last executing test programs:

7m26.814646701s ago: executing program 0 (id=203):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000180)='u', 0x1}], 0x1)
connect$vsock_stream(r1, &(0x7f0000001080)={0x28, 0x0, 0x2711, @hyper}, 0x10)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
syz_read_part_table(0x106a, &(0x7f0000000000)="$eJzsz7FJxVAUBuD/5ibxpnUB17C0EGwsFXexUcERnECwsbLWDdzCFbJAxECEt8B7r/i+6pyfHw4nHNTUtdOP5Py5vqQleUxyNySp45ik/Be/vq//luF1bicpNRf9Gi+fb/dbqSb91XyTYXkoP0u3ZuVyajsHu6ezus319n0/XwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAcfsNAAD//3OqEK8=")
sendto$packet(r1, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658de3b024a6ea22baafb445bf8427c8055d00", 0xffffff3d, 0x0, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/74, 0x4a}], 0x2d}, 0x10000)

7m24.650843989s ago: executing program 0 (id=214):
r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040), 0xff, 0x240, &(0x7f00000002c0)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08")
r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r2 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000500)={'ip6tnl0\x00', 0x0, 0x4, 0x4, 0x3, 0x6, 0x38, @empty, @loopback, 0x80, 0x20, 0x2, 0x3}})
sendmsg$nl_route(r1, 0x0, 0x8051)
sendto$inet6(r2, 0x0, 0x0, 0x8c612f044f7ba963, &(0x7f0000000080)={0xa, 0x4e20, 0x4, @ipv4={'\x00', '\xff\xff', @local}, 0x80000001}, 0x1c)
creat(0x0, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xd, 0x50, r0, 0xc21b1000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
fallocate(r3, 0x10, 0x4000, 0x4000)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xe7b, 0x0, 0x0)

7m23.924068947s ago: executing program 0 (id=218):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x7c, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x4c, 0x2, [@TCA_BASIC_EMATCHES={0x14, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xd}}]}, @TCA_BASIC_ACT={0x34, 0x3, [@m_csum={0x30, 0xf, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x7}}}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x0, 0x1}}}, 0x24}}, 0x10)

7m22.618387781s ago: executing program 0 (id=224):
timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=<r0=>0x0)
getpid()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x4000, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x6, 0x2ab, &(0x7f0000000a80)="$eJzs3b1rLFUUAPAzyX6pxW5hJYIDWlg9Xl5rs0HyILiVsoVa6MP3Hkh2ERII+IFrKlsbS/8CQbDzn7CxsBdsBTtTBEZmZya7ibObTHATP36/Jjd3zrn3zOQmYYs9+/6L04PHaTw9+eyX6PWS2BrGME6TGMRWVL6IC4ZfBQDwb3aaZfF7VmiSl0REb3NlAQAb1Pj///cbLwkA2LC33n7njd3RaO/NNO3Fw+mXx+P8lX3+tbi++zQ+jEk8ifvRj7OI7Fwxfphl2ayV5gbxynR2PM4zp+/9WK6/+1vEPH8n+jGYT13M3x/t7aSFpfxZXsez5f7DPP9B9OP5mv33R3sPavJj3IlXX16q/17046cP4qOYxON5EYv8z3fS9PXs6z8+fTcvL89PZsfj7jxuIdu+5R8NAAAAAAAAAAAAAAAAAAAAAAD/YffK3jndmPfvyafK/jvbZ/k37Ugrg4v9eYr8pFroUn+gWRbfVP117qdpmpWBi/xWvNCK1t3cNQAAAAAAAAAAAAAAAAAAAPyzHH38ycGjyeTJ4d8yqLoBVG/rv+k6w6WZl6ImZhDnM93FllvltmtWju0qJolYW0a+YqPi21fvvmLwzKqsb79r+uh6V8e0b1Bhw0F1ug4eJfXPsBvVTK86JD8sx3Timnt1Vl3KGh2/Tu2lfuN77zw3H8zWxESyrrDXfi2eXDmTXL6Lzvyp1qa3y0Hxu1B3Nhqd57/+rUh06wAAAAAAAAAAAAAAAAAAgI1avOm35uLJiqSf94sP+Y/BhqsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNux+Pz/BoNZmXyN4E4cHt3xLQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/8GcAAAD//wrtYeE=")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000240)={0x10001, 0x0, &(0x7f000000b000/0x1000)=nil})
timer_settime(r0, 0x1, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0)
syz_clone3(&(0x7f0000000680)={0x40004000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
timer_gettime(0x0, &(0x7f0000000540))

7m21.45167943s ago: executing program 0 (id=230):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40010062, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES8=r0], 0x20}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0)

7m20.848955515s ago: executing program 1 (id=233):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r2, &(0x7f00000001c0)={0x18, 0x2, {0x1, @multicast1}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x2)
ioctl$PPPIOCBRIDGECHAN(r3, 0x40047435, &(0x7f0000000200)=0x1)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x34, 0x10, 0x801, 0x43, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2202e}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048050}, 0x40014)

7m20.54174727s ago: executing program 0 (id=235):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x4, 0x2, 0x2}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2641, 0x1}, 0x18, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1/file4/file7\x00', 0x0, 0x50)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000340)={0x2000, r2}, 0x0)
landlock_restrict_self(r1, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file4/file7/file6\x00', 0x0)

7m18.674100057s ago: executing program 32 (id=235):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x4, 0x2, 0x2}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2641, 0x1}, 0x18, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1/file4/file7\x00', 0x0, 0x50)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000340)={0x2000, r2}, 0x0)
landlock_restrict_self(r1, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file4/file7/file6\x00', 0x0)

7m18.621134835s ago: executing program 1 (id=238):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000230000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x36}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xe, 0x0, &(0x7f00000001c0)="0101000871a7832e6b7303c3cd59", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)

7m17.041169391s ago: executing program 1 (id=242):
r0 = epoll_create1(0x0)
r1 = socket(0x1, 0x80802, 0x0)
r2 = epoll_create1(0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000280))
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x10000001})
epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)
close(r2)
shutdown(r1, 0x0)
close(r0)

7m16.313502674s ago: executing program 1 (id=246):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80048e, &(0x7f0000000700)=ANY=[@ANYBLOB='iocharset=default,noadinicb,gid=forget,gid=ignore,nostrict,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c616e63686f723d30303030000088be0900303030303030303030312c7569643d666f726765742c00215e8c2e42462f3ab5e1f7c0527abbb422be9178aa60681964adb069ae876c4a599d560075ac47c0de1a9bb9146af6433efdcdac853a8e8f16d6bad90ecce0a1fab46f48331e6b3c3208000000334e4da28067a30b3b1dc64bf692c712fc273bc1702008f563765c6f3e7cd97e1369973c2a87f0ecca7320819863179fb85e394a8cf1d62c70d8306633b6958ebf998a0685bc5cdd1f97291328743add4c867115fae1082f8faf482e15eb939968"], 0xfd, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==")
r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
fcntl$addseals(r0, 0x409, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x75e, &(0x7f0000001280)="$eJzs3M1rHPUbAPBnJtmkL/n9NoLgy0GEFloonSTNpT01XrwVCgWvNSSTEDLJhuymdmPB1rNQm4uCIOrZo1eh1D/AmxQUvAuiNR7Ey8psXkpjNt02TVbazwcm+3xnZ+Z5nuzwzQ5kJoAX1pvljyRiKCIuR0R1c30aEQPt6EjEzY3t1h/cmCqXJFqtK78l5W6x3qpuHyvZfD0e7V3i1Yi4V4k48+G/89abq/OTRZEvb45HGgtLI/Xm6tm5hcnZfDZfHBu/MHp+fPz86Phje3ily15PvnPh6J3v315b++Gbxu03+s8mMdHuOzZ76/IwT2Tjd1KJiR3rFw8iWQ8lvS4AAICulN/z+yKiv/0ttRp97QgAAAB4nrQGWwAAAMBzL4leVwAAAAAcrK3/A9i6t/eg7oPt5Ne3ImJ4t/z97XuII45EJSKOrSeP3JmQbOwG+3LzVkTcndh5/n1VnmE393ns0R3jR++RHtjn0XkW7pbzz8Ru80+6Pf/ELvNP/9azE/ap8/z3MH9fh/nvcpc5vv38tUrH/LciXu/fLX+ynT/pkP/dLvPfXvvoTjvYpYrWlxGndv37kzySa4/nQ0zMzBV7Pn7g3t+n7+/V/7FO+ZO9+1/qsv/31/+Y7zSXlPlPn9j7898tf3lOfLxZRxoRdzZfy/HajhwnFn78bq/+pyNaT/P5f9Fl/z9/PXi9y00BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgLY2IoUjSbDtO0yyLOB4RL8extKjVG2dmaiuL0+V7EcNRSWfminw0Iqob46Qcj7Xjh+NzO8bjEfHST0c3ks4VeTZVK6Z73TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbjkfEUCRpFhFpRPxZTdMsi+jvYt/BQ6gPAAAAeEaGe10AAAAAcOC6uP4fOIw6AAAAgINTXv/3PcV+yQHUAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy3Ll+6VC6t9Qc3psrx9LXmynzt2tnpvD6fLaxMZVO15aVstlabLfJsqrbwuOMVtdrS2IVYuT7SyOuNkXpz9epCbWWxcXVuYXI2v5pXDqUrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntRQe0nSLCLSdpymWRbxv4gYjkoyM1fkoxHx/4i4X60MluOxXhcNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAM1dvrs5PFkW+LBAIDi34ICL+A2XsEfR6ZgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoBfqzdX5yaLIl+u9rgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDeSn9JIqJcTlVPDu18dyD5q9p+jYj3PrvyyfXJRmN5rFz/+/b6xqeb68/1on4AAAB4IVx8ko23rtO3ruMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6VW+uzk8WRb68v+BiNFdbSYdtet0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwdP4JAAD//2T7x0Y=")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00')

7m14.451865802s ago: executing program 1 (id=253):
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000001a40)={0xffffffff, 0xb, 0x4, 0x2, 0x0, {}, {0x0, 0x0, 0x7, 0x8, 0x3, 0x4, "36eec574"}, 0xd4c, 0x4, {}, 0x7})
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ptrace(0x10, r1)
ptrace(0x4207, r1)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28})

7m13.465299022s ago: executing program 1 (id=257):
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

7m11.233139466s ago: executing program 33 (id=257):
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

5m3.946535089s ago: executing program 3 (id=656):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

5m1.913055416s ago: executing program 3 (id=658):
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x24}, @hci_rp_read_local_oob_data={{0x7}, {0xa4, "d3d3ee0e7fcf8c66655cda90f6160ff4", "2f3187f90136c02e4e69b48f14c5f719"}}}}, 0x27)
unshare(0x2040400)
r0 = eventfd(0x3)
sync_file_range(r0, 0xffffffffffff0700, 0xfffffffffffffffd, 0x7)
syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x0, 0x413}}}, 0x7)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
socket$nl_route(0x10, 0x3, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000)='7', 0x34000, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$TIOCGDEV(0xffffffffffffffff, 0x80045432, &(0x7f0000000080))

5m1.380955019s ago: executing program 3 (id=650):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
memfd_secret(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0xb928, 0x39, @empty, @dev={0xfe, 0x80, '\x00', 0xe}, 0x40, 0x0, 0x0, 0xfffe}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[@ANYRES64=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r5, 0x0, r0})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

5m0.24000159s ago: executing program 3 (id=652):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x19)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x56, 0x0, 0x1, 0x60df, 0x0, "00120dd608f500001e20000080c90a008000"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xa)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x9, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
setpriority(0x1, 0xff, 0x80000000008)

