fea772a5308849c2e98c7f3b00130325233e7d1d634689215a0fc762f472616157b81d396e8ae2aace5f3b71b76c4e3e591ff4d8000ed783a3be0bd916533c0637957ab9d7d6391234d727823d129411f95bd8129c83624704466a2df69111010f1cdd0fb25539695758cf40f3", &(0x7f00000007c0)=""/147, 0x4}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', <r7=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3, 0x0, 0x5a614}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e23}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x4c}}, 0x0)

0s ago: executing program 2 (id=583):
syz_usb_connect(0x3, 0x36, &(0x7f0000000900)={{0x12, 0x1, 0x0, 0x44, 0xf8, 0x9b, 0x20, 0x5ac, 0x262, 0xa363, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x73, 0x7, 0x0, 0x3, 0xca, 0x2}}, {{0x9, 0x4, 0x29, 0x0, 0x1, 0x68, 0xf2, 0x28, 0x0, [], [{{0x9, 0x5, 0x6, 0xc, 0x0, 0x6}}]}}]}}]}}, 0x0)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in=@loopback, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@broadcast, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0)
setuid(0xee01)
setgroups(0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x4, &(0x7f0000000300)={0x0, 0x0, 0x2})
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001940), 0x141202, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000001980)={'vxcan0\x00', <r3=>0x0})
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r4)
pipe2$watch_queue(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r6, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r7, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r7, 0x7fffffffffffffff)
sendmsg$can_raw(r2, &(0x7f0000001a80)={&(0x7f00000019c0)={0x1d, r3}, 0x10, &(0x7f0000001a40)={&(0x7f0000001a00)=@can={{0x4, 0x1, 0x1}, 0x3, 0x0, 0x0, 0x0, "153ed27275e88f1c"}, 0x10}, 0x1, 0x0, 0x0, 0x10}, 0x40)
syz_emit_ethernet(0x63e, &(0x7f00000001c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x608, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, [{0x5, 0xe, "7db4000005d4a3b4364be7baa2d73b4ac24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d980110420fa979a3"}, {0x0, 0x9, "1598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8bedb8ecd2"}, {0x0, 0x4, "d429145c793e823829b4376332b2c98aee2dae3e1cb11adb2b381eb30650ac6c45f9"}, {0x0, 0xa2, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb1438510f0395752c61e57e760de178a58a8da65040946656220817732fa0cd36189027287597cc5ebe709ca9d9a507babd39f1e56a37657326c7ffb654ce5e2773e92e99783e3152562a21a574f521022314da92315c13a6a696122b211e29a85e81ba7a8fb4dee770d1cacaa2fb02d5fb97676d6402513cccc770ff1a9b9d3b1454ff071d6ed6c4e84249607b64a034b8127893a00aac7ce06a0c2820f7084a8d8e61fc6868c0c2c74005af049ea328a94d5d4534aa99c49208a5f339dec460f5231d6a3e42e4b314c913da4d4127f3d8407e7edbbb044d2e034d6c14c0b86de30afe2d0b92bcaa10cb48c54576114ab1844e25eabc3a8c7906e917b052dfe31e110aaf94876488e3ef926f2d6e6cb635836cb11dbd146a83e2034b7d41ebdaa959f4f74444aceab064af4fb73b5ac964eca5e12834cc5c6d280855bc19c25ce7a5a3dd1a64c1fba0001ee7eebfd25e67ebb5ca47dd6c08543f96a01"}]}}}}}}, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000040)={0xfffffff4, 0xc, 0x800000, 0x2a, 0x1b, "be882f95f3aee29a154c0f00"})
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r8=>0x0)
process_vm_readv(r8, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/69, 0x45}, {&(0x7f0000000140)=""/198, 0xc6}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000000240)=""/38, 0x26}, {&(0x7f0000000280)=""/41, 0x29}, {&(0x7f0000000380)=""/130, 0x82}, {&(0x7f0000000440)=""/68, 0x44}, {&(0x7f00000004c0)=""/184, 0xb8}, {&(0x7f0000000580)=""/121, 0x79}], 0x9, &(0x7f00000008c0)=[{&(0x7f00000002c0)=""/14, 0xe}, {&(0x7f00000006c0)=""/255, 0xff}, {&(0x7f00000007c0)=""/194, 0xc2}], 0x3, 0x0)

kernel console output (not intermixed with test programs):

[  106.413632][ T4134] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.462316][ T4134] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.484604][ T4134] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.679920][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  106.712572][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  106.837280][ T4268] netlink: 200 bytes leftover after parsing attributes in process `syz.1.145'.
[  106.864596][ T3811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.885537][ T3811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.656453][ T4275] loop1: detected capacity change from 0 to 512
[  107.683990][ T4095] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.691498][ T3664] usbhid 1-1:0.0: can't add hid device: -71
[  107.697615][ T3664] usbhid: probe of 1-1:0.0 failed with error -71
[  107.708748][ T4275] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  107.736714][ T3664] usb 1-1: USB disconnect, device number 4
[  107.743514][  T434] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.805149][ T4275] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  107.809608][  T434] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.842948][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  107.887453][ T3719] device hsr_slave_0 left promiscuous mode
[  107.895268][ T3719] device hsr_slave_1 left promiscuous mode
[  107.906735][ T4275] EXT4-fs (loop1): 1 truncate cleaned up
[  107.912997][ T3719] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.920235][ T4275] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  107.950865][ T3719] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.954901][ T4282] netlink: 'syz.4.122': attribute type 2 has an invalid length.
[  107.972521][ T4282] netlink: 'syz.4.122': attribute type 1 has an invalid length.
[  107.984418][ T4282] netlink: 'syz.4.122': attribute type 1 has an invalid length.
[  107.995755][ T3719] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.064411][ T4282] netlink: 'syz.4.122': attribute type 2 has an invalid length.
[  108.082362][ T4282] netlink: 'syz.4.122': attribute type 2 has an invalid length.
[  108.085953][ T4284] loop2: detected capacity change from 0 to 256
[  108.096777][ T3719] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.104380][ T3719] device bridge_slave_1 left promiscuous mode
[  108.110782][ T3719] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.118782][ T3719] device bridge_slave_0 left promiscuous mode
[  108.125324][ T3719] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.139283][ T3719] device veth1_macvtap left promiscuous mode
[  108.145404][ T3719] device veth0_macvtap left promiscuous mode
[  108.152517][ T3719] device veth1_vlan left promiscuous mode
[  108.160840][ T3719] device veth0_vlan left promiscuous mode
[  108.755027][ T4282] netlink: 4 bytes leftover after parsing attributes in process `syz.4.122'.
[  108.888364][ T4291] loop1: detected capacity change from 0 to 16
[  109.014881][ T4291] erofs: (device loop1): mounted with root inode @ nid 36.
[  112.009274][ T3719] team0 (unregistering): Port device team_slave_1 removed
[  112.085140][ T3719] team0 (unregistering): Port device team_slave_0 removed
[  112.098534][ T3719] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.128722][ T3719] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  113.065413][ T4330] netlink: 20 bytes leftover after parsing attributes in process `syz.0.158'.
[  113.077049][   T25] audit: type=1326 audit(1726048768.924:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4329 comm="syz.0.158" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fee82f9bef9 code=0x0
[  113.087191][ T3719] bond0 (unregistering): Released all slaves
[  113.299274][ T4336] loop4: detected capacity change from 0 to 1024
[  113.576558][ T4346] loop2: detected capacity change from 0 to 512
[  114.262287][ T4346] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.162: corrupted in-inode xattr
[  114.263832][ T4346] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.162: couldn't read orphan inode 15 (err -117)
[  114.264609][ T4346] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  114.523468][ T1075] Bluetooth: hci2: command 0x0409 tx timeout
[  114.567479][ T4336] hfsplus: xattr searching failed
[  114.580284][ T4336] hfsplus: xattr searching failed
[  114.608350][   T25] audit: type=1800 audit(1726048770.424:9): pid=4336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.160" name="bus" dev="loop4" ino=25 res=0 errno=0
[  114.967247][ T4355] loop2: detected capacity change from 0 to 2048
[  114.981509][ T4359] netlink: 40 bytes leftover after parsing attributes in process `syz.3.168'.
[  115.049818][   T25] audit: type=1326 audit(1726048770.894:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4358 comm="syz.3.168" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe923079ef9 code=0x0
[  115.159970][ T3683] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  115.249848][    T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  115.261516][ T4364] program syz.2.169 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  115.301549][ T4364] loop2: detected capacity change from 0 to 512
[  115.333679][ T4364] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  115.375405][ T4364] EXT4-fs (loop2): mounted filesystem without journal. Opts: nomblk_io_submit,auto_da_alloc=0x0000000000000000,grpquota,inode_readahead_blks=0x0000000000000000,errors=continue,,errors=continue. Quota mode: writeback.
[  115.619774][ T3683] usb 2-1: config 0 has no interfaces?
[  115.628888][ T3683] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  115.654476][ T3683] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.671900][ T3683] usb 2-1: config 0 descriptor??
[  115.684181][    T7] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  115.695704][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.722634][    T7] usb 5-1: config 0 descriptor??
[  115.770744][    T7] cp210x 5-1:0.0: cp210x converter detected
[  115.998726][ T3616] usb 2-1: USB disconnect, device number 5
[  116.089596][ T3683] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  117.445290][ T3683] usb 3-1: Using ep0 maxpacket: 16
[  117.577397][ T4391] loop0: detected capacity change from 0 to 1024
[  117.590788][ T3683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  117.749120][ T3683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.759402][ T3683] usb 3-1: New USB device found, idVendor=2087, idProduct=0a01, bcdDevice= 0.00
[  117.768505][ T3683] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.790937][ T3683] usb 3-1: config 0 descriptor??
[  117.819005][ T4393] netlink: 20 bytes leftover after parsing attributes in process `syz.1.177'.
[  117.833189][ T4391] hfsplus: xattr searching failed
[  117.838939][   T25] audit: type=1800 audit(1726048773.674:11): pid=4391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.176" name="bus" dev="loop0" ino=25 res=0 errno=0
[  118.191526][ T4391] hfsplus: xattr searching failed
[  118.470057][   T25] audit: type=1326 audit(1726048774.304:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4392 comm="syz.1.177" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0adaf1ef9 code=0x0
[  118.619728][    T7] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71
[  118.637770][    T7] cp210x 5-1:0.0: querying part number failed
[  118.702350][    T7] usb 5-1: cp210x converter now attached to ttyUSB0
[  118.878638][    T7] usb 5-1: USB disconnect, device number 2
[  119.833853][    T7] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  119.846161][    T7] cp210x 5-1:0.0: device disconnected
[  119.939728][ T3683] usbhid 3-1:0.0: can't add hid device: -71
[  119.945859][ T3683] usbhid: probe of 3-1:0.0 failed with error -71
[  119.955305][ T3683] usb 3-1: USB disconnect, device number 2
[  121.178370][ T4433] loop0: detected capacity change from 0 to 1024
[  121.469410][ T4441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.186'.
[  122.797674][ T3568] hfsplus: walked past end of dir
[  122.930969][ T3568] hfsplus: xattr search failed
[  122.962392][    C0] eth0: bad gso: type: 1, size: 1408
[  123.026049][ T4454] ebt_among: dst integrity fail: 101
[  123.039311][    C0] eth0: bad gso: type: 1, size: 1408
[  123.431930][ T4463] loop0: detected capacity change from 0 to 128
[  123.503065][ T3613] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  125.254826][ T4469] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.194' resets device
[  126.218163][ T3613] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  126.307392][ T3613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.318535][ T3613] usb 4-1: config 0 descriptor??
[  126.340143][ T3613] usb 4-1: can't set config #0, error -71
[  126.352271][ T3613] usb 4-1: USB disconnect, device number 4
[  126.450996][ T4489] device veth0_macvtap left promiscuous mode
[  126.595585][ T4492] fuse: Bad value for 'fd'
[  126.603800][ T3617] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  126.659193][ T4492] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  126.980531][ T3617] usb 1-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af
[  127.070839][ T3617] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.485980][ T3618] Bluetooth: hci0: command 0x0401 tx timeout
[  127.492920][ T3617] usb 1-1: config 0 descriptor??