4m57.866462528s ago: executing program 3 (id=660):
mbind(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYRES16=0x0, @ANYBLOB="2814f8cac597171cad49bc6574d55dbc38dd2fded0607fe9871944ff97d2ae5ef4c6479e31870919461aff7d02df32b2605ac33bb987bfb274689aa76cdab077e5db95a23d"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000800000001"], 0x48)
r2 = signalfd(r0, &(0x7f0000000200)={[0xe05b]}, 0x8)
sendmmsg$sock(r2, &(0x7f0000000d00)=[{{&(0x7f0000000300)=@l2={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1000}, 0x80, &(0x7f0000000580)=[{&(0x7f00000008c0)="7bf7f6adeccf554705de1b75f68b6fcd4e5a1115e992386411af184d6053dd3f76560b542d777d503721e4585888addeed3a0b7d42c0a2c8c3f11cfdb805e08e5c16a6373068dbe8abfbfd5d6c6ae44fe11288899869e8b72b4867fedb20df3450c235ee885e4ec6ef2c03fa8d53b269d05e7c0b9ae748e74b2d394e08d64a59faf409ab86acb872922c65bd078d6f7911ddd7bd8494a81739904ca6b33e82adfe36629520a829c00efd4ac258d82ab1640dde8b3ca60fb140846f6b4d0495102606a6f576b80ec3b886847dac013e21f4607db8564e13ed", 0xd8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000009c0)="d68e4407081730e2489078aabccf6931b2752fa7d34322a8fafd7a2b4a47f31d5337e49393463439d84f01d2c37f98a8aa0f66a5c052a8e4e9d964f7605da61336f37e0f7e50ef56b321a91c89b87fd6b6ba0855a6875865fc6bc75d371d2b76fa5a0f0dfbae9e768a7957c5a9dd0328abd3e3ccf5b36b39068090d639130019dbc0ea4e1750545896673cd8ac5b24d0633fceae8f322dd1d567641e3baf3b994a5eaca20769c9b7fffa8b2eea799e5bc5136200a84055cf5b0c", 0xba}, {&(0x7f0000000a80)="d466cd897057671c5f4af0d6220e47efefc5941cce406fbc6d7271c3e6d913332ff34428a53d788a1d26f38c375ea84b0ea0adc0f1a12045e7e0feaf8ae5a73997d3c5e6ded386f6f3721ff829152fa9d398ac16e5d51220cfeead9dd052cddacf57a63969c1713f03392fc0fa782e9778578608e2445472a7c639470220a512df1f88e68b2941ce918d82964450fb8f897594b7eb", 0x95}, {&(0x7f00000005c0)="03921387485c53e29fce2ec14e3bb8590862b49c9336db2e19380078e190731926529498c7b7e002a2b5dba4a2c990b8c408b33ee59c06ccc482cd6736d2ff37aa89b969457f8939ff386347ba4b22db06b07d09f64bbd77c35d1986846a2ae4c80c927af01789e7f0592cb8dcba9931111c3d7b56", 0x75}, {&(0x7f0000000b40)="ffb8b6ae9bf9e1ff8647021b1f890d2210cffae4de042ef71abb3861efead4a086e25d148721481371650e3fb971adb02259f9a7b4fa4ca6f19f5390dcefa3afc7064cd6c3b6900a8a9c89588876bbe3e85646aa4c476a32c8f8afbc9a1a1425b2fa080a46484daee613eb704469e37c9b0e67ad0e8839cb2bb589f1ce879e52141d407c4708e2981ca47a13f102f428fe444b23fbf28a3aa6e5da", 0x9b}, {&(0x7f0000000c00)="18234cd080a4f1f60efc7bb15cb216bf812222368c375c7524ba4e602be39a9a7a5f9b4a60ea0a488ae361a8f18ca3ddfd6473d8b8c0e645504f27003cdb12610942b8d6ee1d500ff1aa336bace9d05483daa2395774969266d8823f960bd2b6c166ea1805009ca9af4d9d4a22be0b2d43de9b19947698ea113254dede6a57f7356847e13239b28c936125ec919fc50e2683db1f2cbcc12a29b2dd296409cbe85c274e7e1f0d09b5a38dfbc1fb60ff0b8577159490bd2e2ad2f0557a72ac67d066aba87c7214eabb03d8a539bb9695ad4e4419f723ae47bfd36bd5d99f22ceecb5f21d49ce584e2fcd20ab296514d775c035", 0xf2}], 0x5}}], 0x2, 0x4000000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r4}, 0x10)
r5 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5`\xda\xca\xd1\xab:\x18\x10\x9b\xd0w', 0x0)
write$binfmt_misc(r5, &(0x7f0000000180)="e502", 0x2)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000001340)=ANY=[], 0x2, 0x6ae, &(0x7f0000001a40)="$eJzs3V1vG1kdx/HfOE7iZFFZAaqqqg+nLSulorhjZ5sqKhJrxuNkwPZYMw5qJaRV2SarqmkX2iLR3Cy54UFa3gB33HDBBS8Biet9F9wgkFZwh8SN0ZyZ8UP91GyTtrv7/US7npzzn3POzEnnr0k8xwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHK8uutWHDWD9s5tM51Xj8LWjPq0tUVdTTeuzu1XcpL/VCrpTFp05luD6tPJ/y7rXPrdOZWSl5IO3jr99q1vFgv5/jMG9HnoqA0+eXbw4O7+/u7jF4hd0JGbf51UyLdWsjmZELTlt4M4DFq1Ld8EcWg2Nzbc69uN2DSCph/fibt+y3iRX+iGkVnzrprK5ua68ct3wp32Vr3W9PPCm9+tuu6G+eFyOtGSyrG3HTSbQXvLxiTVScxN88lP0gC/1jJm7/7+7vq8I0mCKi8SVJ0XVHWr1UqlWq1s3Ni8cdN1i2MFbsJx+2Qjvq5BxLH/0OIL5ngu3MAxKCT5/++O1FRJbe3otszEL091RQrVmlKfyfP/O9f9vGhhUr/D+T/P8mek72fVZ2Xz/4X0uwvT8v+UsRgZu8OkGmdK+dG+Fu2IjJ7omQ70QHe1r33t6vFLtWrb/Mup7By8/ChP/mtLvtoKFCtUoJZqtsRkJUab2tCGXL2vbTUUy6ihQE35inVHsbry7U+Up0i+auoqVCSjNXm6KqOKNrWpdRn5KuuOQu2orS3VVdN/e73enu7b874+Y4zKgypTApaHg6ozWpqW/3/6cTpjWf53n8//w7uQ/7/M0p+D5fTl01kxwBugl93/DyvM3+3iyY0IAAAAAAAcN8f+9t2xf7s/L6mnRtD03dc9LAAAAAAAcIwc9ZZ1Tk5y/y/pvBzu/wEAAAAA+LJx7DN2jqRV+6Z+Z/Ak1Iv8EmDis30AAAAAAODNYp/8v7Ak9eyiFRflHOn+HwAAAAAAfAH8dmiN/WK+xm4v/7N+QVLcWXb++u9lRYvOYef2t52HtaSm9jCLGXsHQLdx1jmVLdRrX5Yk2e88/5yT9ZYtgtlfd/CzvXlr/TvRcwNYWhhuYMoAnKTnjWL2nT7RpXSXS9k68/cOCrI1aS+rjaDpl72weauiWu1Uoevf7v7i0f1fSlH/OPfu7++WP/hoeJHEw4dJox+PDKcw+WQMxvLUrrdgn7mYdMQrauRd/q7dWnVsv25+/AuqPSwMdzRrAgZ9/lqX0zm7vJrGrh70V9xPjr+UHH+lbKds5OijRUfKR1GxozgcHPmkiZgyipIdxZU05sraFVX/kW73Z6HglL6zIFXL43MQLTqDc1EdHsX8c+H8Z+xcDI3CvuQ1Q+diPRnF35KGpoxi/WijGJsRAHhd9nRe9ip0XnYR834WKmV5N08P+UXtc+Wd+dn9vdHs/vQPvZ7dYUEqZn+bmNlLSckVfc2xeWgpPaTi2QlXdDfLKyVNuaK7L5Hdkr7+PPgMpGzYY6P4X6/Xu1Wx/f6+PZpV/zjS3Vi/cbO6kJzC608f/swugJ/4cPfD3UfV6vqG+67r3qhq0R5G9rIgcg8AYMz8z9iZG+G8q0tpxKV7/3on3RrJeN/ov6WgrA/0kfZ1T9fyjxC4OLnV1aG3IVxL71o1dNdqTr99y34u3WhsRdem3tXZXDoUW+3HLirfZTRTD2LXT3gWAAB4tS7PycOT839pJP9f01oasXZ24n33aC7P7o77t/TTYivzB//ecZ8NAAC+GvzoM2e1+xsnioLO+5XNzUqtu+2bKPR+ZKKgvuWboN31I2+71t7yTScKu6EXNk0nUiGo+7GJdzqdMOqaRhiZThgHt+0nv5vso99jv1VrdwMv7jT9WuwbL2x3a17X1IPYM52dHzSDeNuP7M5xx/eCRuDVukHYNnG4E3l+2ZjY94cCg7rf7gaNINlsm04UtGrRHfPjsLnT8k3dj70o6HTDtMG8r6DdCKOWbbZc7E16vwAAAF85T54dPLi7v7/7+PmNleTWPC051JSY8Y0lPXmW3JUnJcWsijWCAAB4wwwS+BF2Kp3ggAAAAAAAAAAAAAAAAAAAAAAAwJj5j/QdcWNx0sOCUr/k56eyEv1Kg0cMx9pxdNwDO8pG4ah75Y9EHDz4NClZmRy80i/JT/9wzOErO8B/fk16y5YoLSkef18rMyb3JDa+t5ee0akxSeXEquX+XBSP/59DsvHoT1Oqer1eb/buy6PncGnWAY5uFCU9XnqJKXj11yIAr9b/AwAA//+1Mi9f")
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

4m55.52368568s ago: executing program 3 (id=668):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000200000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2042, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x50})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)

4m52.686180172s ago: executing program 34 (id=668):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000200000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2042, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x50})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)

12.064722683s ago: executing program 4 (id=1999):
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
eventfd2(0x8, 0x1)
epoll_create(0x89)
socket$kcm(0xa, 0x2, 0x73)
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r1], 0xc4}}, 0x0)

11.87024298s ago: executing program 7 (id=2001):
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280))
syz_clone(0x60001600, 0x0, 0x0, 0x0, 0x0, 0x0)
getpid()
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)=<r2=>0x0)
fcntl$setown(r1, 0x8, r2)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11.027857674s ago: executing program 4 (id=2003):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e000000000000001280000003"], 0x50)
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000c7aa00859d37040e1a8bd30000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/19], 0x48)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000010651fbe347b2c2b00000c00018008000100", @ANYRES8=r2], 0x20}}, 0x0)

10.189353291s ago: executing program 7 (id=2006):
r0 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x15b, &(0x7f0000000040)={0x0, 0x1, 0x5, 0x80000000})
mq_timedreceive(r0, &(0x7f0000000080)=""/163, 0xa3, 0x5e2, &(0x7f0000000000))

8.989802336s ago: executing program 7 (id=2008):
r0 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r0, 0x101000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0xc, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8}]}}]}, 0x44}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000280)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xc}}, {0x306, @local}, 0x24, {0x2, 0x4e21, @multicast1}, 'batadv_slave_0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}], {0x14, 0x10}}, 0x78}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

8.884630212s ago: executing program 4 (id=2009):
r0 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r0, 0x101000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0xc, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8}]}}]}, 0x44}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000280)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xc}}, {0x306, @local}, 0x24, {0x2, 0x4e21, @multicast1}, 'batadv_slave_0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}], {0x14, 0x10}}, 0x78}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

8.502233904s ago: executing program 2 (id=2011):
socket(0x11, 0x800000003, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0)
syz_io_uring_setup(0x237, 0x0, 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
listen(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESHEX=r1], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc000000000000000000000000000000fc00000000000000000000000000000000000400000000000a0060003b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000009"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20008004)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000)

8.009937097s ago: executing program 2 (id=2014):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="0010000100000000000000437dcfb5000a1400000011000100000000fbffff"], 0x28}}, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5)
fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000380)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d31352c7561736b3d303030303030303030303030ba303030303030303030332c6e616d65636173653d312c7569643d00", @ANYRESHEX=r1, @ANYBLOB=',fmask=00040000000000000000253,discard,dmask=00000000000000000000002,utf8,iocharset=macinuit,allow_utime=00000000000000000147070,\x00'], 0x41, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, 0x0)
pipe2(0x0, 0x80880)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x8000002c)
fcntl$setsig(r2, 0xa, 0x21)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x0)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x83)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x150)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2, 0x2, 0x0)
r6 = open(&(0x7f0000000180)='./file1\x00', 0x185102, 0x2b)
tee(r4, r4, 0x9, 0x4)
ftruncate(r6, 0x2007ffb)
sendfile(r3, r6, 0x0, 0x1000000201001)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x700, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401})

7.371680254s ago: executing program 6 (id=2015):
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, r0, 0x1}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x9, 0x8, 0x4, 0x4009, 0xa, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value=0x3f000000}, 0x48)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080), 0x4)
close(r2)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a00100001", 0x4b}], 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000002400018000000000800000001100"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r6, 0x0, 0x27, 0x0, 0x0)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x54, 0x0, 0x1, 0x70bd2d, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @loopback}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

6.498901694s ago: executing program 2 (id=2016):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = openat$sequencer2(0xffffff9c, &(0x7f00000025c0), 0x0, 0x0)
ioctl$SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, 0x0)
mkdir(0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000008c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xbf56a1c5a516366}, 0xc2010)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000140)=0x8)
bind$alg(r4, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000002c0)='w', 0x1)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000140), 0x0)
syz_open_dev$dri(0x0, 0x200, 0x202880)
accept4$alg(r4, 0x0, 0x0, 0x80000)
setresgid(0xee00, 0xee01, 0x0)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000640)='./file0\x00', 0x2200c12, &(0x7f0000000200)=ANY=[@ANYRES64=r5, @ANYBLOB="e501926cc7c32cc9ce08c4d9b6883b27caa3bb1acd3d36b7008e89d8eaf10ddd32fbde01daae3c49c99ec745e6ce02f7ddd1fdf149136acac76f216fde534c55bd79e3", @ANYRES16=0x0], 0x5, 0xa0b, &(0x7f0000000dc0)="$eJzs3UtsXFcZB/D/9SNx3ZKkbSilaptJSlK3NY7t0ISoi5LYk8TFD2Q7UiMWTWkcFGIoNCC1FVJTCbGiAgnEAnYVK9hU6oZuUHewgxULJNQV+4pVWBndmXHix4zHdhw7TX8/63ru47vnfPd5MpPrOeGzZWHvsqmFhdqwyenzf9yGjLmLnR795P0P3iuHd69nVzrzfPHnpCdJJelK8mjSPTI6PTXRpqCrycUkHydFkt2pv67LxRS/zAO3pj9O8fuy3pZ2rbdk2lngc22nzz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgbFSOjg4NDxa6MTZ5/uVKXVFYZGZ2eKrKwsHrJ4jp1H9V6/S4+altvUpRDenoWu/p+dP+txY8kqRzK4/Wpx2sdkqcnb9//yL4XHu7qWFy/VTa3Zff6i7321ttXX52fn3ujdcjCO/Vt2Jrc7jJnq5NjM1NjE6fOVitjM1OVk8ePDx49d2amcmZsvDpzYWa2OlEZma6emp2arvSNPFMZOnnyWKU6cGHq/OTZ0YHx6uLME18dHhw8Xnlp4FvVU9MzU5NHXxqYGTk3Nj4+Nnm2FlMuLmNOlCfiN8dmK7PVUxOVyuUr83PHVuTUuXJnl0FD7bakDBpuFzQ8ODw8NDQ8PPRuo/fsmzOOP3/y+RODg12DK2RVxB06abm73Nf6MG/xHRw2r6Pe/ud74xnLZM7n5VSa/oxkNNOZykSL5Q2L7f/ho9U1613a/jda+a4lix8rfx3Kk43Jnhbtf4tctu/nWt7K27maVzOf+czljR3PqPnPkcaO3Opyz6aayYxlJlMZy0RO1eZUGnMqOZnjOZ7BvJJzOZCZVHImYxlPNTO5kJnMplo7o0YynWpOZTZTmU4lfRnJM6lkKCdzMsdSSTUDuZCpnM9kzmY0p2qlXM6V2n4/tkaON4OG1hM0vEbQysa8PNc31v5X79V/CbJuW3sDh9uw0Gj/d7UP7RvZjoQAAACALfflv2XP/of++u+kyBO1z+XPjI1XX9zptAAAAIAtVHtc7/Hypbsce6Kn9v5/cKfTAgAAALZQUfsbuyJJbw7Uxxb/EsqHAAAAAHCPKN/5fyGpvfdvzPD+HwAAAO4x7b9jv21E0b/49b+VS/XXS42I+lTRe2ZsvDowMjX+wlCO1L5lIMkTq0vrTIru2p8fPJuD9aiDvfXX3lsllnX2lFFDAy8M5dkcamxI31Ply1N9TSKH65FP1yOfXhrZmWWRx8pIALjXHVqjPV5v+/9s+usR/Y/Vmvyux5q0wYNaVgC4W9zsY+d/jS7NmrT/jYgnW7X/X1vj/X8Z8VAuH6g/UjCQ1/J65nMp/YtPHBxoVupibwT1xxD623wa0Nt4ZOEfJzrSv+rzgJ6b27o0di7D6W/6icCScovFHI7V4zrvzDEAgO12aM12eH3tf3+b9/+9HikEgLvKzR7sNzDyzkaC5964ttPbCAAsp5UGAAAAAAAAAAAAAAAAAAAAAAAAAACArbeuL/D/+5Fkfn4u2URnAZse6dlIhmuPdGSbct7xkc4kt1XOnmz6KL+YDa9VHuPb2OQ/3ddY/T87v+fvuZEdvjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwLYqks9n8jmR3ksEkR7c/qzvn+k4nsFUquza1WnEjN/Jm9mx5PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn3ON7//vSP31/vqsdHUkh5NcTPLtnc5xK93Y6QTujKJ9yPfrgbe+/78j6c5Cka76YU/RPTI6PTVRFlXsLpd/8v4H75VD+7JX96pQFlDWsKxziUYNS+Z0L1/rwdpavaNz167++PUfVkZP107M07Nnxkcnzk5/41bgI8WHSSX1YdFivj89/JdfLZnd6Cih+LDc0uZW1numVu/o6nq/1GztFvWuw5X5ueGyptnqy7M/+cGVN5cseigHk6f6kr7lNX23HFrUdHDl/lyu+LT4ebEnv83F2vEv90axUJSHaG9t+++7fGV+buC11+cv3czpnWU57cuBJJeSnvXndKD1uVk76zq6y1oHa0Hlr/1tylvTkhKHWuzXB2unTO+GtqHS5vpqs98bGR1rmtGvf/Rwjmz4SB9pU2NTxafFv4pz+Wd+tqT/j47y+B9O06uzSRG1yCVnytJlyy6vjnpkbcuHly54ZWWZLa9K7oBf5Dv5+s3j37Hk/t84VttzP1pSY/PrItn4dfGHvatalFtqLdL+FS1S4+7Tap1GnvvrUS3y/GKeq5e5gTvKc+1a7Dt0/f+u6Mt/c13/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN2vSDqbze9IDifZl2RvOV1JFlbGXN9EfR29xWbS3DKbyfmzp2i5ocWN3Mib2bPdGQEAAAAAAABwZ5we/eT9D94rh9r/x3fmKx2NJZWkK8m+4jfdI6PTUxNtCupOLi7+l37PxnK4WP564Nb0x+XUo21W2tnHBwDgM+3/AQAA//8KE2x5")
ioctl$SNDCTL_TMR_STOP(r0, 0x5403)
r7 = openat(0xffffffffffffffff, &(0x7f0000000400)='./file1/file0\x00', 0x10200, 0x159)
quotactl_fd$Q_GETNEXTQUOTA(r7, 0xffffffff80000901, 0x0, 0x0)

6.436909431s ago: executing program 5 (id=2017):
pipe2$watch_queue(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x80)
fanotify_mark(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x2)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0x40045010, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000640)={0x11, 0x17, r2, 0x1, 0x24, 0x6, @broadcast}, 0x14)
bind$packet(r1, &(0x7f0000000680)={0x11, 0xf6, r2}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000400), 0x0, 0x1, 0x0)
socket$inet6(0xa, 0x5, 0x800)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0xe9)
accept4$llc(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000100)={@initdev}, &(0x7f00000003c0)=0xc)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r0, 0x39)

6.420405656s ago: executing program 6 (id=2018):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e03002a000b05d25a806c8c6f94f91124fc601100077a0a000312050282c137153e370e0c1180fc0b0c000300", 0x33fe0}], 0x1}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)="d800000018007b7be00212ba0d0505040a003f00000f040b067c55a1bc000900b80006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e07000000", 0xd4}, {&(0x7f0000000100)="d8bcf4de", 0x4}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000300)={[{@grpquota}, {@noauto_da_alloc}, {@quota}, {@stripe}, {@jqfmt_vfsold}]}, 0xfd, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5ILhxKQckfkSgBomDVzOepG5iN1GT2FH8+UijeW/e1N/3ks579TeNXwBD63pE7EbEWETcjYjp7HouO+KT9pHc92zv4dL+3sOlXLRan/0rl7Yn16LjzySuZa9ZjIgffS/ip7njcRvbO2uL1WplM6vPNmsbs43tnVurtcWVykplvVxemF+Y++j2h+VzG+s7tbGs9NWnf9z91s+Tbk1lVzrHcZ7aQy8cxkmMRsQPLiLYAIxk4xkbdEd4JfmIeDMi3k2f/+kYSb+bAMBV1mpNR2u6sw4AXHX5NAeWy5eyXMBU5POlUjuH91ZM5qv1RvPmvfrW+nI7VzYThfy91WplLssVzkQhl9Tn0/LzevlI/XZEvBERvxyfSOulpXp1eZD/8AGAIXbtyPr/3/H2+g8AXHHFQXcAAOg76z8ADB/rPwAMH+s/AAyf9vo/MehuAAB95P0/AAwf6z8ADJUffvppcrT2s8+/Xr6/vbVWv39rudJYK9W2lkpL9c2N0kq9vpJ+Zk/tpNer1usb8x/E1oOZb280mrON7Z07tfrWevNO+rnedyqF9K7dPowMAOjljXee/CWXrMgfT6RHdOzlUBhoz4CLlh90B4CBGRl0B4CBsdsXDK8zvMeXHoArossWvS8odvsFoVar1bq4LgEX7MaX5P9hWHXk//0vYBgy8v8wvOT/YXi1WrnT7vkfp70RALjc5PiBHj//fzM7/y774cBPlo/e8fgiewUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACX28H+v6VsL/CpyOdLpYjXImImCrl7q9XKXES8HhF/Hi+MJ/X5AfcZADir/N9z2f5fN6bfn3qh6e1rh8WxiPjZrz/71YPFZnPzTxFjuX+PH1xvPs6ul/vfewDgZAfrdHrueCP/bO/h0sHRz/7847sRUWzH398bi/3D+KMxmp6LUYiIyf/ksnpbriN3cRa7jyLii93Gn4upNAfS3vn0aPwk9mt9jZ9/IX4+bWufk6/FF86hLzBsniTzzyfdnr98XE/P3Z//YjpDnV02/yUvtbSfzoHP4x/MfyM95r/rp43xwR++3y5NHG97FPHl0YiD2Psd889B/FyP+O+fMv5fv/L2u73aWr+JuBHd43fGmm3WNmYb2zu3VmuLK5WVynq5vDC/MPfR7Q/Ls2mOerb3avDPj2++3qstGf9kj/jFE8b/9Xbx+Bf1iN/+/+6Pv/aS+N98r1v8fLz1kvjJmviNkwJnFid/X+zVlsRf7jH+k77/N08Z/+nfdo5tGw4ADE5je2dtsVqtbCooXP5C8lf2EnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGeWTdgMvg8KGPiP8NujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKvr8wAAAP//j5zPLA==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
socket$kcm(0x10, 0x2, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r2, 0x8008f511, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\a\x00\x00\x00'], 0x50)
syz_emit_ethernet(0x86, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x18)
r7 = io_uring_setup(0x37ae, &(0x7f00000003c0)={0x0, 0x800000, 0x0, 0x2, 0x22a})
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f00000004c0)={&(0x7f0000002000)}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r7, 0x17, &(0x7f0000000300)={0x0}, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))

4.790803646s ago: executing program 7 (id=2019):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000c7aa00859d37040e1a8bd30000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/19], 0x48)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000010651fbe347b2c2b00000c00018008000100", @ANYRES8=r2], 0x20}}, 0x0)

3.958745998s ago: executing program 5 (id=2020):
times(&(0x7f0000002280))

3.848812798s ago: executing program 6 (id=2021):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1d7, 0x0, 0x0, 0x0, 0x400}}, &(0x7f0000000100)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
socket(0x2b, 0x80801, 0x1)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_io_uring_setup(0x414b, &(0x7f0000000300)={0x0, 0x2, 0x1, 0x3, 0x216}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0))
socket$packet(0x11, 0x3, 0x300)
r0 = socket$alg(0x26, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003d0007010000000008000000047c000008000880040008001400018006000600800a00000800", @ANYRES32=r1, @ANYRESOCT=r0], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0xc000)

3.835820767s ago: executing program 4 (id=2022):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
userfaultfd(0x1)
keyctl$set_timeout(0xf, 0x0, 0x7)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')
syz_open_dev$vim2m(&(0x7f0000000280), 0x1, 0x2)
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x1e)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]})

3.73593327s ago: executing program 7 (id=2023):
times(&(0x7f0000002280))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6, 0xfe}]}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x4e20, 0xd19, @empty, 0x4}, 0x1c)
connect$inet6(r1, &(0x7f0000001d40)={0xa, 0x4e1d, 0xf, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x1c)
syz_emit_ethernet(0x86, &(0x7f0000000140)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x4400, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x1, "93c9691928972925723d55c712e63c92b492a3c50c9c3d27093a79585e8b73b3", "8aa4c506a2ba17a29171ce08a1e0f09d", {"c952a7f1f0443ce3114cee3518bfb345"}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000085000000a80000000000000000000000008c6060a3210dc8"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)

3.632825038s ago: executing program 5 (id=2024):
socket(0x11, 0x800000003, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0)
syz_io_uring_setup(0x237, 0x0, 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
listen(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESHEX=r1], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc000000000000000000000000000000fc00000000000000000000000000000000000400000000000a0060003b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000009"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20008004)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000)

3.570930075s ago: executing program 2 (id=2025):
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
eventfd2(0x8, 0x1)
epoll_create(0x89)
socket$kcm(0xa, 0x2, 0x73)
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r1], 0xc4}}, 0x0)

3.45461854s ago: executing program 6 (id=2026):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000a80))
mount$tmpfs(0x0, 0x0, &(0x7f0000000580), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x8, r4, 0x0, r0}, 0x10)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, 0x0, 0x0)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
openat$ptmx(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x5)

2.977094267s ago: executing program 4 (id=2027):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

1.473241875s ago: executing program 6 (id=2028):
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, r0, 0x1}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x9, 0x8, 0x4, 0x4009, 0xa, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value=0x3f000000}, 0x48)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080), 0x4)
close(r2)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a00100001", 0x4b}], 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000002400018000000000800000001100"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r6, 0x0, 0x27, 0x0, 0x0)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x54, 0x0, 0x1, 0x70bd2d, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @loopback}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

1.425486638s ago: executing program 7 (id=2029):
r0 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r0, 0x101000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0xc, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8}]}}]}, 0x44}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000280)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xc}}, {0x306, @local}, 0x24, {0x2, 0x4e21, @multicast1}, 'batadv_slave_0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}], {0x14, 0x10}}, 0x78}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

1.421059871s ago: executing program 5 (id=2030):
pipe2$watch_queue(&(0x7f00000000c0)={<r0=>0xffffffffffffffff}, 0x80)
fanotify_mark(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x2)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0x40045010, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000640)={0x11, 0x17, r2, 0x1, 0x24, 0x6, @broadcast}, 0x14)
bind$packet(r1, &(0x7f0000000680)={0x11, 0xf6, r2}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000400), 0x0, 0x1, 0x0)
socket$inet6(0xa, 0x5, 0x800)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0xe9)
accept4$llc(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000100)={@initdev}, &(0x7f00000003c0)=0xc)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r0, 0x39)

1.17716976s ago: executing program 2 (id=2031):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e03002a000b05d25a806c8c6f94f91124fc601100077a0a000312050282c137153e370e0c1180fc0b0c000300", 0x33fe0}], 0x1}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)="d800000018007b7be00212ba0d0505040a003f00000f040b067c55a1bc000900b80006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e07000000", 0xd4}, {&(0x7f0000000100)="d8bcf4de", 0x4}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000300)={[{@grpquota}, {@noauto_da_alloc}, {@quota}, {@stripe}, {@jqfmt_vfsold}]}, 0xfd, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5ILhxKQckfkSgBomDVzOepG5iN1GT2FH8+UijeW/e1N/3ks579TeNXwBD63pE7EbEWETcjYjp7HouO+KT9pHc92zv4dL+3sOlXLRan/0rl7Yn16LjzySuZa9ZjIgffS/ip7njcRvbO2uL1WplM6vPNmsbs43tnVurtcWVykplvVxemF+Y++j2h+VzG+s7tbGs9NWnf9z91s+Tbk1lVzrHcZ7aQy8cxkmMRsQPLiLYAIxk4xkbdEd4JfmIeDMi3k2f/+kYSb+bAMBV1mpNR2u6sw4AXHX5NAeWy5eyXMBU5POlUjuH91ZM5qv1RvPmvfrW+nI7VzYThfy91WplLssVzkQhl9Tn0/LzevlI/XZEvBERvxyfSOulpXp1eZD/8AGAIXbtyPr/3/H2+g8AXHHFQXcAAOg76z8ADB/rPwAMH+s/AAyf9vo/MehuAAB95P0/AAwf6z8ADJUffvppcrT2s8+/Xr6/vbVWv39rudJYK9W2lkpL9c2N0kq9vpJ+Zk/tpNer1usb8x/E1oOZb280mrON7Z07tfrWevNO+rnedyqF9K7dPowMAOjljXee/CWXrMgfT6RHdOzlUBhoz4CLlh90B4CBGRl0B4CBsdsXDK8zvMeXHoArossWvS8odvsFoVar1bq4LgEX7MaX5P9hWHXk//0vYBgy8v8wvOT/YXi1WrnT7vkfp70RALjc5PiBHj//fzM7/y774cBPlo/e8fgiewUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACX28H+v6VsL/CpyOdLpYjXImImCrl7q9XKXES8HhF/Hi+MJ/X5AfcZADir/N9z2f5fN6bfn3qh6e1rh8WxiPjZrz/71YPFZnPzTxFjuX+PH1xvPs6ul/vfewDgZAfrdHrueCP/bO/h0sHRz/7847sRUWzH398bi/3D+KMxmp6LUYiIyf/ksnpbriN3cRa7jyLii93Gn4upNAfS3vn0aPwk9mt9jZ9/IX4+bWufk6/FF86hLzBsniTzzyfdnr98XE/P3Z//YjpDnV02/yUvtbSfzoHP4x/MfyM95r/rp43xwR++3y5NHG97FPHl0YiD2Psd889B/FyP+O+fMv5fv/L2u73aWr+JuBHd43fGmm3WNmYb2zu3VmuLK5WVynq5vDC/MPfR7Q/Ls2mOerb3avDPj2++3qstGf9kj/jFE8b/9Xbx+Bf1iN/+/+6Pv/aS+N98r1v8fLz1kvjJmviNkwJnFid/X+zVlsRf7jH+k77/N08Z/+nfdo5tGw4ADE5je2dtsVqtbCooXP5C8lf2EnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGeWTdgMvg8KGPiP8NujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKvr8wAAAP//j5zPLA==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
socket$kcm(0x10, 0x2, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r2, 0x8008f511, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\a\x00\x00\x00'], 0x50)
syz_emit_ethernet(0x86, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x18)
r7 = io_uring_setup(0x37ae, &(0x7f00000003c0)={0x0, 0x800000, 0x0, 0x2, 0x22a})
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f00000004c0)={&(0x7f0000002000)}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r7, 0x17, &(0x7f0000000300)={0x0}, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))

970.530746ms ago: executing program 6 (id=2032):
r0 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r0, 0x101000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0xc, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8}]}}]}, 0x44}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000280)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xc}}, {0x306, @local}, 0x24, {0x2, 0x4e21, @multicast1}, 'batadv_slave_0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}], {0x14, 0x10}}, 0x78}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
ioctl$BLKIOMIN(r6, 0x1278, &(0x7f00000003c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

505.264882ms ago: executing program 5 (id=2033):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000c7aa00859d37040e1a8bd30000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/19], 0x48)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000010651fbe347b2c2b00000c00018008000100", @ANYRES8=r2], 0x20}}, 0x0)

379.23553ms ago: executing program 2 (id=2034):
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
syz_clone(0x60001600, 0x0, 0x0, 0x0, 0x0, 0x0)
getpid()
fcntl$setownex(r2, 0xf, 0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000001c0)=<r3=>0x0)
fcntl$setown(r1, 0x8, r3)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

307.139095ms ago: executing program 4 (id=2035):
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
fanotify_mark(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x2)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0x40045010, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000640)={0x11, 0x17, r2, 0x1, 0x24, 0x6, @broadcast}, 0x14)
bind$packet(r1, &(0x7f0000000680)={0x11, 0xf6, r2}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000400), 0x0, 0x1, 0x0)
socket$inet6(0xa, 0x5, 0x800)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0xe9)
accept4$llc(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000100)={@initdev}, &(0x7f00000003c0)=0xc)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r0, 0xffffffffffffffff)

0s ago: executing program 5 (id=2036):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1d7, 0x0, 0x0, 0x0, 0x400}}, &(0x7f0000000100)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
socket(0x2b, 0x80801, 0x1)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_io_uring_setup(0x414b, &(0x7f0000000300)={0x0, 0x2, 0x1, 0x3, 0x216}, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000007c0))
socket$packet(0x11, 0x3, 0x300)
r0 = socket$alg(0x26, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003d0007010000000008000000047c000008000880040008001400018006000600800a00000800", @ANYRES32=r1, @ANYRESOCT=r0], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0xc000)

kernel console output (not intermixed with test programs):