[  127.499111][ T4499] loop4: detected capacity change from 0 to 1024
[  127.531458][ T3617] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  127.605260][ T4499] hfsplus: xattr searching failed
[  127.628562][   T25] audit: type=1800 audit(1726048783.464:13): pid=4499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.202" name="bus" dev="loop4" ino=25 res=0 errno=0
[  127.629018][ T4499] hfsplus: xattr searching failed
[  127.762312][ T4484] input: syz1 as /devices/virtual/input/input5
[  127.814691][ T4503] loop3: detected capacity change from 0 to 4096
[  128.019695][ T3617] gspca_sonixj: reg_w1 err -71
[  128.058111][ T3617] sonixj: probe of 1-1:0.0 failed with error -71
[  128.077756][ T3617] usb 1-1: USB disconnect, device number 5
[  128.110627][ T4503] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[  128.196580][ T4517] loop4: detected capacity change from 0 to 128
[  128.239030][ T4503] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  128.253670][ T4503] ntfs3: loop3: Failed to load $Extend.
[  129.540169][ T3618] Bluetooth: hci0: command 0x0c1a tx timeout
[  129.663873][ T4528] program syz.0.213 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  129.686105][ T4528] loop0: detected capacity change from 0 to 512
[  129.834198][ T4528] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  131.750490][ T4528] EXT4-fs (loop0): mounted filesystem without journal. Opts: nomblk_io_submit,auto_da_alloc=0x0000000000000000,grpquota,inode_readahead_blks=0x0000000000000000,errors=continue,,errors=continue. Quota mode: writeback.
[  131.799378][   T26] Bluetooth: hci0: command 0x0406 tx timeout
[  131.906211][ T4550] loop3: detected capacity change from 0 to 512
[  131.917970][ T4548] loop1: detected capacity change from 0 to 512
[  131.977333][ T4552] loop4: detected capacity change from 0 to 2048
[  132.013341][ T4554] dlm: no locking on control device
[  132.045588][ T4552] EXT4-fs (loop4): Unrecognized mount option "hash" or missing value
[  132.120360][ T4548] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.216: bg 0: block 393: padding at end of block bitmap is not set
[  132.277454][ T4548] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6185: Corrupt filesystem
[  132.332659][ T4550] EXT4-fs (loop3): 1 orphan inode deleted
[  132.416676][ T4550] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  132.445765][ T4548] EXT4-fs (loop1): 2 truncates cleaned up
[  132.554440][ T4548] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  132.582858][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  132.590675][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  132.684925][ T4550] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038 (0x7fffffff)
[  133.055709][ T4569] EXT4-fs warning (device loop3): ext4_group_extend:1847: will only finish group (71 blocks, 7 new)
[  135.630581][ T4569] EXT4-fs warning (device loop3): ext4_group_extend:1852: can't read last block, resize aborted
[  135.751314][ T4550] loop_set_status: loop3 () has still dirty pages (nrpages=4)
[  135.857572][ T4584] fuse: Bad value for 'fd'
[  135.870874][ T3574] EXT4-fs warning (device loop3): __ext4_unlink:3333: inode #16: comm syz-executor: Deleting file 'file3' with no links
[  135.871079][ T3574] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #17: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[  135.873813][ T3574] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #17: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[  136.972828][ T4596] program syz.1.228 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  137.033336][ T4596] loop1: detected capacity change from 0 to 512
[  137.119174][ T4596] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  137.191990][ T4596] EXT4-fs (loop1): mounted filesystem without journal. Opts: nomblk_io_submit,auto_da_alloc=0x0000000000000000,grpquota,inode_readahead_blks=0x0000000000000000,errors=continue,,errors=continue. Quota mode: writeback.
[  137.470398][ T4608] netlink: 28 bytes leftover after parsing attributes in process `syz.1.232'.
[  137.569053][   T25] audit: type=1326 audit(1726048793.404:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4599 comm="syz.4.231" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a39e97ef9 code=0x0
[  137.637551][ T4619] netlink: 20 bytes leftover after parsing attributes in process `syz.1.235'.
[  138.131865][ T4628] syz.4.237 uses obsolete (PF_INET,SOCK_PACKET)
[  139.004798][ T4634] delete_channel: no stack
[  139.080178][ T4622] loop0: detected capacity change from 0 to 32768
[  139.120185][ T4622] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.236 (4622)
[  139.183405][ T4622] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  139.211178][ T4622] BTRFS info (device loop0): using free space tree
[  139.231973][ T4624] chnl_net:caif_netlink_parms(): no params data found
[  139.239610][ T4622] BTRFS info (device loop0): has skinny extents
[  139.361088][   T25] audit: type=1326 audit(1726048795.204:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  139.443797][   T25] audit: type=1326 audit(1726048795.234:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  139.798603][ T4660] loop2: detected capacity change from 0 to 64
[  139.848482][   T25] audit: type=1326 audit(1726048795.234:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  139.870736][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.084683][ T3618] Bluetooth: hci3: command 0x0409 tx timeout
[  140.116429][ T4622] BTRFS info (device loop0): enabling ssd optimizations
[  140.133423][   T25] audit: type=1326 audit(1726048795.234:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  140.155321][    C0] vkms_vblank_simulate: vblank timer overrun
[  140.171626][   T25] audit: type=1326 audit(1726048795.234:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  140.205322][ T4624] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.231763][ T4660] hfs: request for non-existent node 293 in B*Tree
[  140.238542][ T4660] hfs: request for non-existent node 293 in B*Tree
[  140.253680][ T4668] loop4: detected capacity change from 0 to 256
[  140.259988][ T4624] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.261026][ T4624] device bridge_slave_0 entered promiscuous mode
[  140.273482][ T4660] hfs: get root inode failed
[  140.308499][ T4624] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.322143][ T4624] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.368875][ T4624] device bridge_slave_1 entered promiscuous mode
[  140.386059][ T4668] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010253, chksum : 0xa98551aa, utbl_chksum : 0xe619d30d)
[  140.444827][   T25] audit: type=1326 audit(1726048795.234:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  140.466984][   T25] audit: type=1326 audit(1726048795.234:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0adaf1ef9 code=0x7ffc0000
[  140.489033][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.439573][   T25] audit: type=1326 audit(1726048795.244:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe0adaf093c code=0x7ffc0000
[  141.512880][   T25] audit: type=1326 audit(1726048795.284:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4638 comm="syz.1.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe0adaf09df code=0x7ffc0000
[  141.647461][ T4624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.717701][ T4624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.893648][ T4686] netlink: 132 bytes leftover after parsing attributes in process `syz.4.245'.
[  141.938619][ T4624] team0: Port device team_slave_0 added
[  141.950035][ T4624] team0: Port device team_slave_1 added
[  142.044245][ T4624] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.044259][ T4624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.044275][ T4624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.047754][ T4624] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.047767][ T4624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.047788][ T4624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  142.108386][ T4624] device hsr_slave_0 entered promiscuous mode
[  142.117695][ T4624] device hsr_slave_1 entered promiscuous mode
[  142.143599][    C0] vkms_vblank_simulate: vblank timer overrun
[  142.203290][ T4624] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  142.203369][ T4624] Cannot create hsr debugfs directory
[  142.236618][    C0] vkms_vblank_simulate: vblank timer overrun
[  142.284261][ T4690] Bluetooth: hci3: command 0x041b tx timeout
[  143.032129][ T4624] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.060424][ T4703] netlink: 16090 bytes leftover after parsing attributes in process `syz.1.251'.
[  143.114842][ T4706] SET target dimension over the limit!
[  143.234164][ T4709] netlink: 24 bytes leftover after parsing attributes in process `syz.2.252'.
[  143.271098][ T4624] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.580502][ T4624] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.973070][ T4716] netlink: 4 bytes leftover after parsing attributes in process `syz.0.254'.
[  144.067724][ T4724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.255'.
[  144.082443][ T4716] device hsr_slave_1 left promiscuous mode
[  144.116770][ T4624] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.131227][ T4726] device bond0 entered promiscuous mode
[  144.140667][ T4726] device bond_slave_0 entered promiscuous mode
[  144.147040][ T4726] device bond_slave_1 entered promiscuous mode
[  144.278867][ T4624] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  144.298786][ T4719] device bond0 left promiscuous mode
[  144.311807][ T4719] device bond_slave_0 left promiscuous mode
[  144.318570][ T4719] device bond_slave_1 left promiscuous mode
[  144.329157][ T4624] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  144.339662][ T3664] Bluetooth: hci3: command 0x040f tx timeout
[  144.351602][ T4624] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  144.360734][ T4624] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  144.441915][ T4733] loop0: detected capacity change from 0 to 512
[  144.515092][ T4739] netlink: 40 bytes leftover after parsing attributes in process `syz.2.262'.
[  144.581459][ T4739] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[  144.588078][ T4739] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  144.611807][ T4739] vhci_hcd vhci_hcd.0: Device attached
[  144.623439][ T4624] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.634727][ T4733] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  144.656045][ T4733] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038 (0x7fffffff)
[  144.707026][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.740419][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  144.751443][ T4624] 8021q: adding VLAN 0 to HW filter on device team0
[  144.801002][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  144.826458][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  144.833788][ T4745] loop1: detected capacity change from 0 to 4096
[  144.846737][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.853918][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.889782][ T4421] usb 13-1: new low-speed USB device number 2 using vhci_hcd
[  144.899330][ T4745] __ntfs_warning: 13 callbacks suppressed
[  144.899343][ T4745] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  144.929646][ T4690] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  144.937642][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  144.950604][ T4745] ntfs: (device loop1): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  144.961457][ T4737] loop4: detected capacity change from 0 to 32768
[  144.980093][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  145.002779][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  145.016654][ T4745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  145.034056][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.041159][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.058599][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.069716][ T4745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  145.084948][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.105282][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.117038][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.132871][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.140109][ T4745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  145.149250][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.153364][ T4745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  145.165053][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  145.194909][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  145.212631][ T4624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  145.222385][ T4745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  145.233107][ T4745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  145.248861][ T4624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  145.254505][ T4745] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  145.269252][ T4745] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  145.292369][ T4745] ntfs: volume version 3.1.
[  145.298905][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.310745][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  145.326009][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  145.375017][ T4690] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  145.396646][ T4690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.429398][ T4690] usb 3-1: config 0 descriptor??
[  145.487204][ T4690] cp210x 3-1:0.0: cp210x converter detected
[  145.694474][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  145.705236][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  145.722635][ T4624] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.989795][ T4690] cp210x 3-1:0.0: failed to get vendor val 0x370c size 13: -71
[  146.020306][ T4740] vhci_hcd: connection reset by peer
[  146.036020][ T4690] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  146.225861][ T3719] vhci_hcd: stop threads
[  146.230622][ T3719] vhci_hcd: release socket
[  146.249602][ T3719] vhci_hcd: disconnect device
[  146.288212][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  146.307455][ T4690] usb 3-1: cp210x converter now attached to ttyUSB0
[  146.320228][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  146.356515][ T4690] usb 3-1: USB disconnect, device number 3
[  146.387064][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  146.401804][ T4690] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  146.410747][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  146.421285][ T4624] device veth0_vlan entered promiscuous mode
[  146.449931][ T4690] cp210x 3-1:0.0: device disconnected
[  146.459919][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  146.467650][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  146.494623][ T1294] Bluetooth: hci3: command 0x0419 tx timeout
[  146.514657][ T4624] device veth1_vlan entered promiscuous mode
[  146.545609][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  146.566253][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  146.598905][ T4624] device veth0_macvtap entered promiscuous mode
[  146.785566][ T4758] netlink: 16090 bytes leftover after parsing attributes in process `syz.4.265'.
[  146.801228][ T4624] device veth1_macvtap entered promiscuous mode
[  146.926817][ T4767] loop1: detected capacity change from 0 to 256
[  146.948816][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.999219][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.154287][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.309165][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.461777][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.477576][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.487481][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.509704][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.531169][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.550944][ T4763] loop2: detected capacity change from 0 to 8192
[  147.551961][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.570611][ T4624] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.582422][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.604046][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.617204][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.621075][ T4767] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  147.627881][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.653440][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.668418][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.678792][ T4624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.692371][ T4624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.704172][ T4624] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.718372][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  147.726479][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  147.734604][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  147.743353][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  147.752106][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  147.761173][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  147.925755][ T4770] device veth0_vlan left promiscuous mode
[  147.951754][ T4770] device veth0_vlan entered promiscuous mode
[  147.973753][ T4624] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.014646][ T4624] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.059596][ T4624] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.065003][ T4780] loop1: detected capacity change from 0 to 2048
[  148.081739][ T4624] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.110601][ T4770] syz.4.268 (4770) used greatest stack depth: 18264 bytes left
[  148.168558][ T4780] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.260966][  T150] block nbd2: Attempted send on invalid socket
[  148.267158][  T150] blk_update_request: I/O error, dev nbd2, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.274046][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.289043][ T4786] VFS: unable to read V7 FS superblock on device nbd2.
[  148.300929][ T4786] VFS: could not find a valid V7 on nbd2.
[  148.323249][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.323435][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.341083][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  148.389171][ T4787] loop2: detected capacity change from 0 to 47
[  148.397156][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.425463][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  148.438821][ T4788] UDF-fs: error (device loop1): udf_read_inode: (ino 1345) failed ident=258
[  149.237447][ T4786] netlink: 44 bytes leftover after parsing attributes in process `syz.2.275'.
[  149.261834][ T4805] netlink: 8 bytes leftover after parsing attributes in process `syz.4.278'.
[  149.892596][ T4814] netlink: 12 bytes leftover after parsing attributes in process `syz.0.281'.
[  149.905285][ T4814] netlink: 12 bytes leftover after parsing attributes in process `syz.0.281'.
[  150.186876][ T4821] loop4: detected capacity change from 0 to 1024
[  151.519776][ T4822] loop1: detected capacity change from 0 to 512
[  151.530700][ T4421] vhci_hcd: vhci_device speed not set
[  152.709804][    T7] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  152.774336][    T7] Bluetooth: hci4: Injecting HCI hardware error event
[  152.782752][ T3584] Bluetooth: hci4: hardware error 0x00
[  152.797588][ T4821] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  152.802195][ T4822] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2219: inode #15: comm syz.1.279: corrupted in-inode xattr
[  152.826238][ T4822] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.279: couldn't read orphan inode 15 (err -117)
[  152.838347][ T4822] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  153.421654][ T4845] netlink: 48 bytes leftover after parsing attributes in process `syz.3.290'.
[  154.089179][ T4691] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  154.111029][ T4846] loop4: detected capacity change from 0 to 512
[  154.218976][ T4846] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  154.276337][ T4846] EXT4-fs (loop4): orphan cleanup on readonly fs
[  154.985464][ T4838] loop0: detected capacity change from 0 to 8192
[  155.012902][ T4846] EXT4-fs (loop4): 1 truncate cleaned up
[  155.024752][ T4856] loop3: detected capacity change from 0 to 2048
[  155.034267][ T3811] __quota_error: 12 callbacks suppressed
[  155.034280][ T3811] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  155.094646][ T3811] EXT4-fs error (device loop4): ext4_release_dquot:6219: comm kworker/u4:8: Failed to release dquot type 1
[  155.120616][ T4838] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  155.133218][ T4691] usb 3-1: config 0 has an invalid interface number: 156 but max is 1
[  155.175170][ T4691] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  155.180779][ T4846] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback.
[  155.191131][ T4691] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.208621][    C0] vkms_vblank_simulate: vblank timer overrun
[  155.234459][ T4691] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  155.244343][ T4691] usb 3-1: config 0 has no interface number 0
[  155.258473][ T4691] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  155.258893][ T4859] loop1: detected capacity change from 0 to 512
[  155.282325][ T4856] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  155.296306][ T4691] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  155.315283][ T4856] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038 (0x7fffffff)
[  155.344952][ T4691] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  155.413387][ T4691] usb 3-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  155.452741][ T4691] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  155.480491][ T4691] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.509899][ T4691] usb 3-1: config 0 descriptor??
[  155.567356][ T4691] gspca_main: spca561-2.14.0 probing abcd:cdee
[  155.689417][ T4859] capability: warning: `syz.1.294' uses 32-bit capabilities (legacy support in use)
[  156.300067][ T4691] spca561: probe of 3-1:0.156 failed with error -22
[  156.391186][ T4859] loop1: detected capacity change from 0 to 128
[  156.412509][ T4691] usb 3-1: MIDIStreaming interface descriptor not found
[  156.431053][ T4869] cgroup: noprefix used incorrectly
[  156.441993][ T4859] zonefs (loop1) ERROR: Not a zoned block device
[  156.843225][ T4691] usb 3-1: USB disconnect, device number 4
[  157.135255][ T4888] loop0: detected capacity change from 0 to 1024
[  157.174424][ T4888] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  157.195062][ T4888] EXT4-fs error (device loop0): ext4_protect_reserved_inode:182: inode #4: comm syz.0.301: blocks 32-33 from inode overlap system zone
[  157.210870][ T4888] EXT4-fs (loop0): failed to initialize system zone (-117)
[  157.218128][ T4888] EXT4-fs (loop0): mount failed
[  157.558095][ T4900] binder: 4899:4900 ioctl c018620c 0 returned -14
[  158.517383][ T4908] loop1: detected capacity change from 0 to 512
[  158.670559][ T4908] Quota error (device loop1): v2_read_file_info: Free block number too big (6 >= 6).
[  158.690915][ T4908] EXT4-fs warning (device loop1): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  158.737992][ T4908] EXT4-fs (loop1): mount failed
[  158.974838][ T4919] loop0: detected capacity change from 0 to 1024
[  161.314249][   T25] audit: type=1326 audit(1726048817.154:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4939 comm="syz.4.319" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a39e97ef9 code=0x0
[  161.374404][    C0] eth0: bad gso: type: 1, size: 1408
[  161.637344][ T4944] loop2: detected capacity change from 0 to 2048
[  162.101223][ T3764] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  162.361103][ T4944] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  162.583445][ T4960] loop4: detected capacity change from 0 to 1024
[  165.235471][ T4965] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  165.749586][ T3764] usb 2-1: unable to read config index 0 descriptor/all
[  165.756574][ T3764] usb 2-1: can't read configurations, error -71
[  165.774250][ T4969] loop3: detected capacity change from 0 to 512
[  166.130920][ T4977] dlm: no local IP address has been set
[  166.136879][ T4977] dlm: cannot start dlm midcomms -107
[  166.426738][ T4969] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  167.414339][ T3683] Bluetooth: hci2: command 0x0406 tx timeout
[  167.457590][ T4969] EXT4-fs (loop3): 1 truncate cleaned up
[  167.457616][ T4969] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  168.942817][ T4991] netlink: 80 bytes leftover after parsing attributes in process `syz.0.331'.
[  169.031247][   T25] audit: type=1326 audit(1726048824.874:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4992 comm="syz.1.335" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0adaf1ef9 code=0x0
[  169.059104][ T4989] netlink: 576 bytes leftover after parsing attributes in process `syz.4.330'.
[  169.135855][ T5001] loop3: detected capacity change from 0 to 1024
[  169.149664][ T5002] loop2: detected capacity change from 0 to 16
[  169.193619][ T5002] erofs: (device loop2): mounted with root inode @ nid 36.
[  169.207015][ T4998] erofs: (device loop2): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36
[  169.234398][ T4998] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  169.252968][ T4998] erofs: (device loop2): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36
[  170.857339][ T4998] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  170.884103][ T5005] loop4: detected capacity change from 0 to 2048
[  170.931811][ T5002] erofs: (device loop2): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36
[  170.941627][ T5002] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  170.951775][ T4998] erofs: (device loop2): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36
[  170.997994][ T4998] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  171.010570][ T4998] erofs: (device loop2): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36
[  171.021249][ T4998] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  171.241552][ T5012] loop1: detected capacity change from 0 to 1024
[  171.362653][ T5005] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  171.811245][ T5012] hfsplus: xattr searching failed
[  171.827288][ T5012] hfsplus: xattr searching failed
[  171.839782][   T25] audit: type=1800 audit(1726048827.664:41): pid=5012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.341" name="bus" dev="loop1" ino=25 res=0 errno=0
[  172.345813][ T5029] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: none.
[  173.615635][ T5044] loop1: detected capacity change from 0 to 1024
[  173.913628][ T5050] netlink: 80 bytes leftover after parsing attributes in process `syz.4.349'.
[  173.916467][ T5044] hfsplus: request for non-existent node 40 in B*Tree
[  174.584822][ T5044] hfsplus: request for non-existent node 40 in B*Tree
[  175.181211][ T5059] syz.4.351 sent an empty control message without MSG_MORE.
[  175.697469][ T3812] device hsr_slave_0 left promiscuous mode
[  175.755959][ T5065] loop0: detected capacity change from 0 to 256
[  175.764029][ T3812] device hsr_slave_1 left promiscuous mode
[  175.773586][   T25] audit: type=1326 audit(1726048831.614:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5061 comm="syz.2.352" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f62e2f04ef9 code=0x0
[  175.829808][ T3812] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.862934][ T3812] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.911580][ T5065] exfat: Bad value for 'dmask'
[  175.922509][ T3812] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.933471][ T3812] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.957496][ T3812] device bridge_slave_1 left promiscuous mode
[  176.458866][ T3812] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.686219][ T5073] loop4: detected capacity change from 0 to 1024
[  176.704135][ T3812] device bridge_slave_0 left promiscuous mode
[  176.761840][ T3812] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.790569][ T5079] loop2: detected capacity change from 0 to 256
[  176.829449][ T5073] hfsplus: xattr searching failed
[  176.840049][ T3812] device veth1_macvtap left promiscuous mode
[  176.845403][ T5079] exFAT-fs (loop2): bogus fat length
[  176.860112][ T3812] device veth1_vlan left promiscuous mode
[  176.873090][   T25] audit: type=1800 audit(1726048832.714:43): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.356" name="bus" dev="loop4" ino=25 res=0 errno=0
[  176.873618][ T5073] hfsplus: xattr searching failed
[  176.898922][ T3812] device veth0_vlan left promiscuous mode
[  176.907798][ T5079] exFAT-fs (loop2): failed to read boot sector
[  176.929040][ T5079] exFAT-fs (loop2): failed to recognize exfat type
[  178.791894][ T3812] team0 (unregistering): Port device team_slave_1 removed
[  178.849880][    C0] eth0: bad gso: type: 1, size: 1408
[  178.861596][ T3812] team0 (unregistering): Port device team_slave_0 removed
[  178.886272][ T3812] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  178.905920][ T3812] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  179.255114][ T3812] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  179.371175][ T3812] bond0 (unregistering): Released all slaves
[  179.635731][ T5095] netlink: 14 bytes leftover after parsing attributes in process `syz.4.363'.
[  180.975266][ T5103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.365'.
[  181.792222][    C0] eth0: bad gso: type: 1, size: 1408
[  181.852494][   T25] audit: type=1326 audit(1726048837.694:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5117 comm="syz.3.369" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f41206d1ef9 code=0x0
[  181.862487][ T5124] loop1: detected capacity change from 0 to 1024
[  181.959201][ T5124] hfsplus: xattr searching failed
[  181.969752][   T25] audit: type=1800 audit(1726048837.814:45): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.370" name="bus" dev="loop1" ino=25 res=0 errno=0
[  182.000117][ T5124] hfsplus: xattr searching failed
[  182.299555][   T21] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  182.549670][   T21] usb 3-1: Using ep0 maxpacket: 32
[  182.670164][   T21] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.813409][   T21] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  183.138800][ T5140] loop1: detected capacity change from 0 to 512
[  183.760177][   T21] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  183.982925][   T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.052122][   T21] usb 3-1: Product: syz
[  184.056303][   T21] usb 3-1: Manufacturer: syz
[  184.130271][   T21] usb 3-1: SerialNumber: syz
[  184.155426][ T5140] EXT4-fs (loop1): error: could not find journal device path: error -2
[  184.179638][    T7] Bluetooth: hci0: command 0x0409 tx timeout
[  184.181158][   T21] usb 3-1: config 0 descriptor??