has invalid wMaxPacketSize 0
[  383.727428][ T6140] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9
[  383.736927][ T6140] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.747023][ T6140] usb 4-1: Product: syz
[  383.751385][ T6140] usb 4-1: Manufacturer: syz
[  383.756983][ T6140] usb 4-1: SerialNumber: syz
[  383.896245][ T6140] usb 4-1: config 0 descriptor??
[  383.922059][ T6140] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input6
[  384.177566][ T6140] usb 4-1: USB disconnect, device number 9
[  384.208284][ T8229] netlink: 12 bytes leftover after parsing attributes in process `syz.6.618'.
[  385.035908][ T5866] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  385.222011][ T5866] usb 6-1: config 0 has an invalid interface number: 69 but max is 0
[  385.230766][ T5866] usb 6-1: config 0 has no interface number 0
[  385.237332][ T5866] usb 6-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  385.247802][ T5866] usb 6-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  385.333952][ T5866] usb 6-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  385.343633][ T5866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.352547][ T5866] usb 6-1: Product: syz
[  385.357302][ T5866] usb 6-1: Manufacturer: syz
[  385.362074][ T5866] usb 6-1: SerialNumber: syz
[  385.376659][ T5815] Bluetooth: hci1: command 0x0406 tx timeout
[  385.558464][ T5866] usb 6-1: config 0 descriptor??
[  385.566861][ T8239] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  385.696110][ T5866] cyberjack 6-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  385.760630][ T5866] usb 6-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  385.776526][ T6140] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  385.934559][   T30] kauditd_printk_skb: 73 callbacks suppressed
[  385.934632][   T30] audit: type=1326 audit(32920.298:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[  386.021699][ T6140] usb 5-1: Using ep0 maxpacket: 8
[  386.066097][ T5866] usb 6-1: USB disconnect, device number 4
[  386.096555][   T30] audit: type=1326 audit(32920.348:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  386.118998][   T30] audit: type=1326 audit(32920.368:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  386.142797][   T30] audit: type=1326 audit(32920.368:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  386.166487][   T30] audit: type=1326 audit(32920.368:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[  386.193469][   T30] audit: type=1326 audit(32920.428:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  386.217608][   T30] audit: type=1326 audit(32920.428:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[  386.259869][ T5866] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  386.274507][ T5866] cyberjack 6-1:0.69: device disconnected
[  386.325220][ T8254] overlayfs: failed to clone upperpath
[  386.359314][ T8251] Bluetooth: MGMT ver 1.23
[  386.898962][   T30] audit: type=1326 audit(32920.728:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  386.922915][   T30] audit: type=1326 audit(32920.728:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  386.946695][   T30] audit: type=1326 audit(32920.728:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8244 comm="syz.3.623" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[  390.366125][ T6140] usb 5-1: unable to get BOS descriptor or descriptor too short
[  390.375011][ T6140] usb 5-1: too many configurations: 255, using maximum allowed: 8
[  390.489631][ T6140] usb 5-1: unable to read config index 0 descriptor/start: -71
[  390.497813][ T6140] usb 5-1: can't read configurations, error -71
[  390.642713][ T8278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.633'.
[  391.776814][ T8292] netlink: 'syz.4.635': attribute type 1 has an invalid length.
[  392.210347][ T8299] loop5: detected capacity change from 0 to 512
[  392.377583][ T8299] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  392.626031][ T8299] EXT4-fs warning (device loop5): ext4_begin_enable_verity:135: inode #15: comm syz.5.637: verity is only allowed on extent-based files
[  392.711838][ T8314] netlink: 76 bytes leftover after parsing attributes in process `syz.5.637'.
[  393.157425][ T6698] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.900433][ T8329] vlan2: entered promiscuous mode
[  393.905876][ T8329] bridge0: entered promiscuous mode
[  393.912190][ T8329] vlan2: entered allmulticast mode
[  393.917874][ T8329] bridge0: entered allmulticast mode
[  394.141439][ T8335] bridge_slave_0: left allmulticast mode
[  394.148473][ T8335] bridge_slave_0: left promiscuous mode
[  394.155314][ T8335] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.208966][ T8335] bridge_slave_1: left allmulticast mode
[  394.215116][ T8335] bridge_slave_1: left promiscuous mode
[  394.222287][ T8335] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.467459][ T8335] bond0: (slave bond_slave_0): Releasing backup interface
[  394.538106][ T8335] bond0: (slave bond_slave_1): Releasing backup interface
[  394.590606][ T8335] team0: Port device team_slave_0 removed
[  394.659505][ T8335] team0: Port device team_slave_1 removed
[  394.669394][ T8335] batman_adv: batadv0: Removing interface: batadv_slave_0
[  394.962525][ T8335] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.107681][ T8335] bond1: (slave veth3): Releasing active interface
[  395.526966][   T30] kauditd_printk_skb: 67 callbacks suppressed
[  395.527053][   T30] audit: type=1326 audit(32929.838:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.556094][   T30] audit: type=1326 audit(32929.838:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.578080][   T30] audit: type=1326 audit(32929.838:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.600125][   T30] audit: type=1326 audit(32929.848:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.624380][   T30] audit: type=1326 audit(32929.848:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.646968][   T30] audit: type=1326 audit(32929.848:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.670019][   T30] audit: type=1326 audit(32929.848:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.692318][   T30] audit: type=1326 audit(32929.848:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.716045][   T30] audit: type=1326 audit(32929.848:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  395.739726][   T30] audit: type=1326 audit(32929.848:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8339 comm="syz.4.646" exe="/root/syz-executor" sig=0 arch=40000003 syscall=136 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  396.789438][ T5828] Bluetooth: hci0: unexpected event for opcode 0x0c57
[  399.427778][ T8373] loop3: detected capacity change from 0 to 2048
[  399.738098][ T8373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  400.146300][ T8373] loop3: detected capacity change from 2048 to 0
[  400.194702][    C1] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 0
[  400.214598][ T8383] EXT4-fs error (device loop3): __ext4_find_entry:1615: inode #2: comm syz.3.652: reading directory lblock 0
[  400.227138][ T8383] syz.3.652: attempt to access beyond end of device
[  400.227138][ T8383] loop3: rw=145409, sector=0, nr_sectors = 4 limit=0
[  400.241443][ T8383] Buffer I/O error on dev loop3, logical block 0, lost sync page write
[  400.250270][ T8383] EXT4-fs (loop3): I/O error while writing superblock
[  400.290018][ T8389] overlay: Unknown parameter 'fsname'
[  400.378357][ T8389] netlink: 'syz.4.657': attribute type 4 has an invalid length.
[  400.484127][ T8393] netlink: 'syz.4.657': attribute type 17 has an invalid length.
[  400.609567][ T5811] syz-executor: attempt to access beyond end of device
[  400.609567][ T5811] loop3: rw=12288, sector=64, nr_sectors = 4 limit=0
[  400.894975][ T5811] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.906322][ T5828] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  400.915136][ T5828] Bluetooth: hci0: Injecting HCI hardware error event
[  400.923025][ T5828] Bluetooth: hci0: hardware error 0x00
[  401.005048][ T5811] syz-executor: attempt to access beyond end of device
[  401.005048][ T5811] loop3: rw=145409, sector=0, nr_sectors = 4 limit=0
[  401.019613][ T5811] Buffer I/O error on dev loop3, logical block 0, lost sync page write
[  401.028620][ T5811] EXT4-fs (loop3): I/O error while writing superblock
[  401.211333][ T8379] kmmpd-loop3: attempt to access beyond end of device
[  401.211333][ T8379] loop3: rw=14337, sector=256, nr_sectors = 4 limit=0
[  401.225784][ T8379] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  402.000934][ T8409] dummy0: entered promiscuous mode
[  402.053442][ T8409] netlink: 4 bytes leftover after parsing attributes in process `syz.4.664'.
[  402.085353][ T8411] syz.6.663 uses obsolete (PF_INET,SOCK_PACKET)
[  402.119326][ T8409] veth0_to_bond (unregistering): left allmulticast mode
[  402.126799][ T8409] veth0_to_bond (unregistering): left promiscuous mode
[  402.134152][ T8409] bridge0: port 2(veth0_to_bond) entered disabled state
[  402.252482][ T8409] bond0: (slave bond_slave_0): Releasing backup interface
[  402.278672][ T8410] delete_channel: no stack
[  402.380699][ T8407] dummy0: left promiscuous mode
[  402.774594][ T8416] lo speed is unknown, defaulting to 1000
[  402.976931][ T5828] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  403.012027][ T7820] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.212507][ T7820] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.291988][ T8426] netlink: 8 bytes leftover after parsing attributes in process `syz.6.667'.
[  403.387522][ T7820] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.440181][ T8426] netlink: 48 bytes leftover after parsing attributes in process `syz.6.667'.
[  403.541140][ T7820] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.457674][ T7820] bond1 (unregistering): (slave erspan0): Releasing active interface
[  404.606328][ T7820] bond2 (unregistering): (slave gretap1): Releasing active interface
[  404.911283][ T7820] bond0 (unregistering): Released all slaves
[  404.934419][ T7820] bond1 (unregistering): Released all slaves
[  404.959109][ T7820] bond2 (unregistering): Released all slaves
[  405.497538][ T7820] hsr_slave_0: left promiscuous mode
[  405.515670][ T7820] hsr_slave_1: left promiscuous mode
[  405.575393][ T7820] veth1_macvtap: left promiscuous mode
[  405.582486][ T7820] veth0_macvtap: left promiscuous mode
[  405.588721][ T7820] veth1_vlan: left promiscuous mode
[  405.594661][ T7820] veth0_vlan: left promiscuous mode
[  406.364587][ T8451] netlink: 12 bytes leftover after parsing attributes in process `syz.4.673'.
[  406.504548][ T8459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.672'.
[  407.386075][ T8450] veth1_to_bond: entered allmulticast mode
[  407.397569][ T8455] veth1_to_bond: left allmulticast mode
[  407.734634][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  407.761040][ T5815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  407.773364][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  407.792382][ T5815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  407.808192][ T5815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  408.292015][ T8469] lo speed is unknown, defaulting to 1000
[  408.935379][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  408.942100][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  409.357668][ T8500] netlink: 43 bytes leftover after parsing attributes in process `syz.2.680'.
[  409.368326][ T8500] tipc: Enabled bearer <eth:vlan0>, priority 10
[  409.392073][ T8500] ªªªªªª: renamed from vlan0
[  409.452045][ T8500] tipc: Disabling bearer <eth:vlan0>
[  409.489688][ T8469] chnl_net:caif_netlink_parms(): no params data found
[  409.945900][ T5815] Bluetooth: hci0: command tx timeout
[  410.732898][ T8521] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  410.741140][ T8521] overlayfs: failed to set xattr on upper
[  410.747422][ T8521] overlayfs: ...falling back to redirect_dir=nofollow.
[  410.754442][ T8521] overlayfs: ...falling back to index=off.
[  410.762326][ T8521] overlayfs: ...falling back to uuid=null.
[  410.831982][ T8524] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  411.213324][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.221183][ T8469] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.234698][ T8469] bridge_slave_0: entered allmulticast mode
[  411.244250][ T8469] bridge_slave_0: entered promiscuous mode
[  411.319654][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.328027][ T8469] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.336163][ T8469] bridge_slave_1: entered allmulticast mode
[  411.346301][ T8469] bridge_slave_1: entered promiscuous mode
[  411.833670][ T8469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.875273][ T8469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  412.024585][ T5815] Bluetooth: hci0: command tx timeout
[  412.120848][ T8469] team0: Port device team_slave_0 added
[  412.173699][ T8469] team0: Port device team_slave_1 added
[  412.463686][ T5815] Bluetooth: hci4: unexpected cc 0x0402 length: 4 > 1
[  412.477180][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_0
[  412.484574][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.513184][ T8469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  412.532185][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_1
[  412.539735][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.566282][ T8469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  413.104474][ T8469] hsr_slave_0: entered promiscuous mode
[  413.118104][ T8469] hsr_slave_1: entered promiscuous mode
[  413.127507][ T8469] debugfs: 'hsr0' already exists in 'hsr'
[  413.133425][ T8469] Cannot create hsr debugfs directory
[  413.203492][ T8552] loop4: detected capacity change from 0 to 512
[  413.383324][ T8552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  413.607238][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  413.607312][   T30] audit: type=1804 audit(32947.978:410): pid=8552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.693" name="/newroot/155/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  413.978131][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.097889][ T5815] Bluetooth: hci0: command tx timeout
[  414.583922][ T8469] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  414.713637][ T8469] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  414.820110][ T8469] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  414.916912][ T8575] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  414.928092][ T8469] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  415.620835][ T8588] netlink: 'syz.4.702': attribute type 14 has an invalid length.
[  415.968125][ T8594] netlink: 4 bytes leftover after parsing attributes in process `syz.5.704'.
[  416.177349][ T5815] Bluetooth: hci0: command tx timeout
[  416.529402][ T8596] lo speed is unknown, defaulting to 1000
[  416.584597][ T8600] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  416.820219][ T8469] 8021q: adding VLAN 0 to HW filter on device bond0
[  417.085947][ T8469] 8021q: adding VLAN 0 to HW filter on device team0
[  417.252920][ T7818] bridge0: port 1(bridge_slave_0) entered blocking state
[  417.260583][ T7818] bridge0: port 1(bridge_slave_0) entered forwarding state
[  417.384971][ T7818] bridge0: port 2(bridge_slave_1) entered blocking state
[  417.392817][ T7818] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.054522][ T8601] lo speed is unknown, defaulting to 1000
[  418.189885][ T8623] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  419.659701][ T8644] netlink: 'syz.5.714': attribute type 1 has an invalid length.
[  419.791498][ T8644] 8021q: adding VLAN 0 to HW filter on device bond1
[  419.901495][ T8647] bond1: (slave geneve2): making interface the new active one
[  419.920142][ T8647] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  419.932219][ T3895] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  420.023593][ T3895] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  420.064017][ T3895] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  420.099075][ T8469] 8021q: adding VLAN 0 to HW filter on device batadv0
[  420.113850][ T8644] bond1: entered promiscuous mode
[  420.119796][ T8644] geneve2: entered promiscuous mode
[  420.130635][ T1857] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  420.910264][ T8660] lo speed is unknown, defaulting to 1000
[  421.440321][ T8663] lo speed is unknown, defaulting to 1000
[  422.048919][ T8678] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  422.063862][ T8678] bond2: (slave macvlan2): Enslaving as a backup interface with a down link
[  422.723148][ T8687] netlink: 'syz.2.723': attribute type 1 has an invalid length.
[  422.967867][ T8689] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  422.984282][ T8689] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  423.230820][ T8687] gretap1: entered promiscuous mode
[  423.248332][ T8687] bond3: (slave gretap1): making interface the new active one
[  423.259434][ T8687] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  423.727643][ T8469] veth0_vlan: entered promiscuous mode
[  423.853340][ T8469] veth1_vlan: entered promiscuous mode
[  424.226263][ T8704] loop4: detected capacity change from 0 to 1024
[  424.254133][ T8469] veth0_macvtap: entered promiscuous mode
[  424.332972][ T8707] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'.
[  424.344560][ T8707] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'.
[  424.380880][ T8469] veth1_macvtap: entered promiscuous mode
[  424.501363][ T8704] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  424.547039][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_0
[  424.594701][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_1
[  424.716765][ T7816] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  424.787073][ T7816] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  424.816553][ T8711] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  424.860039][ T7816] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  424.903738][ T7816] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  425.339971][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  427.122105][ T8742] netlink: 4 bytes leftover after parsing attributes in process `syz.4.737'.
[  427.131910][ T8742] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  427.139933][ T8742] batman_adv: batadv0: Removing interface: batadv_slave_0
[  427.181347][ T8742] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  427.189178][ T8742] batman_adv: batadv0: Removing interface: batadv_slave_1
[  427.350649][ T8747] netlink: 4 bytes leftover after parsing attributes in process `syz.6.738'.
[  427.364505][ T8739] netlink: 4 bytes leftover after parsing attributes in process `syz.2.736'.
[  429.453830][ T8777] bond_slave_1: left promiscuous mode
[  429.548066][ T8784] netlink: 'syz.6.747': attribute type 10 has an invalid length.
[  430.544787][ T8777] bridge3: left allmulticast mode
[  430.624228][ T8784] 8021q: adding VLAN 0 to HW filter on device team0
[  430.639689][ T8784] bond0: (slave team0): Enslaving as an active interface with a down link