[  184.425822][ T5132] chnl_net:caif_netlink_parms(): no params data found
[  184.478354][ T5154] loop3: detected capacity change from 0 to 128
[  184.497879][    T7] usb 3-1: USB disconnect, device number 5
[  184.589644][ T5154] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  184.618472][ T5154] UDF-fs: Scanning with blocksize 512 failed
[  184.648483][ T5154] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  184.660781][ T5154] UDF-fs: Scanning with blocksize 1024 failed
[  184.667794][ T5154] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  184.676043][ T5154] UDF-fs: Scanning with blocksize 2048 failed
[  184.682696][ T5154] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
[  184.690193][ T5154] UDF-fs: Scanning with blocksize 4096 failed
[  184.705106][ T5132] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.894283][ T5132] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.911109][ T5132] device bridge_slave_0 entered promiscuous mode
[  184.920125][ T5132] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.927236][ T5132] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.935960][ T5132] device bridge_slave_1 entered promiscuous mode
[  185.049591][ T4421] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  185.058092][ T5132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.080572][ T5132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.113503][ T5132] team0: Port device team_slave_0 added
[  185.134941][ T5132] team0: Port device team_slave_1 added
[  185.188832][   T25] audit: type=1326 audit(1726048841.024:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5166 comm="syz.3.385" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f41206d1ef9 code=0x0
[  185.224191][ T5132] batman_adv: batadv0: Adding interface: batadv_slave_0
[  185.235640][ T5132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.265593][ T5132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  185.285279][ T5132] batman_adv: batadv0: Adding interface: batadv_slave_1
[  185.287146][ T5171] loop2: detected capacity change from 0 to 1024
[  185.294394][ T5132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.329647][ T4421] usb 5-1: Using ep0 maxpacket: 32
[  185.357384][ T5132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  185.431257][ T5173] loop1: detected capacity change from 0 to 256
[  185.442138][ T5132] device hsr_slave_0 entered promiscuous mode
[  185.449021][ T5132] device hsr_slave_1 entered promiscuous mode
[  185.485466][ T5170] hfsplus: xattr searching failed
[  185.487113][ T5173] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  185.497354][   T25] audit: type=1800 audit(1726048841.334:47): pid=5170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.386" name="bus" dev="loop2" ino=25 res=0 errno=0
[  185.510159][ T5170] hfsplus: xattr searching failed
[  185.522969][ T5132] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  185.529757][ T4421] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.557372][ T5132] Cannot create hsr debugfs directory
[  185.563310][ T4421] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.573937][ T5173] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  185.593843][ T4421] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  185.627379][ T4421] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  185.664084][ T4421] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  185.703585][ T4421] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  185.740636][ T5132] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.905181][ T4421] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  185.918823][ T5175] loop2: detected capacity change from 0 to 128
[  185.927442][ T4421] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.944036][ T4421] usb 5-1: Product: syz
[  185.951871][ T4421] usb 5-1: Manufacturer: syz
[  185.970287][ T4421] usb 5-1: SerialNumber: syz
[  185.978662][ T5132] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.127239][ T5179] netlink: 'syz.2.390': attribute type 30 has an invalid length.
[  186.148691][ T5132] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.254191][ T5132] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.267563][   T25] audit: type=1326 audit(1726048842.114:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.1.389" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe0adaf1ef9 code=0x0
[  186.269622][    T7] Bluetooth: hci0: command 0x041b tx timeout
[  186.317933][ T5182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.389'.
[  186.329879][ T4421] cdc_ncm 5-1:1.0: bind() failure
[  186.356733][ T4421] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  186.359631][ T4691] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  186.374844][ T4421] cdc_ncm 5-1:1.1: bind() failure
[  186.417433][ T4421] usb 5-1: USB disconnect, device number 3
[  186.559738][ T5132] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  186.676863][ T5132] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  186.688595][ T5132] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  186.699995][ T5132] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  186.719579][ T4691] usb 4-1: Using ep0 maxpacket: 32
[  186.929925][ T4691] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  186.965078][ T4691] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  187.009906][ T4691] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  187.021541][ T4691] usb 4-1: config 1 has no interface number 0
[  187.027896][ T4691] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  187.042914][ T4691] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  187.058271][ T4691] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  187.303373][ T4691] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.356139][ T5191] loop4: detected capacity change from 0 to 256
[  187.383207][ T4691] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  187.460828][ T5191] FAT-fs (loop4): Unrecognized mount option "code�age=775" or missing value
[  187.571064][ T5191] Mount JFS Failure: -22
[  187.582289][ T5191] jfs_mount failed w/return code = -22
[  187.734862][ T5198] netlink: 'syz.4.396': attribute type 4 has an invalid length.
[  187.762226][ T5132] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.821507][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  187.834670][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  187.898038][ T5132] 8021q: adding VLAN 0 to HW filter on device team0
[  187.917577][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  187.938608][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  187.974742][ T5200] loop4: detected capacity change from 0 to 512
[  187.995561][  T434] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.002660][  T434] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.043115][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  188.076180][ T5200] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #3: comm syz.4.397: corrupted inode contents
[  188.093185][ T5200] EXT4-fs error (device loop4): ext4_dirty_inode:6004: inode #3: comm syz.4.397: mark_inode_dirty error
[  188.097606][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  188.121661][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  188.131656][ T5200] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #3: comm syz.4.397: corrupted inode contents
[  188.137199][  T434] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.150367][  T434] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.167830][ T5200] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz.4.397: mark_inode_dirty error
[  188.168069][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  188.202982][ T5200] Quota error (device loop4): write_blk: dquota write failed
[  188.211024][ T5200] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  188.225171][ T5200] EXT4-fs error (device loop4): ext4_acquire_dquot:6196: comm syz.4.397: Failed to acquire dquot type 0
[  188.246897][ T5200] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.397: corrupted inode contents
[  188.268506][ T5200] EXT4-fs error (device loop4): ext4_dirty_inode:6004: inode #16: comm syz.4.397: mark_inode_dirty error
[  188.288127][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  188.289460][ T5200] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.397: corrupted inode contents
[  188.309167][ T5200] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.397: mark_inode_dirty error
[  188.314615][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  188.328465][ T5200] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.397: corrupted inode contents
[  188.330942][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  188.351879][ T4421] Bluetooth: hci0: command 0x040f tx timeout
[  188.363597][ T5200] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  188.375345][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  188.377844][ T5200] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.397: corrupted inode contents
[  188.384402][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  188.404092][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  188.417102][ T5200] EXT4-fs error (device loop4): ext4_truncate:4272: inode #16: comm syz.4.397: mark_inode_dirty error
[  188.430597][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  188.443579][ T5200] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  188.470163][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  188.470166][ T5200] EXT4-fs (loop4): 1 truncate cleaned up
[  188.470188][ T5200] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  188.498896][ T5200] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038 (0x7fffffff)
[  188.547172][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  188.558897][   T25] audit: type=1800 audit(1726048844.394:49): pid=5200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.397" name="bus" dev="loop4" ino=18 res=0 errno=0
[  188.585429][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  188.642345][ T5132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  188.668102][ T5200] syz.4.397 (5200) used greatest stack depth: 17656 bytes left
[  188.914549][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88801f5fc400: rx timeout, send abort
[  189.677184][   T25] audit: type=1326 audit(1726048845.514:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5213 comm="syz.4.400" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7a39e97ef9 code=0x0
[  189.739629][ T4691] snd_usb_pod 4-1:1.1: set_interface failed
[  189.750224][ T4691] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  189.769143][ T4691] snd_usb_pod: probe of 4-1:1.1 failed with error -71
[  189.795406][ T4691] usb 4-1: USB disconnect, device number 5
[  189.910108][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  189.927844][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  189.967611][ T5132] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.004493][ T5232] loop4: detected capacity change from 0 to 128
[  190.067810][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  190.101597][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  190.144970][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  190.158043][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  190.176926][ T5132] device veth0_vlan entered promiscuous mode
[  190.187016][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  190.253376][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  190.564354][ T5132] device veth1_vlan entered promiscuous mode
[  190.786750][ T3616] Bluetooth: hci0: command 0x0419 tx timeout
[  190.963018][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  190.991712][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  191.029409][ T5132] device veth0_macvtap entered promiscuous mode
[  191.068274][ T5243] loop2: detected capacity change from 0 to 512
[  191.129582][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  191.150799][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  191.187590][ T3636] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  191.222361][ T5132] device veth1_macvtap entered promiscuous mode
[  191.241071][ T5243] EXT4-fs error (device loop2): ext4_do_update_inode:5171: inode #3: comm syz.2.409: corrupted inode contents
[  191.279108][ T5243] EXT4-fs error (device loop2): ext4_dirty_inode:6004: inode #3: comm syz.2.409: mark_inode_dirty error
[  191.325189][   T25] audit: type=1326 audit(1726048847.164:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5252 comm="syz.1.413" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0adaf1ef9 code=0x0
[  191.336093][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.364764][ T5243] EXT4-fs error (device loop2): ext4_do_update_inode:5171: inode #3: comm syz.2.409: corrupted inode contents
[  191.388997][ T5243] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #3: comm syz.2.409: mark_inode_dirty error
[  191.389589][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.408321][ T5243] Quota error (device loop2): write_blk: dquota write failed
[  191.417745][ T5243] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  191.417998][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.434464][ T5243] EXT4-fs error (device loop2): ext4_acquire_dquot:6196: comm syz.2.409: Failed to acquire dquot type 0
[  191.438635][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.458054][ T5243] EXT4-fs error (device loop2): ext4_do_update_inode:5171: inode #16: comm syz.2.409: corrupted inode contents
[  191.459352][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.479208][ T5243] EXT4-fs error (device loop2): ext4_dirty_inode:6004: inode #16: comm syz.2.409: mark_inode_dirty error
[  191.484000][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.500258][ T5243] EXT4-fs error (device loop2): ext4_do_update_inode:5171: inode #16: comm syz.2.409: corrupted inode contents
[  191.502615][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.521409][ T5243] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #16: comm syz.2.409: mark_inode_dirty error
[  191.527467][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.546646][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.557487][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.565569][ T5243] EXT4-fs error (device loop2): ext4_do_update_inode:5171: inode #16: comm syz.2.409: corrupted inode contents
[  191.569160][ T5132] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.601775][ T5243] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  191.610780][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.632673][ T5243] EXT4-fs error (device loop2): ext4_do_update_inode:5171: inode #16: comm syz.2.409: corrupted inode contents
[  191.633530][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.645019][ T5243] EXT4-fs error (device loop2): ext4_truncate:4272: inode #16: comm syz.2.409: mark_inode_dirty error
[  191.655136][ T5235] netlink: 20 bytes leftover after parsing attributes in process `syz.3.407'.
[  191.671840][ T5243] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  191.674790][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.690273][ T5243] EXT4-fs (loop2): 1 truncate cleaned up
[  191.706879][ T5243] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  191.708813][ T5258] fuse: Bad value for 'fd'
[  191.718894][ T5243] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038 (0x7fffffff)
[  191.726865][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.743304][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.754189][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.770696][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.786693][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.802343][ T5132] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.817868][   T25] audit: type=1800 audit(1726048847.654:52): pid=5243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.409" name="bus" dev="loop2" ino=18 res=0 errno=0
[  191.898354][ T3811] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  191.927275][ T3811] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  191.964536][ T5263] IPVS: sed: TCP 127.0.0.1:0 - no destination available
[  191.980850][ T3811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  192.004577][ T3811] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  192.016073][ T3811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  192.031502][ T5132] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.049403][ T5132] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.062873][ T5132] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.071987][ T5132] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.132675][ T3812] device hsr_slave_0 left promiscuous mode
[  192.148424][ T3812] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.156639][ T5272] xt_TCPMSS: Only works on TCP SYN packets
[  192.175121][ T3812] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.188951][ T3812] device bridge_slave_1 left promiscuous mode
[  192.197364][ T3812] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.212714][ T3812] device bridge_slave_0 left promiscuous mode
[  192.221932][ T3812] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.256399][ T3812] device veth1_macvtap left promiscuous mode
[  192.268832][ T3812] device veth0_macvtap left promiscuous mode
[  192.275292][ T3812] device veth1_vlan left promiscuous mode
[  192.287618][ T3812] device veth0_vlan left promiscuous mode
[  192.302856][ T5281] loop1: detected capacity change from 0 to 128
[  192.497558][ T3812] team0 (unregistering): Port device team_slave_1 removed
[  192.521037][ T3812] team0 (unregistering): Port device team_slave_0 removed
[  192.530894][ T3616] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  192.538711][ T3812] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  192.555259][ T3812] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  192.613863][ T3812] bond0 (unregistering): Released all slaves
[  192.677123][ T5284] netlink: 4 bytes leftover after parsing attributes in process `syz.1.423'.
[  192.801843][ T3811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.811137][ T5291] loop1: detected capacity change from 0 to 512
[  192.846097][ T3811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.877658][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.883086][ T3811] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  192.894433][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.909599][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  192.929805][ T3616] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  193.009591][ T3617] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  193.013568][ T5291] EXT4-fs error (device loop1): ext4_do_update_inode:5171: inode #3: comm syz.1.425: corrupted inode contents
[  193.029428][ T5291] EXT4-fs error (device loop1): ext4_dirty_inode:6004: inode #3: comm syz.1.425: mark_inode_dirty error
[  193.042475][ T5291] EXT4-fs error (device loop1): ext4_do_update_inode:5171: inode #3: comm syz.1.425: corrupted inode contents
[  193.056010][ T5291] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #3: comm syz.1.425: mark_inode_dirty error
[  193.075702][ T5291] Quota error (device loop1): write_blk: dquota write failed
[  193.091756][ T5291] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  193.107734][ T5291] EXT4-fs error (device loop1): ext4_acquire_dquot:6196: comm syz.1.425: Failed to acquire dquot type 0
[  193.122791][ T5291] EXT4-fs error (device loop1): ext4_do_update_inode:5171: inode #16: comm syz.1.425: corrupted inode contents
[  193.137584][ T5291] EXT4-fs error (device loop1): ext4_dirty_inode:6004: inode #16: comm syz.1.425: mark_inode_dirty error
[  193.165946][ T5291] EXT4-fs error (device loop1): ext4_do_update_inode:5171: inode #16: comm syz.1.425: corrupted inode contents
[  193.178574][ T5291] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #16: comm syz.1.425: mark_inode_dirty error
[  193.196049][ T5291] EXT4-fs error (device loop1): ext4_do_update_inode:5171: inode #16: comm syz.1.425: corrupted inode contents
[  193.209143][ T5291] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  193.223503][ T5291] EXT4-fs error (device loop1): ext4_do_update_inode:5171: inode #16: comm syz.1.425: corrupted inode contents
[  193.238220][ T5291] EXT4-fs error (device loop1): ext4_truncate:4272: inode #16: comm syz.1.425: mark_inode_dirty error
[  193.249685][ T3617] usb 3-1: Using ep0 maxpacket: 8
[  193.259164][ T5291] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  193.274236][ T5291] EXT4-fs (loop1): 1 truncate cleaned up
[  193.282811][ T5291] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  193.295665][ T5291] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038 (0x7fffffff)
[  193.323645][   T25] audit: type=1800 audit(1726048849.164:53): pid=5291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.425" name="bus" dev="loop1" ino=18 res=0 errno=0
[  193.388229][ T3617] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  193.389837][ T3616] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  193.399158][ T3617] usb 3-1: config 179 has no interface number 0
[  193.417644][ T3617] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  193.417777][ T3616] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.429190][ T3617] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  193.453290][ T3617] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  193.458457][ T3616] usb 5-1: Manufacturer: 쌂臁署힇홎菨ԍ혔뺰ힵꂒ죂钗Ｓ⋤㾊⏝켙峐ꮎ▞৲좾䄒균븮ￜꬠꑢ윶굽ẵ왫ﰬ輚킴奋ᅘꮨ탬撛㬽帟⒣딖⺚ɟ檦ꊚ뿘茩⓸ḛ浴祼倳癅ⱝ쉫ᘙ巣脁ḇ뗬஺൶泫㧱ܗ㮲㟐锨.ᙽ邰퇎㺕ffi鶩婶ʥ⾝醀ꖌ亶ʆ暣袎뷋鵞嶽晣ས샠࿙㭁댧❷룷䭷ꁥ숉貪༘љ扼䎠ꄂ籧乷ꁛ
[  193.464691][ T3617] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  193.510817][ T3617] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  193.524633][ T3617] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  193.534103][ T3617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.555463][ T3616] usb 5-1: SerialNumber: ఄ
[  193.569810][ T5288] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  193.589917][ T5280] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  193.909530][   T25] audit: type=1326 audit(1726048849.744:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5310 comm="syz.3.430" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f41206d1ef9 code=0x0
[  194.022545][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  194.030101][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  194.205351][ T3616] usb 5-1: USB disconnect, device number 4
[  194.311110][ T5319] xt_cgroup: path and classid specified
[  194.988993][ T4690] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input11
[  195.360560][ T4691] usb 3-1: USB disconnect, device number 6
[  195.379542][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  196.151964][ T5328] IPv6: Can't replace route, no match found
[  196.171866][    C0] eth0: bad gso: type: 1, size: 1408
[  196.589114][ T5341] loop0: detected capacity change from 0 to 1024
[  197.247737][ T5346] netlink: 228 bytes leftover after parsing attributes in process `syz.4.440'.
[  197.390127][ T5347] sp0: Synchronizing with TNC
[  197.421321][   T25] audit: type=1326 audit(1726048853.264:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5356 comm="syz.0.444" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1262087ef9 code=0x0
[  197.518608][ T5360] loop1: detected capacity change from 0 to 128
[  197.837891][ T5345] [U] �
[  198.408644][ T5363] loop0: detected capacity change from 0 to 256
[  198.410840][ T5362] netlink: 28 bytes leftover after parsing attributes in process `syz.0.446'.
[  198.478953][ T5365] loop1: detected capacity change from 0 to 1024
[  198.570187][ T5367] netlink: 12 bytes leftover after parsing attributes in process `syz.2.447'.
[  199.458967][ T5365] loop1: detected capacity change from 0 to 256
[  199.511729][ T5365] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  199.550349][ T5376] loop4: detected capacity change from 0 to 1024
[  199.687109][ T5376] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable=0x0000000000000004,nombcache,,errors=continue. Quota mode: none.
[  199.714300][ T5387] device syzkaller0 entered promiscuous mode
[  199.731646][ T5387] loop2: detected capacity change from 0 to 128
[  199.738909][ T5376] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038 (0x7fffffff)
[  200.692377][ T5401] loop4: detected capacity change from 0 to 128
[  201.624762][ T5407] loop3: detected capacity change from 0 to 128
[  201.735228][ T5407] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  201.747241][ T5407] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  201.841669][ T5422] netlink: 80 bytes leftover after parsing attributes in process `syz.2.465'.
[  202.543657][ T5427] xt_SECMARK: invalid mode: 0
[  202.561241][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.596876][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.608025][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.616135][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.624305][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.637482][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.645798][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.658743][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.661970][ T5409] loop0: detected capacity change from 0 to 32768
[  202.666595][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.681100][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.688479][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.696277][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.706390][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.714041][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.721723][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.729096][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.736800][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.741782][ T5409]  loop0: [ICS] p1
[  202.744933][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.761541][ T5409] loop0: p1 start 1970170188 is beyond EOD, truncated
[  202.762125][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.779232][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.791003][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.798970][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.808479][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.819328][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.835144][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.837869][ T5434] loop1: detected capacity change from 0 to 128
[  202.847235][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.858697][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.866690][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.874955][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.882455][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.896773][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.901070][ T5434] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  202.905019][ T4690] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  202.922189][ T5434] ext4 filesystem being mounted at /proc/336/cgroup supports timestamps until 2038 (0x7fffffff)
[  202.955872][ T3028]  loop0: [ICS] p1
[  202.959919][ T3028] loop0: p1 start 1970170188 is beyond EOD, truncated
[  202.962416][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  202.984953][ T4690] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  202.988263][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[  203.039256][ T4624] EXT4-fs error (device loop3): ext4_empty_dir:3164: inode #11: block 1: comm syz-executor: Directory block failed checksum
[  203.089913][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  203.103982][ T3617] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  203.145656][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[  203.186377][ T4624] EXT4-fs error (device loop3): ext4_empty_dir:3164: inode #11: block 1: comm syz-executor: Directory block failed checksum
[  203.225673][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  203.268285][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[  203.303719][ T5434] loop1: detected capacity change from 0 to 1024
[  203.328899][ T4624] EXT4-fs error (device loop3): ext4_empty_dir:3164: inode #11: block 1: comm syz-executor: Directory block failed checksum
[  203.342821][ T4624] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  204.324139][ T5444] loop0: detected capacity change from 0 to 128
[  204.353564][ T5442] loop4: detected capacity change from 0 to 512
[  204.459776][ T3617] usb 3-1: config 0 has no interfaces?
[  204.475005][ T3617] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  204.609161][ T3617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.796404][ T3617] usb 3-1: config 0 descriptor??
[  204.993802][ T5434] loop1: detected capacity change from 0 to 2048
[  205.026871][ T5442] EXT4-fs (loop4): Ignoring removed oldalloc option
[  205.033882][ T5442] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  205.182321][ T5450] loop1: detected capacity change from 0 to 128
[  205.187467][ T5430] program syz.2.466 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  205.203282][ T5430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.466'.
[  205.239635][ T5430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.466'.
[  205.248409][ T5430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.466'.
[  205.268343][ T5442] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6
[  205.283260][ T3616] usb 3-1: USB disconnect, device number 7
[  205.716866][   T25] audit: type=1800 audit(1726048861.534:56): pid=5457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.473" name="file1" dev="loop1" ino=1048629 res=0 errno=0
[  206.028394][ T5462] netlink: 80 bytes leftover after parsing attributes in process `syz.4.476'.
[  206.224186][ T4979] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.408054][ T5479] dns_resolver: Unsupported server list version (0)
[  206.459442][ T4979] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.118311][ T5481] loop4: detected capacity change from 0 to 512
[  207.205360][ T4979] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.239585][ T5481] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled
[  207.303109][ T5481] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5
[  207.303109][ T5481] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  207.303109][ T5481] 
[  207.348450][ T5481] EXT4-fs (loop4): Unrecognized mount option "seclabel" or missing value
[  207.450695][ T4979] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.523411][ T5489] loop2: detected capacity change from 0 to 8
[  208.153797][ T5489] SQUASHFS error: zlib decompression failed, data probably corrupt
[  208.162195][ T5489] SQUASHFS error: Failed to read block 0x9b: -5
[  208.168487][ T5489] SQUASHFS error: Unable to read metadata cache entry [99]
[  208.175800][ T5489] SQUASHFS error: Unable to read inode 0x127
[  208.510189][ T5487] loop2: detected capacity change from 0 to 128
[  208.557489][ T5487] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  208.566428][ T5487] FAT-fs (loop2): Filesystem has been set read-only
[  208.807726][ T5501] netlink: 80 bytes leftover after parsing attributes in process `syz.4.490'.
[  209.062980][ T5515] netlink: 80 bytes leftover after parsing attributes in process `syz.0.502'.
[  209.097551][ T5508] loop2: detected capacity change from 0 to 4096
[  209.165627][ T5508] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  209.192333][ T5508] ntfs: (device loop2): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  209.208456][ T5508] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  209.233940][ T5508] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  209.256011][ T5497] chnl_net:caif_netlink_parms(): no params data found
[  209.291433][ T5508] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  209.348639][ T5508] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  209.451529][ T5497] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.451832][ T5497] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.453307][ T5497] device bridge_slave_0 entered promiscuous mode
[  209.455083][ T5497] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.455173][ T5497] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.456059][ T5497] device bridge_slave_1 entered promiscuous mode
[  209.567009][ T5508] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  209.567044][ T5508] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  209.567093][ T5508] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  209.576818][ T5508] ntfs: volume version 3.1.
[  210.383841][ T5497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.394731][ T5497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.457564][ T5497] team0: Port device team_slave_0 added
[  210.458723][ T5497] team0: Port device team_slave_1 added
[  210.604326][ T5497] batman_adv: batadv0: Adding interface: batadv_slave_0
[  210.604344][ T5497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.604365][ T5497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.605919][ T5497] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.605933][ T5497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.605955][ T5497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.829593][ T3683] Bluetooth: hci3: command 0x0409 tx timeout
[  211.081440][ T5540] __ntfs_error: 10 callbacks suppressed
[  211.081456][ T5540] ntfs: (device loop2): ntfs_truncate(): Inode 0x43 has unknown attribute type 0x80.  Aborting truncate.
[  211.193045][   T25] audit: type=1800 audit(1726048866.924:57): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.492" name="file1" dev="loop2" ino=67 res=0 errno=0
[  211.226463][ T5517] loop4: detected capacity change from 0 to 8192
[  211.463716][ T5550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.497'.
[  211.515575][ T5517] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  211.541001][ T5552] netlink: 'syz.0.498': attribute type 1 has an invalid length.
[  211.563525][ T4979] device hsr_slave_0 left promiscuous mode
[  211.591178][ T4979] device hsr_slave_1 left promiscuous mode
[  211.608748][ T4979] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  211.626456][ T4979] batman_adv: batadv0: Removing interface: batadv_slave_0
[  211.652949][ T4979] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  211.672277][ T4979] batman_adv: batadv0: Removing interface: batadv_slave_1
[  211.686254][ T4979] device bridge_slave_1 left promiscuous mode
[  211.699334][ T4979] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.745637][ T4979] device bridge_slave_0 left promiscuous mode
[  211.767690][ T4979] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.795369][ T4979] device veth1_macvtap left promiscuous mode
[  211.807486][ T4979] device veth0_macvtap left promiscuous mode
[  211.831348][ T4979] device veth1_vlan left promiscuous mode
[  211.843694][ T5565] loop2: detected capacity change from 0 to 1024
[  211.848555][ T4979] device veth0_vlan left promiscuous mode
[  211.883731][ T5565] EXT4-fs (loop2): Mount option "nojournal_checksum" incompatible with ext2
[  212.180289][ T5568] syz.2.500[5568] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  212.180784][ T5568] syz.2.500[5568] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  213.060808][ T4979] team0 (unregistering): Port device team_slave_1 removed
[  213.303516][ T4691] Bluetooth: hci3: command 0x041b tx timeout
[  213.480125][ T4979] team0 (unregistering): Port device team_slave_0 removed
[  213.681912][ T4979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.707653][ T4979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  213.821540][ T5578] netlink: 80 bytes leftover after parsing attributes in process `syz.4.504'.