[  430.667827][ T8786] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  430.681028][ T7818] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  430.810917][ T4117] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  430.879952][ T4117] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  430.926010][ T4117] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  431.080490][ T8807] tmpfs: Cannot change global quota limit on remount
[  431.426074][ T6140] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  431.615039][ T6140] usb 5-1: config 9 has an invalid interface number: 19 but max is 0
[  431.624143][ T6140] usb 5-1: config 9 has no interface number 0
[  431.631201][ T6140] usb 5-1: config 9 interface 19 altsetting 0 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  431.642519][ T6140] usb 5-1: config 9 interface 19 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  431.731757][ T6140] usb 5-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=16.3f
[  431.741497][ T6140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.750497][ T6140] usb 5-1: Product: syz
[  431.754941][ T6140] usb 5-1: Manufacturer: syz
[  431.760147][ T6140] usb 5-1: SerialNumber: syz
[  431.868737][ T6140] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[  432.510700][ T8829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.760'.
[  432.550585][ T6140] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  432.558081][ T6140] gspca_pac7302 5-1:9.19: probe with driver gspca_pac7302 failed with error -71
[  432.588312][ T5866] IPVS: starting estimator thread 0...
[  432.616502][ T6140] usb 5-1: USB disconnect, device number 6
[  432.696009][ T8831] IPVS: using max 288 ests per chain, 14400 per kthread
[  432.735107][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.760'.
[  432.761790][ T7820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  432.770444][ T7820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  433.023779][ T4117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  433.032632][ T4117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  433.501382][ T8843] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  433.641328][ T8845] loop7: detected capacity change from 0 to 1024
[  433.879675][ T8854] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  433.993306][ T8849] syzkaller0: entered promiscuous mode
[  433.999239][ T8849] syzkaller0: entered allmulticast mode
[  434.316394][ T8849] tipc: Resetting bearer <eth:syzkaller0>
[  434.467556][ T8846] tipc: Resetting bearer <eth:syzkaller0>
[  434.556229][ T8846] tipc: Disabling bearer <eth:syzkaller0>
[  436.541792][ T7816] hfsplus: b-tree write err: -5, ino 4
[  436.625940][ T6145] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  436.836966][ T6145] usb 5-1: Using ep0 maxpacket: 16
[  436.877982][ T6145] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  436.891224][ T6145] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  436.961844][ T6145] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  436.971664][ T6145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.980608][ T6145] usb 5-1: Product: syz
[  436.985141][ T6145] usb 5-1: Manufacturer: syz
[  436.991371][ T6145] usb 5-1: SerialNumber: syz
[  437.004593][ T8881] tipc: Started in network mode
[  437.010069][ T8881] tipc: Node identity e2401fd8c118, cluster identity 4711
[  437.018214][ T8881] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  437.099873][ T8882] syzkaller0: entered promiscuous mode
[  437.105990][ T8882] syzkaller0: entered allmulticast mode
[  437.205240][ T8881] tipc: Resetting bearer <eth:syzkaller0>
[  437.225311][ T8880] tipc: Resetting bearer <eth:syzkaller0>
[  437.253108][ T8880] tipc: Disabling bearer <eth:syzkaller0>
[  437.278588][ T6145] usb 5-1: 0:2 : does not exist
[  437.316250][ T6145] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  437.457460][ T6145] usb 5-1: USB disconnect, device number 7
[  437.642098][ T6057] udevd[6057]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  438.736719][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  438.942076][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.953031][   T24] usb 8-1: config 0 interface 0 has no altsetting 0
[  439.016098][   T24] usb 8-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  439.025973][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.034189][   T24] usb 8-1: Product: syz
[  439.039612][   T24] usb 8-1: Manufacturer: syz
[  439.044788][   T24] usb 8-1: SerialNumber: syz
[  439.094188][   T24] usb 8-1: config 0 descriptor??
[  439.160622][   T24] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  439.193055][ T8917] netlink: 28 bytes leftover after parsing attributes in process `syz.2.786'.
[  439.204547][ T8917] netlink: 28 bytes leftover after parsing attributes in process `syz.2.786'.
[  439.209733][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  439.225960][ T5866] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  439.289261][   T24] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  439.298692][   T24] usb 8-1: media controller created
[  439.388072][ T5866] usb 5-1: Using ep0 maxpacket: 8
[  439.417503][ T5866] usb 5-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  439.427676][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  439.436372][ T5866] usb 5-1: Product: syz
[  439.440756][ T5866] usb 5-1: Manufacturer: syz
[  439.446584][ T5866] usb 5-1: SerialNumber: syz
[  439.514974][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  439.555307][ T5866] usb 5-1: config 0 descriptor??
[  440.432330][   T24] DVB: Unable to find symbol tda10046_attach()
[  440.439878][   T24] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  440.450769][   T24] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  440.622587][ T8917] team0: entered promiscuous mode
[  440.634458][ T8917] bond0: entered promiscuous mode
[  440.643497][ T8917] bond0: left promiscuous mode
[  440.664994][ T8917] team0: left promiscuous mode
[  440.699983][ T8922] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  440.734586][ T4117] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  440.746410][ T4117] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.755814][ T4117] netdevsim netdevsim6 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  440.782228][ T4117] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  440.792136][ T4117] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.802470][ T4117] netdevsim netdevsim6 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  440.828888][ T4117] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  440.838984][ T4117] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.848674][ T4117] netdevsim netdevsim6 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  440.874949][ T4117] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  440.886003][ T4117] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  440.895141][ T4117] netdevsim netdevsim6 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  441.240258][ T8940] netlink: 'syz.6.788': attribute type 39 has an invalid length.
[  441.536946][ T5866] usb 5-1: USB disconnect, device number 8
[  441.719499][ T6001] udevd[6001]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  442.137199][ T8952] 8021q: VLANs not supported on nlmon0
[  442.184317][ T8951] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  442.235897][   T24] dvb_usb_m920x 8-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  442.251485][ T8954] syzkaller0: entered promiscuous mode
[  442.257527][ T8954] syzkaller0: entered allmulticast mode
[  442.338330][   T24] usb 8-1: USB disconnect, device number 2
[  442.360636][ T8951] tipc: Resetting bearer <eth:syzkaller0>
[  442.417764][ T8949] tipc: Resetting bearer <eth:syzkaller0>
[  442.463183][ T8949] tipc: Disabling bearer <eth:syzkaller0>
[  443.923986][ T8987] netlink: 28 bytes leftover after parsing attributes in process `syz.5.805'.
[  444.268338][ T8981] loop7: detected capacity change from 0 to 4096
[  444.522802][   T30] audit: type=1326 audit(32978.888:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.660055][   T30] audit: type=1326 audit(32978.918:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=400 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.683934][   T30] audit: type=1326 audit(32978.918:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.706749][   T30] audit: type=1326 audit(32978.928:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.728850][   T30] audit: type=1326 audit(32978.928:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=401 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.751738][   T30] audit: type=1326 audit(32978.928:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.775742][   T30] audit: type=1326 audit(32978.928:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.798801][   T30] audit: type=1326 audit(32978.938:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.820952][   T30] audit: type=1326 audit(32978.938:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  444.843075][   T30] audit: type=1326 audit(32978.938:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.5.808" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  445.864634][ T9011] loop4: detected capacity change from 0 to 128
[  446.011288][ T9011] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  446.436557][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.7.813'.
[  446.446162][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.7.813'.
[  446.724554][ T5818] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  448.799532][ T9045] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  448.806405][ T9045] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  448.817315][ T9045] vhci_hcd vhci_hcd.0: Device attached
[  448.896750][ T9049] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(11)
[  448.903499][ T9049] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  448.911585][ T9049] vhci_hcd vhci_hcd.0: Device attached
[  448.956877][ T9052] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(14)
[  448.963715][ T9052] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  448.972863][ T9052] vhci_hcd vhci_hcd.0: Device attached
[  448.990335][ T9045] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(10)
[  448.997169][ T9045] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  449.005347][ T9045] vhci_hcd vhci_hcd.0: Device attached
[  449.095954][ T6145] vhci_hcd: vhci_device speed not set
[  449.117571][ T9061] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  449.158735][ T9045] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  449.196427][ T6145] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  449.205230][ T9045] vhci_hcd vhci_hcd.0: pdev(4) rhport(6) sockfd(20)
[  449.212043][ T9045] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  449.222221][ T9045] vhci_hcd vhci_hcd.0: Device attached
[  449.353364][ T9054] vhci_hcd: connection closed
[  449.354305][ T9064] vhci_hcd: connection closed
[  449.362886][ T1154] vhci_hcd: stop threads
[  449.372584][ T1154] vhci_hcd: release socket
[  449.377486][ T1154] vhci_hcd: disconnect device
[  449.389205][ T9051] vhci_hcd: connection closed
[  449.398985][ T9057] vhci_hcd: connection closed
[  449.406068][ T9046] vhci_hcd: connection reset by peer
[  449.426923][ T1154] vhci_hcd: stop threads
[  449.431501][ T1154] vhci_hcd: release socket
[  449.436289][ T1154] vhci_hcd: disconnect device
[  449.442692][ T1154] vhci_hcd: stop threads
[  449.447913][ T1154] vhci_hcd: release socket
[  449.452751][ T1154] vhci_hcd: disconnect device
[  449.548128][ T1154] vhci_hcd: stop threads
[  449.552768][ T1154] vhci_hcd: release socket
[  449.557668][ T1154] vhci_hcd: disconnect device
[  449.597230][ T1154] vhci_hcd: stop threads
[  449.601777][ T1154] vhci_hcd: release socket
[  449.606729][ T1154] vhci_hcd: disconnect device
[  449.966728][ T6140] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  450.220829][ T9074] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  450.239520][ T6140] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  450.250095][ T6140] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  450.259826][ T6140] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.445289][ T6140] usb 8-1: config 0 descriptor??
[  450.520265][ T6140] pwc: Askey VC010 type 2 USB webcam detected.
[  451.001881][ T6140] pwc: recv_control_msg error -32 req 02 val 2b00
[  451.010326][ T9078] netlink: 28 bytes leftover after parsing attributes in process `syz.4.828'.
[  451.020947][ T9078] netlink: 28 bytes leftover after parsing attributes in process `syz.4.828'.
[  451.062177][ T6140] pwc: recv_control_msg error -32 req 02 val 2700
[  451.100478][ T6140] pwc: recv_control_msg error -32 req 02 val 2c00
[  451.145156][ T6140] pwc: recv_control_msg error -32 req 04 val 1000
[  451.172055][ T6140] pwc: recv_control_msg error -32 req 04 val 1300
[  451.247472][ T9082] netlink: 'syz.5.829': attribute type 12 has an invalid length.
[  451.273700][ T6140] pwc: recv_control_msg error -32 req 04 val 1400
[  451.273736][ T9078] dummy0: entered promiscuous mode
[  451.283176][ T9078] hsr1: Slave A (dummy0) is not up; please bring it up to get a fully working HSR network
[  451.298364][ T9078] hsr1: Slave B (team0) is not up; please bring it up to get a fully working HSR network
[  451.342031][ T6140] pwc: recv_control_msg error -32 req 02 val 2000
[  451.402749][ T6140] pwc: recv_control_msg error -32 req 02 val 2100
[  451.436621][ T6140] pwc: recv_control_msg error -32 req 04 val 1500
[  451.514669][ T6140] pwc: recv_control_msg error -32 req 02 val 2500
[  451.597176][ T6140] pwc: recv_control_msg error -32 req 02 val 2400
[  451.639566][ T6140] pwc: recv_control_msg error -32 req 02 val 2600
[  451.676242][ T6140] pwc: recv_control_msg error -32 req 02 val 2900
[  451.728591][ T6140] pwc: recv_control_msg error -32 req 02 val 2800
[  451.806316][ T6140] pwc: recv_control_msg error -32 req 04 val 1100
[  451.878144][ T6140] pwc: Registered as video103.
[  451.886981][ T6140] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input8
[  452.082349][ T6140] usb 8-1: USB disconnect, device number 3
[  453.857563][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  453.857642][   T30] audit: type=1326 audit(32988.208:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9107 comm="syz.7.836" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd8539 code=0x0
[  454.204234][ T9112] loop7: detected capacity change from 0 to 256
[  454.346355][ T6145] vhci_hcd: vhci_device speed not set
[  454.463274][ T9118] netlink: 'syz.2.838': attribute type 10 has an invalid length.
[  454.471526][ T9118] syz_tun: entered promiscuous mode
[  454.494422][ T9118] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  454.528166][ T9121] bridge_slave_0: left promiscuous mode
[  454.535050][ T9121] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.598791][ T9121] bridge_slave_1: left promiscuous mode
[  454.607704][ T9121] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.759249][ T9121] bond0: (slave bond_slave_0): Releasing backup interface
[  454.827380][ T9121] bond0: (slave bond_slave_1): Releasing backup interface
[  454.978198][ T9121] team0: Port device team_slave_0 removed
[  455.054745][ T9121] team0: Port device team_slave_1 removed
[  455.063293][ T9121] batman_adv: batadv0: Removing interface: batadv_slave_0
[  455.157205][ T9121] batman_adv: batadv0: Removing interface: batadv_slave_1
[  455.239776][ T9127] deleting an unspecified loop device is not supported.
[  455.250349][ T9121] bond1: (slave geneve2): Releasing active interface
[  455.258954][ T9121] geneve2: left promiscuous mode
[  455.344761][ T7816] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  455.396025][ T9131] GUP no longer grows the stack in syz.6.842 (9131): 80002000-8000a000 (80001000)
[  455.396208][ T9131] CPU: 1 UID: 0 PID: 9131 Comm: syz.6.842 Tainted: G        W           6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(none) 
[  455.396373][ T9131] Tainted: [W]=WARN
[  455.396420][ T9131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  455.396503][ T9131] Call Trace:
[  455.396553][ T9131]  <TASK>
[  455.396603][ T9131]  __dump_stack+0x26/0x30
[  455.396772][ T9131]  dump_stack_lvl+0x1df/0x270
[  455.396943][ T9131]  dump_stack+0x1e/0x25
[  455.397090][ T9131]  __get_user_pages+0x52c2/0x6180
[  455.397230][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.397383][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.397528][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.397695][ T9131]  ? __rcu_read_unlock+0x6d/0xd0
[  455.397866][ T9131]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  455.398091][ T9131]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  455.398257][ T9131]  __gup_longterm_locked+0x1884/0x26a0
[  455.398402][ T9131]  ? gup_fast_fallback+0xfa1/0x3c80
[  455.398544][ T9131]  ? filter_irq_stacks+0x49/0x190
[  455.398742][ T9131]  ? stack_depot_save_flags+0x35/0x7b0
[  455.398897][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.399047][ T9131]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  455.399203][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.399353][ T9131]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  455.399520][ T9131]  gup_fast_fallback+0x3589/0x3c80
[  455.399789][ T9131]  pin_user_pages_fast+0xb7/0x120
[  455.399944][ T9131]  iov_iter_extract_pages+0xa33/0xc40
[  455.400157][ T9131]  extract_iter_to_sg+0x2716/0x4330
[  455.400305][ T9131]  ? should_fail_ex+0x45/0x8a0
[  455.400438][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.400640][ T9131]  af_alg_get_rsgl+0x5fd/0xf30
[  455.400848][ T9131]  aead_recvmsg+0x7b8/0x24f0
[  455.401080][ T9131]  ? __pfx_aead_recvmsg+0x10/0x10
[  455.401250][ T9131]  sock_recvmsg_nosec+0x240/0x2f0
[  455.401416][ T9131]  ____sys_recvmsg+0x4e5/0x610
[  455.401587][ T9131]  ? import_iovec+0xb0/0xe0
[  455.401753][ T9131]  ? get_compat_msghdr+0x670/0x740
[  455.401947][ T9131]  ___sys_recvmsg+0x20b/0x850
[  455.402123][ T9131]  ? filter_irq_stacks+0x13f/0x190
[  455.402316][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.402481][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.402630][ T9131]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  455.402788][ T9131]  ? __cond_resched+0x15/0x130
[  455.402952][ T9131]  do_recvmmsg+0x50b/0xdf0
[  455.403144][ T9131]  ? kmsan_get_metadata+0xfb/0x160
[  455.403329][ T9131]  __sys_recvmmsg+0xf3/0x460
[  455.403503][ T9131]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  455.403663][ T9131]  __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0
[  455.403878][ T9131]  ia32_sys_call+0x2970/0x4310
[  455.404010][ T9131]  __do_fast_syscall_32+0xb0/0x150
[  455.404154][ T9131]  do_fast_syscall_32+0x38/0x80
[  455.404269][ T9131]  do_SYSENTER_32+0x1f/0x30
[  455.404380][ T9131]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  455.404544][ T9131] RIP: 0023:0xf703e539
[  455.404633][ T9131] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  455.404747][ T9131] RSP: 002b:00000000f502e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  455.404876][ T9131] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000180
[  455.404958][ T9131] RDX: 0000000000000002 RSI: 0000000000000101 RDI: 0000000000000000
[  455.405063][ T9131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  455.405140][ T9131] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  455.405213][ T9131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  455.405325][ T9131]  </TASK>