[  213.857822][ T4979] bond0 (unregistering): Released all slaves
[  214.015269][ T5497] device hsr_slave_0 entered promiscuous mode
[  214.023681][ T5497] device hsr_slave_1 entered promiscuous mode
[  214.040714][ T5572] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  214.049650][ T5572] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  214.149093][ T5582] overlayfs: failed to get inode (-116)
[  214.155309][ T5582] overlayfs: failed to get inode (-116)
[  214.161052][ T5582] overlayfs: failed to get inode (-116)
[  214.166705][ T5582] overlayfs: failed to get inode (-116)
[  215.034080][ T5589] loop1: detected capacity change from 0 to 512
[  215.275774][ T5589] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  215.282907][ T5596] loop4: detected capacity change from 0 to 4096
[  215.293410][ T5589] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038 (0x7fffffff)
[  215.549722][ T5596] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  215.633134][ T5589] EXT4-fs error (device loop1): ext4_add_entry:2484: inode #2: comm syz.1.517: Directory hole found for htree leaf block 0
[  215.668284][ T5596] ntfs: (device loop4): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  215.805356][ T5596] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  215.817124][ T5589] EXT4-fs error (device loop1): ext4_add_entry:2484: inode #2: comm syz.1.517: Directory hole found for htree leaf block 0
[  215.830722][ T4691] Bluetooth: hci3: command 0x040f tx timeout
[  215.843649][ T5596] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  215.853397][ T5589] EXT4-fs error (device loop1): ext4_add_entry:2484: inode #2: comm syz.1.517: Directory hole found for htree leaf block 0
[  215.876622][ T5596] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  215.932657][ T5596] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  215.958092][ T5596] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  215.967806][ T5596] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  215.979585][ T3764] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  215.994436][ T5589] EXT4-fs error (device loop1): ext4_add_entry:2484: inode #2: comm syz.1.517: Directory hole found for htree leaf block 0
[  216.036617][ T5596] ntfs: volume version 3.1.
[  216.212452][ T5589] input: syz0 as /devices/virtual/input/input12
[  216.579792][ T3683] Bluetooth: hci1: command 0x0406 tx timeout
[  216.863199][ T3764] usb 3-1: Using ep0 maxpacket: 32
[  217.117682][ T3764] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.128634][ T3764] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.138431][ T3764] usb 3-1: New USB device found, idVendor=056a, idProduct=00f0, bcdDevice= 0.00
[  217.148490][ T3764] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.213380][ T3764] usb 3-1: config 0 descriptor??
[  217.300335][ T5624] __ntfs_error: 11 callbacks suppressed
[  217.300372][ T5624] ntfs: (device loop4): ntfs_truncate(): Inode 0x43 has unknown attribute type 0x80.  Aborting truncate.
[  217.869632][    T7] Bluetooth: hci3: command 0x0419 tx timeout
[  217.955883][ T5497] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  217.991160][ T5497] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  218.021558][ T5497] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  218.049631][ T3617] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  218.057889][ T5497] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  218.079107][ T5635] loop4: detected capacity change from 0 to 512
[  218.123083][ T3764] wacom 0003:056A:00F0.0002: unknown main item tag 0x0
[  218.205587][ T3764] wacom 0003:056A:00F0.0002: hidraw0: USB HID v0.00 Device [HID 056a:00f0] on usb-dummy_hcd.2-1/input0
[  218.278060][ T5635] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  218.317032][ T5497] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.360797][ T5635] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  218.368823][ T5635] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e118, mo2=0002]
[  218.378574][ T5635] EXT4-fs (loop4): orphan cleanup on readonly fs
[  218.385303][ T5635] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0
[  218.395586][ T5635] EXT4-fs warning (device loop4): ext4_enable_quotas:6431: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  218.415332][ T5635] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  218.429776][ T3617] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  218.444090][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.454988][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  218.474871][ T5497] 8021q: adding VLAN 0 to HW filter on device team0
[  218.482150][ T5635] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.511: bg 0: block 40: padding at end of block bitmap is not set
[  218.516147][ T5635] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem
[  218.520750][ T3616] usb 3-1: USB disconnect, device number 8
[  218.531552][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.547578][ T5635] EXT4-fs (loop4): 1 truncate cleaned up
[  218.553768][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.564424][ T5635] EXT4-fs (loop4): mounted filesystem without journal. Opts: lazytime,usrjquota=,noblock_validity,norecovery,bsddf,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  218.564830][ T5031] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.588623][ T5031] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.627019][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  218.679129][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  218.695312][ T5031] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.702398][ T5031] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.736578][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.778485][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.810180][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  218.833564][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  218.841767][ T3617] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  218.863049][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  218.872083][ T3617] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.902492][ T3617] usb 1-1: Manufacturer: 쌂臁署힇홎菨ԍ혔뺰ힵꂒ죂钗Ｓ⋤㾊⏝켙峐ꮎ▞৲좾䄒균븮ￜꬠꑢ윶굽ẵ왫ﰬ輚킴奋ᅘꮨ탬撛㬽帟⒣딖⺚ɟ檦ꊚ뿘茩⓸ḛ浴祼倳癅ⱝ쉫ᘙ巣脁ḇ뗬஺൶泫㧱ܗ㮲㟐锨.ᙽ邰퇎㺕ffi鶩婶ʥ⾝醀ꖌ亶ʆ暣袎뷋鵞嶽晣ས샠࿙㭁댧❷룷䭷ꁥ숉貪༘љ扼䎠ꄂ籧乷ꁛ
[  218.940203][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  218.975428][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  219.008784][ T3617] usb 1-1: SerialNumber: ఄ
[  219.009098][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.039799][ T5629] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  219.053713][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  219.074973][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  219.136482][ T5497] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  219.161927][ T5497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  219.190257][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  219.205799][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  219.355647][   T25] audit: type=1326 audit(1726048875.194:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  219.392081][ T3617] usb 1-1: USB disconnect, device number 6
[  219.499308][ T5670] netlink: 80 bytes leftover after parsing attributes in process `syz.2.514'.
[  219.528089][   T25] audit: type=1326 audit(1726048875.194:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  219.766533][   T25] audit: type=1326 audit(1726048875.194:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  220.236679][   T25] audit: type=1326 audit(1726048875.194:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  220.311841][ T5677] xt_NFQUEUE: number of total queues is 0
[  220.378282][   T25] audit: type=1326 audit(1726048875.194:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  220.436530][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  220.463866][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  220.484021][   T25] audit: type=1326 audit(1726048875.194:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  220.508685][ T5680] syz.4.516 (5680): attempted to duplicate a private mapping with mremap.  This is not supported.
[  220.530549][ T5677] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma?
[  220.545086][ T5497] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.584957][   T25] audit: type=1326 audit(1726048875.194:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  220.621110][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  220.658654][ T5686] loop0: detected capacity change from 0 to 256
[  220.676766][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  220.715229][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  220.726340][   T25] audit: type=1326 audit(1726048875.194:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39e97ef9 code=0x7ffc0000
[  220.761013][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  220.784743][ T5497] device veth0_vlan entered promiscuous mode
[  220.795601][ T5686] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  220.812641][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  220.834930][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  220.870414][ T5497] device veth1_vlan entered promiscuous mode
[  220.941528][ T5497] device veth0_macvtap entered promiscuous mode
[  220.976025][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  221.004357][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  221.027969][ T5132] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000005)
[  221.043131][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  221.060390][ T5132] exFAT-fs (loop0): Filesystem has been set read-only
[  221.074987][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  221.117747][ T5497] device veth1_macvtap entered promiscuous mode
[  221.139180][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  221.155148][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  221.297869][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.341101][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.365569][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.403457][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.431567][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.465463][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.497407][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.536032][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.582058][ T5497] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.609193][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  221.649010][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  221.673152][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.699075][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.719354][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.746890][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.777027][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.800604][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.829648][ T5497] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  221.851296][ T5497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.882126][ T5497] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.895004][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  221.913124][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  222.001942][ T5497] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.034909][ T5497] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.062409][ T5497] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.079552][ T5497] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.097236][ T5707] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  222.228673][ T3813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.263917][ T3813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.290551][ T1213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.306465][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  222.325112][ T1213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.353774][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  222.837136][ T5723] loop2: detected capacity change from 0 to 2048
[  223.726287][ T5723] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  223.741605][ T5723] ext4 filesystem being mounted at /83/bus supports timestamps until 2038 (0x7fffffff)
[  224.420839][ T5711] chnl_net:caif_netlink_parms(): no params data found
[  224.442542][ T3683] Bluetooth: hci0: command 0x0409 tx timeout
[  224.568162][ T5737] loop1: detected capacity change from 0 to 512
[  224.613625][ T5737] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  224.621544][ T5737] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  224.673420][ T5737] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2815: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  224.701696][ T4979] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.715971][ T5737] EXT4-fs (loop1): 1 truncate cleaned up
[  224.725916][ T5737] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,init_itable=0x000000000000007f,block_validity,quota,,errors=continue. Quota mode: writeback.
[  224.826442][ T5711] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.841880][ T5711] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.849884][ T5711] device bridge_slave_0 entered promiscuous mode
[  224.868748][ T5737] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  224.888307][ T5711] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.902827][ T5711] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.911200][ T5711] device bridge_slave_1 entered promiscuous mode
[  225.122129][ T4979] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.226608][ T4979] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.422864][ T4979] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.335342][ T5711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  226.367724][ T5755] loop4: detected capacity change from 0 to 256
[  226.487209][ T5711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  226.505969][    T7] Bluetooth: hci0: command 0x041b tx timeout
[  226.541374][ T5755] exfat: Unknown parameter '��������������������0xffffffffffffffff'
[  226.638000][ T5766] usb usb8: usbfs: process 5766 (syz.1.536) did not claim interface 0 before use
[  227.280745][ T5711] team0: Port device team_slave_0 added
[  227.317725][ T5711] team0: Port device team_slave_1 added
[  228.240987][ T5711] batman_adv: batadv0: Adding interface: batadv_slave_0
[  228.255113][ T5777] loop4: detected capacity change from 0 to 512
[  228.262855][ T5711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.332619][ T5711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  228.374443][ T5711] batman_adv: batadv0: Adding interface: batadv_slave_1
[  228.405661][ T5777] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #3: comm syz.4.541: corrupted inode contents
[  228.419235][ T5711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.446780][ T5777] EXT4-fs error (device loop4): ext4_dirty_inode:6004: inode #3: comm syz.4.541: mark_inode_dirty error
[  228.459907][ T5711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  228.469870][ T5777] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #3: comm syz.4.541: corrupted inode contents
[  228.487950][ T5777] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz.4.541: mark_inode_dirty error
[  228.514493][ T5777] __quota_error: 30 callbacks suppressed
[  228.514503][ T5777] Quota error (device loop4): write_blk: dquota write failed
[  228.563152][ T5777] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  228.577475][ T5777] EXT4-fs error (device loop4): ext4_acquire_dquot:6196: comm syz.4.541: Failed to acquire dquot type 0
[  228.588816][ T3683] Bluetooth: hci0: command 0x040f tx timeout
[  228.603152][ T5777] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.541: corrupted inode contents
[  228.624635][ T5777] EXT4-fs error (device loop4): ext4_dirty_inode:6004: inode #16: comm syz.4.541: mark_inode_dirty error
[  228.637692][ T5777] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.541: corrupted inode contents
[  228.691163][ T5777] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.541: mark_inode_dirty error
[  228.717693][ T5711] device hsr_slave_0 entered promiscuous mode
[  228.734427][ T5711] device hsr_slave_1 entered promiscuous mode
[  228.746659][ T5711] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  228.747123][ T5777] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.541: corrupted inode contents
[  228.774804][ T5711] Cannot create hsr debugfs directory
[  228.795749][ T5777] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  228.887303][ T5777] EXT4-fs error (device loop4): ext4_do_update_inode:5171: inode #16: comm syz.4.541: corrupted inode contents
[  228.988880][ T5777] EXT4-fs error (device loop4): ext4_truncate:4272: inode #16: comm syz.4.541: mark_inode_dirty error
[  229.007270][ T5777] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  229.017561][ T5777] EXT4-fs (loop4): 1 truncate cleaned up
[  229.052822][ T5769] chnl_net:caif_netlink_parms(): no params data found
[  229.067771][ T5777] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  229.164643][ T5777] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038 (0x7fffffff)
[  229.239672][ T5802] loop1: detected capacity change from 0 to 512
[  229.253237][   T25] audit: type=1800 audit(1726048885.094:96): pid=5777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.541" name="bus" dev="loop4" ino=18 res=0 errno=0
[  229.296805][ T5802] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  229.327315][ T5802] EXT4-fs (loop1): group descriptors corrupted!