[  455.410592][ T7816] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  455.410813][ T7816] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  455.411004][ T7816] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  456.174240][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.6.845'.
[  456.189099][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.6.845'.
[  456.217989][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.6.845'.
[  456.529662][ T9144] netlink: 4 bytes leftover after parsing attributes in process `syz.6.845'.
[  456.832431][ T9152] bond0: (slave bond_slave_1): Releasing backup interface
[  456.884755][ T9152] team_slave_0: left promiscuous mode
[  456.972399][ T9152] team0: Port device team_slave_0 removed
[  456.982432][ T9152] team_slave_1: left promiscuous mode
[  457.070614][ T9152] team0: Port device team_slave_1 removed
[  457.130008][ T9152] bond1: (slave macvlan2): Removing an active aggregator
[  457.141133][ T9152] bond1: (slave macvlan2): Releasing backup interface
[  457.224532][ T9152] veth5: left allmulticast mode
[  457.231035][ T9152] veth5: left promiscuous mode
[  457.237205][ T9152] bridge0: port 1(veth5) entered disabled state
[  457.357587][ T9150] netlink: 12 bytes leftover after parsing attributes in process `syz.5.857'.
[  457.741400][   T30] audit: type=1800 audit(32992.088:447): pid=9167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.851" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  458.037709][ T9171] syzkaller1: entered promiscuous mode
[  458.043473][ T9171] syzkaller1: entered allmulticast mode
[  459.371365][ T9182] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  459.403798][ T9182] syzkaller0: entered promiscuous mode
[  459.409900][ T9182] syzkaller0: entered allmulticast mode
[  459.730172][ T9182] tipc: Resetting bearer <eth:syzkaller0>
[  459.751550][ T9180] tipc: Resetting bearer <eth:syzkaller0>
[  459.762507][ T9180] tipc: Disabling bearer <eth:syzkaller0>
[  461.559799][ T9202] loop7: detected capacity change from 0 to 128
[  461.698279][ T9202] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  463.328238][ T8469] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  463.784284][ T9241] bridge_slave_0: left allmulticast mode
[  463.790866][ T9241] bridge_slave_0: left promiscuous mode
[  463.798060][ T9241] bridge0: port 1(bridge_slave_0) entered disabled state
[  463.881194][ T9241] bridge_slave_1: left allmulticast mode
[  463.888527][ T9241] bridge_slave_1: left promiscuous mode
[  463.895584][ T9241] bridge0: port 2(bridge_slave_1) entered disabled state
[  463.938708][ T9245] netlink: 4 bytes leftover after parsing attributes in process `syz.7.868'.
[  463.998338][ T9241] bond0: (slave bond_slave_0): Releasing backup interface
[  464.034302][ T9241] bond0: (slave bond_slave_1): Releasing backup interface
[  464.109792][ T9241] team0: Port device team_slave_0 removed
[  464.152615][ T9241] team0: Port device team_slave_1 removed
[  464.163844][ T9241] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  464.171843][ T9241] batman_adv: batadv0: Removing interface: batadv_slave_0
[  464.217025][ T9241] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  464.224617][ T9241] batman_adv: batadv0: Removing interface: batadv_slave_1
[  467.152108][    C1] hrtimer: interrupt took 394071 ns
[  467.723699][ T9304] netlink: 'syz.6.886': attribute type 4 has an invalid length.
[  468.412493][ T9318] netlink: 20 bytes leftover after parsing attributes in process `syz.5.892'.
[  469.173250][ T9333] netlink: 44 bytes leftover after parsing attributes in process `syz.2.895'.
[  469.348587][   T30] audit: type=1326 audit(33003.688:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.370734][   T30] audit: type=1326 audit(33003.708:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=65 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.393134][   T30] audit: type=1326 audit(33003.708:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.415246][   T30] audit: type=1326 audit(33003.708:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.437577][   T30] audit: type=1326 audit(33003.708:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.460177][   T30] audit: type=1326 audit(33003.708:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.924674][   T30] audit: type=1326 audit(33003.858:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.947682][   T30] audit: type=1326 audit(33003.858:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  469.972193][   T30] audit: type=1326 audit(33003.858:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9332 comm="syz.2.895" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  470.362653][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  470.369556][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  471.560689][ T9362] sctp: [Deprecated]: syz.5.904 (pid 9362) Use of int in maxseg socket option.
[  471.560689][ T9362] Use struct sctp_assoc_value instead
[  476.913679][ T9442] fuse: Unknown parameter '0x000000000000000400000000000000000000'
[  477.936891][ T9461] siw: device registration error -23
[  478.691830][ T9456] wlan0 speed is unknown, defaulting to 1000
[  478.698518][ T9456] wlan0 speed is unknown, defaulting to 1000
[  478.705763][ T9456] wlan0 speed is unknown, defaulting to 1000
[  478.741020][ T9456] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  478.801851][ T9449] tipc: Enabled bearer <eth:team0>, priority 0
[  478.816103][ T9475] loop4: detected capacity change from 0 to 2048
[  478.837302][ T9456] wlan0 speed is unknown, defaulting to 1000
[  478.986467][ T9456] wlan0 speed is unknown, defaulting to 1000
[  478.995665][ T9456] wlan0 speed is unknown, defaulting to 1000
[  479.004328][ T9456] wlan0 speed is unknown, defaulting to 1000
[  479.013315][ T9456] wlan0 speed is unknown, defaulting to 1000
[  479.452099][ T9475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  479.691493][ T9485] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  480.627806][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.847772][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz.5.937'.
[  480.934017][ T9501] team0: Mode changed to "loadbalance"
[  480.979872][ T9501] netlink: 'syz.5.937': attribute type 10 has an invalid length.
[  480.988407][ T9501] bond0: left allmulticast mode
[  480.998122][ T9501] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.008138][ T9501] bond0: entered allmulticast mode
[  481.017036][ T9501] team0: Port device bond0 added
[  481.169913][ T9505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.938'.
[  481.239835][ T9505] team0: Mode changed to "loadbalance"
[  481.348314][ T9505] netlink: 'syz.4.938': attribute type 10 has an invalid length.
[  481.360702][ T9505] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.371378][ T9505] team0: Device bond0 failed to register rx_handler
[  481.423006][ T9510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.938'.
[  483.446479][ T9520] netlink: 'syz.5.941': attribute type 1 has an invalid length.
[  483.454497][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.5.941'.
[  483.581917][ T9518] wlan0 speed is unknown, defaulting to 1000
[  483.587827][ T9523] sctp: [Deprecated]: syz.7.942 (pid 9523) Use of struct sctp_assoc_value in delayed_ack socket option.
[  483.587827][ T9523] Use struct sctp_sack_info instead
[  484.643767][ T9528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.943'.
[  485.020013][ T9539] loop4: detected capacity change from 0 to 2048
[  485.087275][ T9539] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  485.097647][ T9539] NILFS (loop4): mounting unchecked fs
[  485.190897][ T9539] NILFS (loop4): recovery complete
[  485.210233][ T9544] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  485.309191][ T9546] netlink: 4 bytes leftover after parsing attributes in process `syz.7.948'.
[  485.394768][ T9543] tipc: New replicast peer: 127.0.0.1
[  485.404117][ T9543] tipc: Enabled bearer <udp:syz2>, priority 10
[  485.469353][ T9539] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  485.476978][ T9539] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  485.483666][   T30] audit: type=1800 audit(33019.838:457): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.946" name="file1" dev="loop4" ino=15 res=0 errno=0
[  485.545284][ T9539] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  485.552211][ T9539] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  485.584219][ T9539] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  485.590856][ T9539] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  485.610114][ T9539] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  485.617597][ T9539] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  485.631441][ T9539] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  485.674954][ T9539] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  485.682892][ T9539] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  485.793661][ T9539] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  485.812629][   T30] audit: type=1800 audit(33020.108:458): pid=9548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.946" name="file1" dev="loop4" ino=15 res=0 errno=0
[  486.395763][ T6145] tipc: Node number set to 592977880
[  486.953225][   T30] audit: type=1326 audit(33021.318:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  486.976268][   T30] audit: type=1326 audit(33021.318:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  486.998778][   T30] audit: type=1326 audit(33021.318:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  487.114881][   T30] audit: type=1326 audit(33021.398:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  487.137109][   T30] audit: type=1326 audit(33021.398:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  487.159214][   T30] audit: type=1326 audit(33021.398:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  487.182142][   T30] audit: type=1326 audit(33021.408:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  487.204402][   T30] audit: type=1326 audit(33021.408:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.4.953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  487.376660][ T5815] Bluetooth: hci2: command 0x0406 tx timeout
[  487.616063][ T5815] Bluetooth: hci1: command 0x0406 tx timeout
[  487.616935][ T5828] Bluetooth: hci3: command 0x0406 tx timeout
[  487.696472][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  487.696538][ T5815] Bluetooth: hci4: command 0x0c1a tx timeout
[  489.458145][ T5828] Bluetooth: hci2: command 0x0406 tx timeout
[  489.696948][ T5828] Bluetooth: hci3: command 0x0406 tx timeout
[  489.697468][ T5815] Bluetooth: hci1: command 0x0406 tx timeout
[  489.776756][ T5815] Bluetooth: hci0: command 0x0c1a tx timeout
[  489.776818][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  490.792757][ T9604] syz_tun: left promiscuous mode
[  490.823675][ T9604] syz_tun: entered promiscuous mode
[  490.834955][ T9604] 8021q: adding VLAN 0 to HW filter on device bond0
[  490.847252][ T9604] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  490.900065][ T4117] bond0: (slave syz_tun): interface is now down
[  490.907534][ T4117] bond0: now running without any active interface!
[  491.369301][ T9613] netlink: 20 bytes leftover after parsing attributes in process `syz.4.963'.
[  491.430505][ T9601] syz.7.961 (9601) used greatest stack depth: 2360 bytes left
[  492.285303][ T5815] Bluetooth: hci4: command 0x0c1a tx timeout
[  492.292487][ T5815] Bluetooth: hci0: command 0x0c1a tx timeout
[  494.283072][ T9650] loop4: detected capacity change from 0 to 512
[  494.660161][ T9647] wlan0 speed is unknown, defaulting to 1000
[  494.855093][ T9650] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  495.144438][ T9650] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  496.119501][   T30] kauditd_printk_skb: 155 callbacks suppressed
[  496.119585][   T30] audit: type=1326 audit(33030.458:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9649 comm="syz.4.972" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  496.150075][   T30] audit: type=1326 audit(33030.458:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9649 comm="syz.4.972" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  496.390855][ T9669] netlink: 'syz.6.974': attribute type 1 has an invalid length.
[  496.399172][ T9669] netlink: 36 bytes leftover after parsing attributes in process `syz.6.974'.
[  496.497376][ T9669] overlayfs: failed to clone upperpath
[  497.142800][ T9675] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  497.317151][   T30] audit: type=1326 audit(33030.548:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9649 comm="syz.4.972" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  497.340068][   T30] audit: type=1326 audit(33030.578:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9649 comm="syz.4.972" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  497.363060][   T30] audit: type=1326 audit(33030.578:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9649 comm="syz.4.972" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  497.548272][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.612180][ T5828] Bluetooth: hci4: unexpected event for opcode 0x0c5a
[  498.909194][ T6145] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  499.082413][ T9616] Set syz1 is full, maxelem 65536 reached
[  499.135802][ T6145] usb 5-1: Using ep0 maxpacket: 8
[  499.187272][ T6145] usb 5-1: unable to get BOS descriptor or descriptor too short
[  499.207601][ T6145] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  499.219060][ T6145] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  499.277494][ T6145] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  499.287439][ T6145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.296011][ T6145] usb 5-1: Product: syz
[  499.300357][ T6145] usb 5-1: Manufacturer: syz
[  499.305137][ T6145] usb 5-1: SerialNumber: syz
[  499.424844][ T6145] usb 5-1: config 0 descriptor??
[  499.434269][ T5828] Bluetooth: hci2: unexpected event for opcode 0x080c
[  499.477825][ T6145] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  499.617187][ T6145] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2
[  499.700575][ T6145] usb 5-1: USB disconnect, device number 9
[  499.831538][ T5990] udevd[5990]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  500.468568][   T30] audit: type=1326 audit(33034.838:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.7.986" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  500.492526][   T30] audit: type=1326 audit(33034.838:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.7.986" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  500.658829][   T30] audit: type=1326 audit(33034.918:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.7.986" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  500.682502][   T30] audit: type=1326 audit(33034.918:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.7.986" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  500.705005][   T30] audit: type=1326 audit(33034.918:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.7.986" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  501.112592][ T5828] Bluetooth: hci1: unexpected event for opcode 0x2060
[  501.222867][ T5828] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  501.274594][ T9726] loop4: detected capacity change from 0 to 64
[  501.757006][ T5828] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  502.078379][ T5828] Bluetooth: hci4: unexpected event for opcode 0x201c
[  502.767246][ T5828] Bluetooth: hci1: Malformed Event: 0x13
[  503.978010][ T5828] Bluetooth: hci2: unexpected event 0x3e length: 283 > 260
[  503.978152][ T5828] Bluetooth: hci2: unexpected subevent 0x0d length: 282 > 260
[  504.617468][ T5828] Bluetooth: hci3: unexpected event for opcode 0x2016
[  505.281255][ T5828] Bluetooth: hci1: unexpected event for opcode 0x1408
[  505.379180][ T5828] Bluetooth: hci2: unexpected event 0x09 length: 6 > 3
[  505.395816][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  505.611511][   T24] usb 5-1: Using ep0 maxpacket: 32
[  505.661201][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  505.687524][   T24] usb 5-1: config 3 has an invalid interface number: 98 but max is 0
[  505.697946][   T24] usb 5-1: config 3 has no interface number 0
[  505.705936][   T24] usb 5-1: config 3 interface 98 altsetting 10 endpoint 0x2 has invalid maxpacket 9212, setting to 1024
[  505.718817][   T24] usb 5-1: config 3 interface 98 has no altsetting 0
[  505.818740][ T5828] Bluetooth: hci1: Unable to find connection with handle 0x0001
[  505.868039][   T24] usb 5-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=b9.a8
[  505.877748][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.886274][   T24] usb 5-1: Product: syz
[  505.890622][   T24] usb 5-1: Manufacturer: syz
[  505.895740][   T24] usb 5-1: SerialNumber: syz
[  506.235656][ T5828] Bluetooth: hci0: unexpected event for opcode 0x080e
[  506.264661][   T24] usb 5-1: USB disconnect, device number 10
[  506.276735][ T5828] Bluetooth: hci1: unexpected event for opcode 0x0c7d
[  506.677562][ T5828] Bluetooth: hci0: unexpected event for opcode 0x0c5b
[  507.076405][ T5828] Bluetooth: hci3: unexpected event 0x0f length: 99 > 4
[  507.076557][ T5828] Bluetooth: hci3: unexpected event for opcode 0x200d
[  507.590940][ T5828] Bluetooth: hci2: unexpected event for opcode 0x2012
[  507.645031][ T5828] Bluetooth: hci1: unexpected event for opcode 0x0c26
[  508.546137][ T5828] Bluetooth: hci4: unexpected event for opcode 0x0419
[  509.162843][ T5828] Bluetooth: hci1: unexpected event for opcode 0x2029
[  509.257849][ T9883] loop4: detected capacity change from 0 to 512
[  509.371630][ T9883] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  509.415136][ T9883] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: comm syz.4.1058: inode #1661: comm syz.4.1058: iget: illegal inode #
[  509.508297][ T9883] EXT4-fs (loop4): no journal found
[  509.513706][ T9883] EXT4-fs (loop4): can't get journal size
[  509.565058][ T9883] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  509.630048][ T9883] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8056c118, mo2=0002]
[  509.706051][ T9883] EXT4-fs (loop4): Errors on filesystem, clearing orphan list.
[  509.716113][ T9883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  509.879386][ T9900] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  509.888284][ T9900] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock
[  509.898229][ T9900] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  509.906771][ T9900] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock
[  510.079891][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  510.556029][ T5828] Bluetooth: hci4: unexpected event for opcode 0x0c2d
[  511.042522][ T9924] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  511.374466][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  511.374542][   T30] audit: type=1326 audit(33045.738:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.4.1079" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  511.525642][   T30] audit: type=1326 audit(33045.798:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.4.1079" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  511.548563][   T30] audit: type=1326 audit(33045.808:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.4.1079" exe="/root/syz-executor" sig=0 arch=40000003 syscall=294 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  511.571111][   T30] audit: type=1326 audit(33045.828:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.4.1079" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  511.593140][   T30] audit: type=1326 audit(33045.828:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9931 comm="syz.4.1079" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  511.827784][ T9941] capability: warning: `syz.5.1083' uses deprecated v2 capabilities in a way that may be insecure
[  512.152853][ T5828] Bluetooth: hci4: unexpected event for opcode 0x2031
[  512.481493][ T9957] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1088'.
[  512.491067][ T9957] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1088'.
[  513.217670][ T5828] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  513.226475][ T5828] Bluetooth: hci1: Injecting HCI hardware error event
[  513.234288][ T5828] Bluetooth: hci1: hardware error 0x00
[  513.571027][ T9987] tunl0: left allmulticast mode
[  513.577639][ T9987] gre0: left allmulticast mode
[  513.585029][ T9987] gretap0: left allmulticast mode
[  513.591305][ T9987] erspan0: left allmulticast mode
[  513.597253][ T9987] ip_vti0: left allmulticast mode
[  513.603273][ T9987] ip6_vti0: left allmulticast mode
[  513.609617][ T9987] sit0: left allmulticast mode
[  513.615730][ T9987] ip6tnl0: left allmulticast mode
[  513.622214][ T9987] ip6gretap0: left allmulticast mode
[  513.628538][ T9987] bridge0: left allmulticast mode
[  513.634808][ T9987] vcan0: left allmulticast mode
[  513.641163][ T9987] team0: left allmulticast mode
[  513.646330][ T9987] bond0: left allmulticast mode
[  513.652197][ T9987] dummy0: left allmulticast mode
[  513.658351][ T9987] nlmon0: left allmulticast mode
[  513.664370][ T9987] caif0: left allmulticast mode
[  513.670509][ T9987] batadv0: left allmulticast mode
[  513.676631][ T9987] vxcan0: left allmulticast mode
[  513.682225][ T9987] vxcan1: left allmulticast mode
[  513.689456][ T9987] veth0: left allmulticast mode
[  513.695306][ T9987] veth1: left allmulticast mode
[  513.701918][ T9987] veth0_to_bridge: left allmulticast mode
[  513.708759][ T9987] bridge_slave_0: left allmulticast mode
[  513.715654][ T9987] veth1_to_bridge: left allmulticast mode
[  513.722372][ T9987] bridge_slave_1: left allmulticast mode
[  513.730793][ T9987] bond_slave_0: left allmulticast mode
[  513.737342][ T9987] veth1_to_bond: left allmulticast mode
[  513.743898][ T9987] bond_slave_1: left allmulticast mode
[  513.750520][ T9987] veth0_to_team: left allmulticast mode
[  513.757365][ T9987] team_slave_0: left allmulticast mode
[  513.763862][ T9987] veth1_to_team: left allmulticast mode
[  513.770641][ T9987] team_slave_1: left allmulticast mode
[  513.777300][ T9987] veth0_to_batadv: left allmulticast mode
[  513.784159][ T9987] batadv_slave_0: left allmulticast mode
[  513.792199][ T9987] veth1_to_batadv: left allmulticast mode
[  513.799245][ T9987] batadv_slave_1: left allmulticast mode
[  513.806077][ T9987] xfrm0: left allmulticast mode
[  513.811946][ T9987] veth0_to_hsr: left allmulticast mode
[  513.819561][ T9987] veth1_to_hsr: left allmulticast mode
[  513.827194][ T9987] hsr0: left allmulticast mode
[  513.832282][ T9987] hsr_slave_0: left allmulticast mode
[  513.838261][ T9987] hsr_slave_1: left allmulticast mode
[  513.844681][ T9987] veth1_virt_wifi: left allmulticast mode
[  513.851839][ T9987] veth0_virt_wifi: left allmulticast mode
[  513.858759][ T9987] net veth1_virt_wifi virt_wifi0: left allmulticast mode
[  513.867133][ T9987] veth1_macvtap: left allmulticast mode
[  513.873900][ T9987] veth0_macvtap: left allmulticast mode
[  513.880702][ T9987] macvtap0: left allmulticast mode
[  513.887077][ T9987] macsec0: left allmulticast mode
[  513.894484][ T9987] geneve0: left allmulticast mode
[  513.900653][ T9987] geneve1: left allmulticast mode
[  513.906945][ T9987] netdevsim netdevsim5 netdevsim0: left allmulticast mode
[  513.915070][ T9987] netdevsim netdevsim5 netdevsim1: left allmulticast mode
[  513.923461][ T9987] netdevsim netdevsim5 netdevsim2: left allmulticast mode
[  513.931816][ T9987] netdevsim netdevsim5 netdevsim3: left allmulticast mode
[  513.940198][ T9987] mac80211_hwsim hwsim13 wlan0: left allmulticast mode
[  513.950889][ T9987] bond1: left promiscuous mode
[  514.469112][ T9999] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1106'.
[  514.609297][T10001] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  514.616396][T10001] comedi comedi3: 8255: I/O port conflict (0x10000,4)
[  514.623606][T10001] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  514.630658][T10001] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  514.637898][T10001] comedi comedi3: 8255: I/O port conflict (0x10,4)
[  514.644939][T10001] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  514.651826][T10001] comedi comedi3: 8255: I/O port conflict (0x400000a,4)
[  514.659324][T10001] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff8,4)
[  514.667670][T10001] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  514.674363][T10001] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  514.681374][T10001] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  514.688339][T10001] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  514.701867][T10001] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  514.875657][T10007] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1110'.
[  515.296469][ T5828] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  515.521428][T10021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1117'.
[  515.591613][T10023] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1119'.
[  516.270320][T10041] netlink: 'syz.5.1126': attribute type 1 has an invalid length.
[  516.407771][T10044] bond2: (slave gretap1): making interface the new active one
[  516.419535][T10044] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  516.602949][T10041] vlan0: entered allmulticast mode
[  516.608556][T10041] bond2: entered allmulticast mode
[  516.614040][T10041] gretap1: entered allmulticast mode
[  516.625154][T10041] bond2: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  516.996814][   T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  517.186784][   T24] usb 5-1: Using ep0 maxpacket: 16
[  517.200048][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  517.207531][   T24] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  517.218257][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.278606][T10063] netlink: 'syz.5.1132': attribute type 3 has an invalid length.
[  517.287341][T10063] netlink: 'syz.5.1132': attribute type 3 has an invalid length.
[  517.301534][   T24] usb 5-1: config 0 descriptor??
[  517.723756][T10053] loop4: detected capacity change from 0 to 512
[  517.853505][T10075] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1136'.
[  517.865109][T10075] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1136'.
[  518.009313][T10053] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.1127: corrupted in-inode xattr: invalid ea_ino
[  518.089713][T10053] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1127: couldn't read orphan inode 15 (err -117)
[  518.162780][T10053] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000500000000 r/w without journal. Quota mode: writeback.
[  518.378309][T10086] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1140'.
[  518.388669][T10086] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1140'.
[  518.530977][   T24] hid (null): unknown global tag 0xc
[  518.537864][   T24] hid (null): unknown global tag 0xc
[  518.543540][   T24] hid (null): unknown global tag 0xd4
[  518.549526][   T24] hid (null): invalid report_size 58068
[  518.573400][   T24] hid (null): invalid report_count 497205603
[  518.582381][   T24] hid (null): invalid report_count -400155653
[  518.590317][   T24] hid (null): unknown global tag 0xe
[  518.598350][   T24] hid (null): unknown global tag 0xe
[  518.818700][   T24] usb 5-1: USB disconnect, device number 11
[  518.969386][T10093] netlink: 'syz.2.1142': attribute type 1 has an invalid length.
[  519.070609][T10096] vlan0: entered allmulticast mode
[  519.076413][T10096] bond4: entered allmulticast mode
[  519.567169][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000500000000.
[  519.686178][T10105] netlink: 'syz.6.1146': attribute type 3 has an invalid length.
[  519.694619][T10105] netlink: 'syz.6.1146': attribute type 3 has an invalid length.
[  519.799353][T10110] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (3)
[  520.276100][   T30] audit: type=1326 audit(33054.618:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  520.405718][   T30] audit: type=1326 audit(33054.678:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  520.428390][   T30] audit: type=1326 audit(33054.678:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=40000003 syscall=195 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  520.452521][   T30] audit: type=1326 audit(33054.678:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  520.476097][   T30] audit: type=1326 audit(33054.678:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10120 comm="syz.2.1154" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  520.859429][T10132] syz_tun: left promiscuous mode
[  520.917167][T10132] vlan2: left promiscuous mode
[  520.922145][T10132] bridge0: left promiscuous mode
[  520.928247][T10132] vlan2: left allmulticast mode
[  520.933384][T10132] bridge0: left allmulticast mode
[  520.939568][T10132] vxlan0: left promiscuous mode
[  521.080115][T10137] netlink: 76 bytes leftover after parsing attributes in process `syz.7.1163'.
[  522.168824][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1171'.
[  522.464715][T10169] netlink: 34 bytes leftover after parsing attributes in process `syz.5.1174'.
[  523.269610][ T5828] Bluetooth: hci3: unexpected event for opcode 0x2029
[  526.109018][T10207] netlink: 'syz.7.1189': attribute type 7 has an invalid length.
[  527.306637][ T5828] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  527.315173][ T5828] Bluetooth: hci3: Injecting HCI hardware error event
[  527.325695][ T5828] Bluetooth: hci3: hardware error 0x00
[  529.392031][ T5828] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  530.885191][T10266] dummy0: entered promiscuous mode
[  530.933430][T10266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1210'.
[  531.144977][T10263] dummy0: left promiscuous mode
[  531.246841][T10273] netlink: 'syz.5.1222': attribute type 14 has an invalid length.
[  531.808787][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  535.262257][ T5828] Bluetooth: hci0: unexpected cc 0x0402 length: 4 > 1
[  535.270375][ T5828] Bluetooth: hci0: unexpected event for opcode 0x0402
[  535.411443][T10314] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1226'.
[  537.254719][T10351] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  541.097777][T10392] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  541.444719][T10397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1252'.
[  542.931474][T10342] Set syz1 is full, maxelem 65536 reached
[  543.129527][T10399] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1253'.
[  544.284927][T10428] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1264'.
[  544.298134][T10428] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1264'.
[  544.962938][T10441] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1276'.
[  544.972484][T10441] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1276'.
[  545.496917][T10451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1269'.
[  545.712199][T10457] loop4: detected capacity change from 0 to 256
[  545.951811][T10457] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  546.080672][T10457] exFAT-fs (loop4): start_clu is invalid cluster(0xffffffff)
[  546.830101][T10469] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1274'.
[  547.650831][T10492] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  547.657594][T10492] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  547.666272][T10492] vhci_hcd vhci_hcd.0: Device attached
[  547.759582][T10497] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  547.881268][T10492] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(6)
[  547.888027][T10492] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  547.896828][T10492] vhci_hcd vhci_hcd.0: Device attached
[  547.915990][T10497] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(9)
[  547.922750][T10497] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  547.930566][ T5870] vhci_hcd: vhci_device speed not set
[  547.936888][T10497] vhci_hcd vhci_hcd.0: Device attached
[  548.043854][T10505] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(14)
[  548.050707][T10505] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  548.059147][T10505] vhci_hcd vhci_hcd.0: Device attached
[  548.073549][ T5870] usb 41-1: new full-speed USB device number 3 using vhci_hcd
[  548.123071][T10510] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  548.176357][T10492] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  548.438348][T10501] vhci_hcd: connection closed
[  548.438623][T10506] vhci_hcd: connection closed
[  548.444286][ T7820] vhci_hcd: stop threads
[  548.454069][ T7820] vhci_hcd: release socket
[  548.459666][ T7820] vhci_hcd: disconnect device
[  548.488607][T10499] vhci_hcd: connection closed
[  548.491496][T10493] vhci_hcd: connection reset by peer
[  548.548867][ T7820] vhci_hcd: stop threads
[  548.553308][ T7820] vhci_hcd: release socket
[  548.558246][ T7820] vhci_hcd: disconnect device
[  548.600625][ T7820] vhci_hcd: stop threads
[  548.606052][ T7820] vhci_hcd: release socket
[  548.611204][ T7820] vhci_hcd: disconnect device
[  548.665674][ T7820] vhci_hcd: stop threads
[  548.670212][ T7820] vhci_hcd: release socket
[  548.675027][ T7820] vhci_hcd: disconnect device
[  550.380985][T10541] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1293'.
[  550.596383][T10554] netlink: 'syz.5.1307': attribute type 39 has an invalid length.
[  551.158003][T10561] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  551.190428][T10561] syzkaller0: entered promiscuous mode
[  551.196355][T10561] syzkaller0: entered allmulticast mode
[  551.231664][T10567] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  551.291473][T10570] tipc: Resetting bearer <eth:syzkaller0>
[  551.336812][T10560] tipc: Resetting bearer <eth:syzkaller0>
[  551.370118][T10560] tipc: Disabling bearer <eth:syzkaller0>
[  552.039724][T10584] loop4: detected capacity change from 0 to 512
[  552.157350][T10584] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  552.371153][   T30] audit: type=1804 audit(33086.738:690): pid=10584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1306" name="/newroot/274/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  552.897670][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  553.241286][ T5870] vhci_hcd: vhci_device speed not set
[  553.324459][T10609] 8021q: VLANs not supported on nlmon0
[  553.751744][T10607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1314'.
[  553.781708][T10607] batadv_slave_1 (unregistering): left allmulticast mode
[  554.377862][T10631] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  555.507205][T10652] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  555.558277][T10651] netlink: 'syz.4.1328': attribute type 39 has an invalid length.
[  557.305017][T10683] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  557.786567][T10684] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1335'.
[  557.892484][T10695] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  558.585095][T10709] siw: device registration error -23
[  560.304599][T10733] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1359'.
[  560.314384][T10733] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1359'.
[  560.406923][T10733] team0: entered promiscuous mode
[  560.412257][T10733] bond0: entered promiscuous mode
[  560.427452][T10733] debugfs: 'hsr1' already exists in 'hsr'
[  560.433919][T10733] Cannot create hsr debugfs directory
[  560.440089][T10733] hsr1: Slave A (dummy0) is not up; please bring it up to get a fully working HSR network
[  560.450380][T10733] hsr1: Slave B (team0) is not up; please bring it up to get a fully working HSR network
[  562.084365][T10768] netlink: 'syz.2.1356': attribute type 39 has an invalid length.
[  562.093155][T10769] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  563.059617][T10784] wlan0 speed is unknown, defaulting to 1000
[  563.231118][T10786] netlink: 'syz.6.1360': attribute type 12 has an invalid length.
[  564.918309][T10815] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1371'.
[  565.059302][T10818] wlan0 speed is unknown, defaulting to 1000
[  570.138916][T10874] 8021q: VLANs not supported on nlmon0
[  570.712087][T10884] wlan0 speed is unknown, defaulting to 1000
[  571.941917][T10907] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  572.815966][T10921] bond0: (slave syz_tun): Releasing backup interface
[  572.822984][T10921] bond0: (slave syz_tun): the permanent HWaddr of slave - aa:aa:aa:aa:aa:aa - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  572.952846][T10921] bond0: (slave team0): Releasing backup interface
[  572.962922][T10927] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1407'.
[  572.972677][T10927] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1407'.
[  573.032249][T10921] bond2: (slave geneve2): Releasing active interface
[  573.052399][T10931] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1407'.
[  573.064680][T10921] bond3: (slave gretap2): Releasing active interface
[  573.071961][T10921] gretap2: left allmulticast mode
[  573.185971][T10927] team0: Mode changed to "loadbalance"
[  573.550771][T10939] netlink: 'syz.2.1422': attribute type 4 has an invalid length.
[  577.345837][T11006] netlink: 'syz.7.1439': attribute type 1 has an invalid length.
[  577.726635][   T30] audit: type=1326 audit(33112.088:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11011 comm="syz.5.1443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  577.818768][   T30] audit: type=1326 audit(33112.128:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11011 comm="syz.5.1443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  577.841591][   T30] audit: type=1326 audit(33112.128:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11011 comm="syz.5.1443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  577.863975][   T30] audit: type=1326 audit(33112.128:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11011 comm="syz.5.1443" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  578.758158][T11031] netlink: 'syz.7.1452': attribute type 14 has an invalid length.
[  580.164624][T11055] loop4: detected capacity change from 0 to 128
[  580.517652][T11064] wlan0 speed is unknown, defaulting to 1000
[  580.546848][T11063] netlink: 'syz.7.1467': attribute type 14 has an invalid length.
[  582.200666][T11087] siw: device registration error -23