[  229.389714][    T7] Bluetooth: hci3: command 0x0409 tx timeout
[  229.397174][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.410560][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.418839][ T5769] device bridge_slave_0 entered promiscuous mode
[  229.501603][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.517520][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.537680][ T5812] loop1: detected capacity change from 0 to 512
[  229.547715][ T5769] device bridge_slave_1 entered promiscuous mode
[  229.619845][ T5812] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.545: iget: bad extended attribute block 1
[  229.637323][ T5812] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.545: couldn't read orphan inode 15 (err -117)
[  229.662705][ T5812] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none.
[  229.790079][ T5812] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 7727 vs 220 free clusters
[  229.926972][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.976881][ T4979] device hsr_slave_0 left promiscuous mode
[  230.201725][ T4979] device hsr_slave_1 left promiscuous mode
[  230.223173][ T4979] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  230.270435][ T4979] batman_adv: batadv0: Removing interface: batadv_slave_0
[  230.323732][ T4979] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  230.360792][ T4979] batman_adv: batadv0: Removing interface: batadv_slave_1
[  230.403014][ T4979] device bridge_slave_1 left promiscuous mode
[  230.437694][ T4979] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.530816][ T4979] device bridge_slave_0 left promiscuous mode
[  230.537125][ T4979] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.557598][ T4979] device veth1_macvtap left promiscuous mode
[  230.568136][ T4979] device veth0_macvtap left promiscuous mode
[  230.577498][ T4979] device veth1_vlan left promiscuous mode
[  230.696891][ T3683] Bluetooth: hci0: command 0x0419 tx timeout
[  230.714379][ T4979] device veth0_vlan left promiscuous mode
[  230.729289][ T5830] loop4: detected capacity change from 0 to 256
[  231.600332][ T3683] Bluetooth: hci3: command 0x041b tx timeout
[  231.888055][ T5836] loop1: detected capacity change from 0 to 1024
[  232.657589][ T4979] team0 (unregistering): Port device team_slave_1 removed
[  232.757083][ T4979] team0 (unregistering): Port device team_slave_0 removed
[  232.779435][ T4979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  232.811387][ T4979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  232.961705][ T5036] hfsplus: b-tree write err: -5, ino 4
[  232.988065][ T5036] hfsplus: b-tree write err: -5, ino 8
[  233.053287][ T4979] bond0 (unregistering): Released all slaves
[  233.070227][ T5849] loop4: detected capacity change from 0 to 1024
[  233.754567][ T3613] Bluetooth: hci3: command 0x040f tx timeout
[  233.770514][ T5849] hfsplus: xattr searching failed
[  233.782343][   T25] audit: type=1800 audit(1726048889.614:97): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.552" name="bus" dev="loop4" ino=25 res=0 errno=0
[  233.782537][ T5849] hfsplus: xattr searching failed
[  233.803392][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.942697][ T5769] team0: Port device team_slave_0 added
[  233.947632][ T5769] team0: Port device team_slave_1 added
[  234.046869][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0
[  234.075038][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.177478][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  234.256738][ T5867] netlink: 16 bytes leftover after parsing attributes in process `syz.4.556'.
[  234.313969][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1
[  234.357740][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.467637][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  234.491291][ T5711] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  234.511707][ T5881] loop4: detected capacity change from 0 to 1024
[  234.541591][ T5886] device team_slave_0 entered promiscuous mode
[  234.548500][ T5886] device team_slave_1 entered promiscuous mode
[  234.558033][ T5711] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  234.617598][ T5711] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  234.669668][ T5711] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  234.702239][ T5893] 9pnet: p9_fd_create_tcp (5893): problem connecting socket to 127.0.0.1
[  234.721571][ T5769] device hsr_slave_0 entered promiscuous mode
[  234.745784][ T5769] device hsr_slave_1 entered promiscuous mode
[  234.775676][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  234.800050][ T5769] Cannot create hsr debugfs directory
[  234.826973][ T5887] delete_channel: no stack
[  234.861241][ T5892] netlink: 'syz.2.560': attribute type 10 has an invalid length.
[  234.919563][ T5892] device team_slave_0 left promiscuous mode
[  234.928105][ T5892] device team_slave_1 left promiscuous mode
[  235.696963][ T5892] device team_slave_0 entered promiscuous mode
[  235.703226][ T5892] device team_slave_1 entered promiscuous mode
[  235.711170][ T5892] 8021q: adding VLAN 0 to HW filter on device team0
[  235.744877][ T5892] bond0: (slave team0): Enslaving as an active interface with an up link
[  235.779684][    T7] Bluetooth: hci3: command 0x0419 tx timeout
[  235.857088][ T5885] device team_slave_0 left promiscuous mode
[  235.863329][ T5885] device team_slave_1 left promiscuous mode
[  236.376883][ T5919] overlayfs: failed to get inode (-116)
[  236.383239][ T5919] overlayfs: failed to get inode (-116)
[  236.389588][ T5919] overlayfs: failed to get inode (-116)
[  236.395919][ T5919] overlayfs: failed to get inode (-116)
[  237.036485][ T5711] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.160167][ T5769] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.228511][ T5711] 8021q: adding VLAN 0 to HW filter on device team0
[  237.267256][ T5931] netlink: 'syz.2.568': attribute type 12 has an invalid length.
[  237.297687][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  237.426419][ T5937] loop1: detected capacity change from 0 to 2048
[  237.501394][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  237.628653][ T5769] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.930147][ T5931] 9pnet: Insufficient options for proto=fd
[  237.946542][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  237.961735][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  237.973196][ T5931] loop2: detected capacity change from 0 to 512
[  237.993026][ T5036] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.000114][ T5036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.040763][ T5769] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.080942][ T5931] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #15: comm syz.2.568: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  238.115492][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  238.124260][ T5931] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.568: couldn't read orphan inode 15 (err -117)
[  238.134837][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  238.152695][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  238.165529][ T5036] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.172624][ T5036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.206693][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  238.215561][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  238.236532][ T5711] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  238.247143][ T5931] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  238.260616][ T5931] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038 (0x7fffffff)
[  238.289238][ T5711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  238.321149][ T5931] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.568: Directory hole found for htree leaf block 0
[  238.490177][ T5769] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.552089][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  238.598633][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  238.624516][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  238.648717][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  238.675836][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  238.714894][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  238.935015][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  238.963008][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  239.019133][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  239.027906][ T5036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  239.175224][ T5962] loop1: detected capacity change from 0 to 2048
[  239.232480][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  239.275162][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  239.314407][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  239.389235][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  239.403223][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  239.413915][ T3812] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  239.438703][ T5711] 8021q: adding VLAN 0 to HW filter on device batadv0
[  239.870751][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  239.884106][ T1213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  240.024624][ T5981] overlayfs: failed to get inode (-116)
[  240.031067][ T5981] overlayfs: failed to get inode (-116)
[  240.037338][ T5981] overlayfs: failed to get inode (-116)
[  240.043602][ T5981] overlayfs: failed to get inode (-116)
[  240.642091][ T5711] device veth0_vlan entered promiscuous mode
[  240.660294][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.671328][ T5711] device veth1_vlan entered promiscuous mode
[  240.692077][ T5769] 8021q: adding VLAN 0 to HW filter on device team0
[  240.724732][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  240.765449][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  240.791386][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  241.602288][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  241.636321][ T3584] Bluetooth: unknown link type 28
[  241.658038][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  241.700406][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  241.700631][ T3584] BUG: sleeping function called from invalid context at net/core/sock.c:3252
[  241.716901][ T3584] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3584, name: kworker/u5:7
[  241.726164][ T3584] 6 locks held by kworker/u5:7/3584:
[  241.731630][ T3584]  #0: ffff888076bc7938 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  241.742103][ T3584]  #1: ffffc90002d97d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  241.753693][ T3584]  #2: ffff8880781c4078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xab/0x9b0
[  241.763983][ T3584]  #3: ffffffff8db7ac68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x45f/0x9b0
[  241.774734][ T3584]  #4: ffff888078513420 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x27c/0xad0
[  241.784406][ T3584]  #5: ffff888022ba5120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x456/0xad0
[  241.795862][ T3584] Preemption disabled at:
[  241.795874][ T3584] [<0000000000000000>] 0x0
[  241.804846][ T3584] CPU: 0 PID: 3584 Comm: kworker/u5:7 Not tainted 5.15.166-syzkaller #0
[  241.813166][ T3584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  241.823215][ T3584] Workqueue: hci2 hci_rx_work
[  241.827878][ T3584] Call Trace:
[  241.831146][ T3584]  <TASK>
[  241.834057][ T3584]  dump_stack_lvl+0x1e3/0x2d0
[  241.838724][ T3584]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  241.844339][ T3584]  ? panic+0x860/0x860
[  241.848400][ T3584]  ___might_sleep+0x547/0x6a0
[  241.853065][ T3584]  ? __might_sleep+0xc0/0xc0
[  241.857642][ T3584]  ? __lock_acquire+0x1ff0/0x1ff0
[  241.862656][ T3584]  ? do_raw_spin_lock+0x14a/0x370
[  241.867669][ T3584]  ? queue_work_node+0x420/0x420
[  241.872591][ T3584]  ? __rwlock_init+0x140/0x140
[  241.877341][ T3584]  lock_sock_nested+0x5b/0x100
[  241.882090][ T3584]  sco_connect_cfm+0x456/0xad0
[  241.886842][ T3584]  ? sco_skb_put_cmsg+0x90/0x90
[  241.891678][ T3584]  ? sco_skb_put_cmsg+0x90/0x90
[  241.896511][ T3584]  hci_sync_conn_complete_evt+0x4ce/0x9b0
[  241.902219][ T3584]  hci_event_packet+0xa12/0x1550
[  241.907144][ T3584]  ? rcu_lock_release+0x20/0x20
[  241.911982][ T3584]  ? hci_send_to_monitor+0x99/0x4d0
[  241.917164][ T3584]  hci_rx_work+0x232/0x990
[  241.921568][ T3584]  process_one_work+0x8a1/0x10c0
[  241.926497][ T3584]  ? worker_detach_from_pool+0x260/0x260
[  241.932110][ T3584]  ? _raw_spin_lock_irqsave+0x120/0x120
[  241.937636][ T3584]  ? kthread_data+0x4e/0xc0
[  241.942117][ T3584]  ? wq_worker_running+0x97/0x170
[  241.947124][ T3584]  worker_thread+0xaca/0x1280
[  241.951783][ T3584]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  241.957674][ T3584]  kthread+0x3f6/0x4f0
[  241.961723][ T3584]  ? rcu_lock_release+0x20/0x20
[  241.966550][ T3584]  ? kthread_blkcg+0xd0/0xd0
[  241.971119][ T3584]  ret_from_fork+0x1f/0x30
[  241.975529][ T3584]  </TASK>
[  241.978596][ T3584] ==================================================================
[  241.986639][ T3584] BUG: KASAN: use-after-free in __lock_acquire+0x74/0x1ff0
[  241.993828][ T3584] Read of size 8 at addr ffff888022ba50a0 by task kworker/u5:7/3584
[  242.001794][ T3584] 
[  242.004110][ T3584] CPU: 0 PID: 3584 Comm: kworker/u5:7 Tainted: G        W         5.15.166-syzkaller #0
[  242.009399][ T5769] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  242.013811][ T3584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  242.013824][ T3584] Workqueue: hci2 hci_rx_work
[  242.013843][ T3584] Call Trace:
[  242.013849][ T3584]  <TASK>
[  242.013855][ T3584]  dump_stack_lvl+0x1e3/0x2d0
[  242.013874][ T3584]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  242.013890][ T3584]  ? _printk+0xd1/0x120
[  242.013909][ T3584]  ? __wake_up_klogd+0xcc/0x100
[  242.013926][ T3584]  ? panic+0x860/0x860
[  242.013941][ T3584]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  242.013962][ T3584]  print_address_description+0x63/0x3b0
[  242.013980][ T3584]  ? __lock_acquire+0x74/0x1ff0
[  242.013994][ T3584]  kasan_report+0x16b/0x1c0
[  242.014009][ T3584]  ? __lock_acquire+0x74/0x1ff0
[  242.034853][ T5769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  242.038975][ T3584]  __lock_acquire+0x74/0x1ff0
[  242.038995][ T3584]  ? dump_stack_lvl+0x274/0x2d0
[  242.113248][ T3584]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  242.118882][ T3584]  lock_acquire+0x1db/0x4f0
[  242.123383][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.128322][ T3584]  ? read_lock_is_recursive+0x10/0x10
[  242.133689][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.135507][   T21] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  242.138618][ T3584]  ? __bpf_trace_softirq+0x10/0x10
[  242.151142][ T3584]  ? __lock_acquire+0x1ff0/0x1ff0
[  242.156162][ T3584]  ? do_raw_spin_lock+0x14a/0x370
[  242.161178][ T3584]  ? queue_work_node+0x420/0x420
[  242.166107][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.171039][ T3584]  _raw_spin_lock_bh+0x31/0x40
[  242.175594][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.175811][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.187475][ T3584]  lock_sock_nested+0x68/0x100
[  242.192227][ T3584]  sco_connect_cfm+0x456/0xad0
[  242.196985][ T3584]  ? sco_skb_put_cmsg+0x90/0x90
[  242.201812][ T3584]  ? sco_skb_put_cmsg+0x90/0x90
[  242.206640][ T3584]  hci_sync_conn_complete_evt+0x4ce/0x9b0
[  242.212343][ T3584]  hci_event_packet+0xa12/0x1550
[  242.217258][ T3584]  ? rcu_lock_release+0x20/0x20
[  242.222093][ T3584]  ? hci_send_to_monitor+0x99/0x4d0
[  242.227282][ T3584]  hci_rx_work+0x232/0x990
[  242.231679][ T3584]  process_one_work+0x8a1/0x10c0
[  242.236605][ T3584]  ? worker_detach_from_pool+0x260/0x260
[  242.242222][ T3584]  ? _raw_spin_lock_irqsave+0x120/0x120
[  242.247775][ T3584]  ? kthread_data+0x4e/0xc0
[  242.252258][ T3584]  ? wq_worker_running+0x97/0x170
[  242.257280][ T3584]  worker_thread+0xaca/0x1280
[  242.261941][ T3584]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  242.267816][ T3584]  kthread+0x3f6/0x4f0
[  242.271860][ T3584]  ? rcu_lock_release+0x20/0x20
[  242.276690][ T3584]  ? kthread_blkcg+0xd0/0xd0
[  242.281266][ T3584]  ret_from_fork+0x1f/0x30
[  242.285659][ T3584]  </TASK>
[  242.288650][ T3584] 
[  242.290947][ T3584] Allocated by task 5992:
[  242.295242][ T3584]  ____kasan_kmalloc+0xba/0xf0
[  242.299982][ T3584]  __kmalloc+0x168/0x300
[  242.304215][ T3584]  sk_prot_alloc+0xe0/0x200
[  242.308688][ T3584]  sk_alloc+0x35/0x310
[  242.312728][ T3584]  sco_sock_create+0xb7/0x300
[  242.317381][ T3584]  bt_sock_create+0x159/0x220
[  242.322032][ T3584]  __sock_create+0x460/0x8d0
[  242.326732][ T3584]  __sys_socket+0x132/0x370
[  242.331219][ T3584]  __x64_sys_socket+0x76/0x80
[  242.335897][ T3584]  do_syscall_64+0x3b/0xb0
[  242.340305][ T3584]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  242.346176][ T3584] 
[  242.348473][ T3584] Freed by task 5990:
[  242.352420][ T3584]  kasan_set_track+0x4b/0x80
[  242.356985][ T3584]  kasan_set_free_info+0x1f/0x40
[  242.361911][ T3584]  ____kasan_slab_free+0xd8/0x120
[  242.366910][ T3584]  slab_free_freelist_hook+0xdd/0x160
[  242.372254][ T3584]  kfree+0xf1/0x270
[  242.376034][ T3584]  __sk_destruct+0x58e/0x840
[  242.380600][ T3584]  sco_sock_release+0x259/0x310
[  242.385422][ T3584]  sock_close+0xcd/0x230
[  242.389556][   T21] usb 3-1: Using ep0 maxpacket: 32
[  242.389640][ T3584]  __fput+0x3fe/0x8e0
[  242.398681][ T3584]  task_work_run+0x129/0x1a0
[  242.403252][ T3584]  exit_to_user_mode_loop+0x106/0x130
[  242.408613][ T3584]  exit_to_user_mode_prepare+0xb1/0x140
[  242.414136][ T3584]  syscall_exit_to_user_mode+0x5d/0x240
[  242.419668][ T3584]  do_syscall_64+0x47/0xb0
[  242.424074][ T3584]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  242.429946][ T3584] 
[  242.432244][ T3584] The buggy address belongs to the object at ffff888022ba5000
[  242.432244][ T3584]  which belongs to the cache kmalloc-2k of size 2048
[  242.446267][ T3584] The buggy address is located 160 bytes inside of
[  242.446267][ T3584]  2048-byte region [ffff888022ba5000, ffff888022ba5800)
[  242.459598][ T3584] The buggy address belongs to the page:
[  242.465206][ T3584] page:ffffea00008ae800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22ba0
[  242.475328][ T3584] head:ffffea00008ae800 order:3 compound_mapcount:0 compound_pincount:0
[  242.483622][ T3584] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  242.491575][ T3584] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017042000
[  242.500131][ T3584] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  242.508685][ T3584] page dumped because: kasan: bad access detected
[  242.509710][   T21] usb 3-1: config 0 has an invalid interface number: 115 but max is 1
[  242.515075][ T3584] page_owner tracks the page as allocated
[  242.528897][ T3584] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3575, ts 43721170739, free_ts 43683897362
[  242.547966][ T3584]  get_page_from_freelist+0x322a/0x33c0
[  242.553488][ T3584]  __alloc_pages+0x272/0x700
[  242.558051][ T3584]  new_slab+0xbb/0x4b0
[  242.562093][ T3584]  ___slab_alloc+0x6f6/0xe10
[  242.566655][ T3584]  __kmalloc+0x1c9/0x300
[  242.570872][ T3584]  __register_sysctl_table+0xdc/0x1220
[  242.576312][ T3584]  __addrconf_sysctl_register+0x28f/0x3e0
[  242.582014][ T3584]  addrconf_sysctl_register+0x128/0x180
[  242.587538][ T3584]  ipv6_add_dev+0xc96/0x1180
[  242.592103][ T3584]  addrconf_notify+0x671/0xf30
[  242.596839][ T3584]  raw_notifier_call_chain+0xd0/0x170
[  242.602182][ T3584]  call_netdevice_notifiers+0x145/0x1b0
[  242.607700][ T3584]  register_netdevice+0x12e8/0x1720
[  242.612874][ T3584]  veth_newlink+0x72e/0xe20
[  242.617363][ T3584]  rtnl_newlink+0x14e1/0x2070
[  242.622014][ T3584]  rtnetlink_rcv_msg+0x993/0xee0
[  242.626925][ T3584] page last free stack trace:
[  242.631567][ T3584]  free_unref_page_prepare+0xc34/0xcf0
[  242.636999][ T3584]  free_unref_page+0x95/0x2d0
[  242.641650][ T3584]  __unfreeze_partials+0x1b7/0x210
[  242.646742][ T3584]  put_cpu_partial+0x132/0x1a0
[  242.651507][ T3584]  ___cache_free+0xe3/0x100
[  242.655986][ T3584]  qlist_free_all+0x36/0x90
[  242.660463][ T3584]  kasan_quarantine_reduce+0x162/0x180
[  242.665893][ T3584]  __kasan_slab_alloc+0x2f/0xc0
[  242.670712][ T3584]  slab_post_alloc_hook+0x53/0x380
[  242.675795][ T3584]  kmem_cache_alloc_trace+0xfb/0x290
[  242.681051][ T3584]  netdevice_event+0x382/0x960
[  242.685786][ T3584]  raw_notifier_call_chain+0xd0/0x170
[  242.691127][ T3584]  dev_open+0x1c1/0x260
[  242.695254][ T3584]  team_add_slave+0x981/0x27a0
[  242.699987][ T3584]  do_setlink+0xdd3/0x3d80
[  242.704377][ T3584]  rtnl_newlink+0x17d6/0x2070
[  242.709029][ T3584] 
[  242.711326][ T3584] Memory state around the buggy address:
[  242.716927][ T3584]  ffff888022ba4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  242.724959][ T3584]  ffff888022ba5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  242.732990][ T3584] >ffff888022ba5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  242.741022][ T3584]                                ^
[  242.746100][ T3584]  ffff888022ba5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  242.754128][ T3584]  ffff888022ba5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  242.762154][ T3584] ==================================================================
[  242.770182][ T3584] Disabling lock debugging due to kernel taint
[  242.776309][ T3584] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  242.783487][ T3584] CPU: 0 PID: 3584 Comm: kworker/u5:7 Tainted: G    B   W         5.15.166-syzkaller #0
[  242.793170][ T3584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  242.803203][ T3584] Workqueue: hci2 hci_rx_work
[  242.807860][ T3584] Call Trace:
[  242.811112][ T3584]  <TASK>
[  242.814021][ T3584]  dump_stack_lvl+0x1e3/0x2d0
[  242.818670][ T3584]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  242.824273][ T3584]  ? panic+0x860/0x860
[  242.828313][ T3584]  ? rcu_is_watching+0x11/0xa0
[  242.833046][ T3584]  ? lock_release+0xb9/0x9a0
[  242.837607][ T3584]  panic+0x318/0x860
[  242.841475][ T3584]  ? check_panic_on_warn+0x1d/0xa0
[  242.846555][ T3584]  ? fb_is_primary_device+0xd0/0xd0
[  242.851723][ T3584]  ? do_raw_spin_unlock+0x137/0x8b0
[  242.856892][ T3584]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  242.862755][ T3584]  ? _raw_spin_unlock+0x40/0x40
[  242.867577][ T3584]  check_panic_on_warn+0x7e/0xa0
[  242.872490][ T3584]  ? __lock_acquire+0x74/0x1ff0
[  242.877314][ T3584]  end_report+0x6d/0xf0
[  242.881455][ T3584]  kasan_report+0x18e/0x1c0
[  242.885927][ T3584]  ? __lock_acquire+0x74/0x1ff0
[  242.890749][ T3584]  __lock_acquire+0x74/0x1ff0
[  242.895395][ T3584]  ? dump_stack_lvl+0x274/0x2d0
[  242.900216][ T3584]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  242.905818][ T3584]  lock_acquire+0x1db/0x4f0
[  242.910292][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.915204][ T3584]  ? read_lock_is_recursive+0x10/0x10
[  242.920548][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.925458][ T3584]  ? __bpf_trace_softirq+0x10/0x10
[  242.930539][ T3584]  ? __lock_acquire+0x1ff0/0x1ff0
[  242.935534][ T3584]  ? do_raw_spin_lock+0x14a/0x370
[  242.940527][ T3584]  ? queue_work_node+0x420/0x420
[  242.945436][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.950343][ T3584]  _raw_spin_lock_bh+0x31/0x40
[  242.955079][ T3584]  ? lock_sock_nested+0x68/0x100
[  242.959986][ T3584]  lock_sock_nested+0x68/0x100
[  242.964723][ T3584]  sco_connect_cfm+0x456/0xad0
[  242.969481][ T3584]  ? sco_skb_put_cmsg+0x90/0x90
[  242.974315][ T3584]  ? sco_skb_put_cmsg+0x90/0x90
[  242.979134][ T3584]  hci_sync_conn_complete_evt+0x4ce/0x9b0
[  242.984829][ T3584]  hci_event_packet+0xa12/0x1550
[  242.989742][ T3584]  ? rcu_lock_release+0x20/0x20
[  242.994567][ T3584]  ? hci_send_to_monitor+0x99/0x4d0
[  242.999736][ T3584]  hci_rx_work+0x232/0x990
[  243.004126][ T3584]  process_one_work+0x8a1/0x10c0
[  243.009035][ T3584]  ? worker_detach_from_pool+0x260/0x260
[  243.014639][ T3584]  ? _raw_spin_lock_irqsave+0x120/0x120
[  243.020160][ T3584]  ? kthread_data+0x4e/0xc0
[  243.024633][ T3584]  ? wq_worker_running+0x97/0x170
[  243.029627][ T3584]  worker_thread+0xaca/0x1280
[  243.034279][ T3584]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  243.040145][ T3584]  kthread+0x3f6/0x4f0
[  243.044183][ T3584]  ? rcu_lock_release+0x20/0x20
[  243.049010][ T3584]  ? kthread_blkcg+0xd0/0xd0
[  243.053581][ T3584]  ret_from_fork+0x1f/0x30
[  243.057972][ T3584]  </TASK>
[  243.061303][ T3584] Kernel Offset: disabled
[  243.065609][ T3584] Rebooting in 86400 seconds..