[  582.585658][T11093] netlink: 'syz.6.1481': attribute type 13 has an invalid length.
[  583.901158][T11122] siw: device registration error -23
[  584.734738][T11133] sctp: [Deprecated]: syz.5.1491 (pid 11133) Use of struct sctp_assoc_value in delayed_ack socket option.
[  584.734738][T11133] Use struct sctp_sack_info instead
[  585.315165][T11141] netlink: 'syz.7.1495': attribute type 13 has an invalid length.
[  586.549849][T11164] netlink: 'syz.6.1506': attribute type 4 has an invalid length.
[  586.558474][T11164] netlink: 152 bytes leftover after parsing attributes in process `syz.6.1506'.
[  586.570991][T11164] Ã: renamed from bond0
[  586.872918][T11167] fuse: Unknown parameter '0x000000000000000400000000000000000000'
[  587.080600][T11167] tipc: Enabled bearer <eth:team0>, priority 0
[  587.242108][T11177] netlink: 'syz.5.1511': attribute type 13 has an invalid length.
[  587.422859][T11179] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1512'.
[  587.608190][T11182] netlink: 'syz.7.1512': attribute type 10 has an invalid length.
[  589.108078][   T30] audit: type=1326 audit(33123.468:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.218408][   T30] audit: type=1326 audit(33123.508:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.241778][   T30] audit: type=1326 audit(33123.508:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.265086][   T30] audit: type=1326 audit(33123.508:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.287650][   T30] audit: type=1326 audit(33123.518:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.310362][   T30] audit: type=1326 audit(33123.518:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.334395][   T30] audit: type=1326 audit(33123.518:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.357622][   T30] audit: type=1326 audit(33123.518:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.380714][   T30] audit: type=1326 audit(33123.518:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  589.403518][   T30] audit: type=1326 audit(33123.528:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11203 comm="syz.5.1523" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f47539 code=0x7ffc0000
[  591.040111][T11219] netlink: 'syz.2.1527': attribute type 14 has an invalid length.
[  591.739629][T11232] 8021q: adding VLAN 0 to HW filter on device bond0
[  592.066438][T11232] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  592.358285][T11243] netlink: 'syz.5.1536': attribute type 1 has an invalid length.
[  592.366681][T11243] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1536'.
[  592.394435][T11243] overlayfs: failed to clone upperpath
[  593.247098][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  593.884743][T11255] wlan0 speed is unknown, defaulting to 1000
[  594.331644][T11256] wlan0 speed is unknown, defaulting to 1000
[  596.791152][T11278] netlink: 'syz.5.1544': attribute type 14 has an invalid length.
[  599.258506][T11247] Set syz1 is full, maxelem 65536 reached
[  600.298734][T11310] wlan0 speed is unknown, defaulting to 1000
[  600.505969][T11312] wlan0 speed is unknown, defaulting to 1000
[  600.663630][ T5828] Bluetooth: hci2: Malformed Event: 0x13
[  601.200262][T11327] netlink: 'syz.2.1559': attribute type 14 has an invalid length.
[  601.821464][ T5828] Bluetooth: hci2: unexpected event for opcode 0x2060
[  601.991361][ T5828] Bluetooth: hci0: unexpected event for opcode 0x0c5a
[  602.058802][ T5828] Bluetooth: hci4: unexpected event 0x3e length: 283 > 260
[  602.058970][ T5828] Bluetooth: hci4: unexpected subevent 0x0d length: 282 > 260
[  602.184687][ T5828] Bluetooth: hci2: unexpected event for opcode 0x2016
[  602.352153][   T30] kauditd_printk_skb: 182 callbacks suppressed
[  602.352225][   T30] audit: type=1326 audit(33136.718:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.505171][   T30] audit: type=1326 audit(33136.768:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.506486][   T30] audit: type=1326 audit(33136.768:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.506702][   T30] audit: type=1326 audit(33136.768:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.506914][   T30] audit: type=1326 audit(33136.778:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.507121][   T30] audit: type=1326 audit(33136.778:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.507327][   T30] audit: type=1326 audit(33136.778:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.507625][   T30] audit: type=1326 audit(33136.788:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.507845][   T30] audit: type=1326 audit(33136.788:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.508059][   T30] audit: type=1326 audit(33136.798:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11346 comm="syz.4.1570" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  602.755883][T11354] wlan0 speed is unknown, defaulting to 1000
[  602.821847][T11355] loop4: detected capacity change from 0 to 1764
[  602.866885][T11355] iso9660: Bad value for 'session'
[  603.072877][T11363] netlink: 'syz.6.1575': attribute type 14 has an invalid length.
[  603.305543][T11359] wlan0 speed is unknown, defaulting to 1000
[  603.854101][ T5828] Bluetooth: hci0: unexpected event for opcode 0x1408
[  604.753646][T11384] wlan0 speed is unknown, defaulting to 1000
[  604.793731][ T5828] Bluetooth: hci4: unexpected event for opcode 0x080e
[  604.812046][T11387] wlan0 speed is unknown, defaulting to 1000
[  605.572596][T11402] wlan0 speed is unknown, defaulting to 1000
[  605.643174][T11403] netlink: 'syz.5.1589': attribute type 14 has an invalid length.
[  605.797986][T11404] wlan0 speed is unknown, defaulting to 1000
[  606.259431][ T5828] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  606.268582][ T5828] Bluetooth: hci2: Injecting HCI hardware error event
[  606.278900][ T5828] Bluetooth: hci2: hardware error 0x00
[  607.749292][T11435] wlan0 speed is unknown, defaulting to 1000
[  607.855881][T11417] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  607.864774][T11417] Bluetooth: hci0: Injecting HCI hardware error event
[  607.874814][T11417] Bluetooth: hci0: hardware error 0x00
[  608.082714][T11440] wlan0 speed is unknown, defaulting to 1000
[  608.336128][ T5828] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  609.333979][T11456] wlan0 speed is unknown, defaulting to 1000
[  609.540798][T11458] wlan0 speed is unknown, defaulting to 1000
[  609.937321][T11417] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  610.004916][T11460] loop4: detected capacity change from 0 to 512
[  610.159376][T11460] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  610.267681][T11460] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  610.446199][T11460] EXT4-fs (loop4): 1 truncate cleaned up
[  610.455280][T11460] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  611.028813][ T5818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  611.344175][T11491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1617'.
[  611.403385][T11491] tipc: New replicast peer: 127.0.0.1
[  611.411275][T11491] tipc: Enabled bearer <udp:syz2>, priority 10
[  611.507145][T11497] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1620'.
[  611.558753][T11495] wlan0 speed is unknown, defaulting to 1000
[  611.799312][T11494] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  611.869949][T11498] wlan0 speed is unknown, defaulting to 1000
[  612.963951][T11522] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  612.972610][T11522] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock
[  612.983754][T11522] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  612.992137][T11522] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock
[  613.347880][T11526] wlan0 speed is unknown, defaulting to 1000
[  614.822875][T11553] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  615.326206][T11557] wlan0 speed is unknown, defaulting to 1000
[  615.562706][T11563] wlan0 speed is unknown, defaulting to 1000
[  616.133971][T11571] wlan0 speed is unknown, defaulting to 1000
[  616.463465][T11581] IPVS: rr: FWM 3 0x00000003 - no destination available
[  618.607657][T11609] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1661'.
[  618.617915][T11609] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1661'.
[  618.834944][T11613] wlan0 speed is unknown, defaulting to 1000
[  620.195077][T11636] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1673'.
[  620.205116][T11636] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1673'.
[  620.538796][T11642] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1675'.
[  620.941164][T11646] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1676'.
[  620.959981][T11647] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1677'.
[  621.525109][T11650] wlan0 speed is unknown, defaulting to 1000
[  622.557439][T11668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1684'.
[  622.954669][T11673] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1686'.
[  622.965841][T11673] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1686'.
[  623.091018][T11674] wlan0 speed is unknown, defaulting to 1000
[  623.616140][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  623.616214][   T30] audit: type=1326 audit(33157.988:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11688 comm="syz.4.1691" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  623.708240][   T30] audit: type=1326 audit(33158.048:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11688 comm="syz.4.1691" exe="/root/syz-executor" sig=0 arch=40000003 syscall=195 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  623.730739][   T30] audit: type=1326 audit(33158.048:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11688 comm="syz.4.1691" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  623.752861][   T30] audit: type=1326 audit(33158.048:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11688 comm="syz.4.1691" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc2539 code=0x7ffc0000
[  624.195792][   T30] audit: type=1326 audit(33158.558:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.7.1694" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  624.218973][   T30] audit: type=1326 audit(33158.558:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.7.1694" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  624.382526][   T30] audit: type=1326 audit(33158.618:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.7.1694" exe="/root/syz-executor" sig=0 arch=40000003 syscall=400 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  624.405062][   T30] audit: type=1326 audit(33158.618:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.7.1694" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  624.429388][   T30] audit: type=1326 audit(33158.618:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.7.1694" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  624.451622][   T30] audit: type=1326 audit(33158.658:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.7.1694" exe="/root/syz-executor" sig=0 arch=40000003 syscall=401 compat=1 ip=0xf7fd8539 code=0x7ffc0000
[  624.748471][T11707] siw: device registration error -23
[  625.178528][T11714] netlink: 'syz.6.1703': attribute type 14 has an invalid length.
[  625.598205][T11717] loop4: detected capacity change from 0 to 4096
[  625.803708][T11729] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1710'.
[  626.769491][T11744] siw: device registration error -23
[  627.621567][T11756] netlink: 'syz.4.1719': attribute type 14 has an invalid length.
[  628.293931][T11766] netlink: 'syz.4.1735': attribute type 14 has an invalid length.
[  628.437011][T11769] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1726'.
[  628.651263][T11774] netlink: 'syz.6.1726': attribute type 10 has an invalid length.
[  628.703317][T11774] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1726'.
[  629.016738][ T5870] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  629.172319][T11781] siw: device registration error -23
[  629.203946][ T5870] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  629.215796][ T5870] usb 5-1: config 0 interface 0 has no altsetting 0
[  629.293776][ T5870] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  629.305940][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.314159][ T5870] usb 5-1: Product: syz
[  629.320354][ T5870] usb 5-1: Manufacturer: syz
[  629.327409][ T5870] usb 5-1: SerialNumber: syz
[  629.401126][ T5870] usb 5-1: config 0 descriptor??
[  629.433134][ T5870] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  629.489496][ T5870] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  629.588553][ T5870] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  629.597840][ T5870] usb 5-1: media controller created
[  629.677290][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  629.955694][ T5870] DVB: Unable to find symbol tda10046_attach()
[  629.962130][ T5870] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  629.971248][ T5870] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  630.793119][T11808] netlink: 'syz.7.1740': attribute type 14 has an invalid length.
[  631.070088][T11812] siw: device registration error -23
[  631.292423][ T5870] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  631.374608][ T5870] usb 5-1: USB disconnect, device number 12
[  632.218167][T11826] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1747'.
[  632.293391][T11823] tipc: Started in network mode
[  632.299590][T11823] tipc: Node identity ac1414aa, cluster identity 4711
[  632.307335][T11823] tipc: New replicast peer: 127.0.0.1
[  632.313828][T11823] tipc: Enabled bearer <udp:syz2>, priority 10
[  632.729118][T11835] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  632.735872][T11835] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  632.744280][T11835] vhci_hcd vhci_hcd.0: Device attached
[  632.783291][T11835] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  632.824398][T11835] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(8)
[  632.831344][T11835] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  632.839715][T11835] vhci_hcd vhci_hcd.0: Device attached
[  632.899682][T11844] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(11)
[  632.906610][T11844] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  632.915615][T11844] vhci_hcd vhci_hcd.0: Device attached
[  632.936015][ T6140] vhci_hcd: vhci_device speed not set
[  632.958197][T11835] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(10)
[  632.965034][T11835] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  632.973409][T11835] vhci_hcd vhci_hcd.0: Device attached
[  633.015934][ T6140] usb 41-1: new full-speed USB device number 4 using vhci_hcd
[  633.029031][T11844] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  633.050115][T11835] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  633.154984][T11847] vhci_hcd: connection closed
[  633.158945][T11845] vhci_hcd: connection closed
[  633.159173][T11841] vhci_hcd: connection closed
[  633.170575][T11838] vhci_hcd: connection reset by peer
[  633.176401][ T4117] vhci_hcd: stop threads
[  633.186824][ T4117] vhci_hcd: release socket
[  633.191463][ T4117] vhci_hcd: disconnect device
[  633.217318][T11850] netlink: 'syz.2.1756': attribute type 14 has an invalid length.
[  633.248734][ T4117] vhci_hcd: stop threads
[  633.253168][ T4117] vhci_hcd: release socket
[  633.259118][ T4117] vhci_hcd: disconnect device
[  633.292403][ T4117] vhci_hcd: stop threads
[  633.296984][ T4117] vhci_hcd: release socket
[  633.301796][ T4117] vhci_hcd: disconnect device
[  633.348641][ T4117] vhci_hcd: stop threads
[  633.353070][ T4117] vhci_hcd: release socket
[  633.358053][ T4117] vhci_hcd: disconnect device
[  633.426624][ T5866] tipc: Node number set to 2886997162
[  633.587434][T11860] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1758'.
[  633.644236][T11860] team0: No ports can be present during mode change
[  633.664063][T11863] netlink: 'syz.7.1770': attribute type 14 has an invalid length.
[  633.683658][T11860] netlink: 'syz.5.1758': attribute type 10 has an invalid length.
[  633.716242][T11860] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1758'.
[  633.741422][T11860] tipc: Disabling bearer <eth:team0>
[  633.773121][T11860] team0 (unregistering): left promiscuous mode
[  633.781292][T11860] bond0: left promiscuous mode
[  633.797973][T11860] team0 (unregistering): Port device bond0 removed
[  634.194334][T11871] bond0: (slave syz_tun): Releasing backup interface
[  634.217691][T11871] syz_tun: left promiscuous mode
[  634.253734][T11871] bond2: (slave macvlan2): Releasing backup interface
[  634.253763][T11873] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1760'.
[  634.253883][T11873] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1760'.
[  634.363732][T11874] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1760'.
[  634.386724][T11871] bond3: (slave gretap1): Releasing active interface
[  634.475095][T11873] team0: Mode changed to "loadbalance"
[  634.497767][T11874] tipc: Disabling bearer <eth:team0>
[  635.892789][T11896] wlan0 speed is unknown, defaulting to 1000
[  635.947089][T11900] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  636.016132][T11901] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(10)
[  636.022974][T11901] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  636.031573][T11901] vhci_hcd vhci_hcd.0: Device attached
[  636.178753][T11894] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  636.185585][T11894] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  636.194462][T11894] vhci_hcd vhci_hcd.0: Device attached
[  636.311062][T11894] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  636.338140][T11894] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  636.424433][T11905] wlan0 speed is unknown, defaulting to 1000
[  636.562617][T11900] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(9)
[  636.569377][T11900] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  636.578765][T11900] vhci_hcd vhci_hcd.0: Device attached
[  636.611563][T11912] vhci_hcd vhci_hcd.0: pdev(4) rhport(6) sockfd(18)
[  636.618671][T11912] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  636.627095][T11912] vhci_hcd vhci_hcd.0: Device attached
[  636.649174][T11903] vhci_hcd: connection closed
[  636.650289][ T3738] vhci_hcd: stop threads
[  636.653333][T11911] vhci_hcd: connection closed
[  636.655208][ T3738] vhci_hcd: release socket
[  636.655674][ T3738] vhci_hcd: disconnect device
[  636.664892][T11913] vhci_hcd: connection closed
[  636.696191][ T4117] vhci_hcd: stop threads
[  636.706539][ T4117] vhci_hcd: release socket
[  636.711214][ T4117] vhci_hcd: disconnect device
[  636.727544][T11898] vhci_hcd: connection closed
[  636.766230][ T4117] vhci_hcd: stop threads
[  636.777545][ T4117] vhci_hcd: release socket
[  636.782228][ T4117] vhci_hcd: disconnect device
[  636.831418][ T4117] vhci_hcd: stop threads
[  636.837181][ T4117] vhci_hcd: release socket
[  636.841988][ T4117] vhci_hcd: disconnect device
[  638.077960][T11937] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1785'.
[  638.180873][ T6140] vhci_hcd: vhci_device speed not set
[  638.246368][T11942] wlan0 speed is unknown, defaulting to 1000
[  638.471010][T11941] netlink: 'syz.2.1785': attribute type 10 has an invalid length.
[  638.491974][T11944] bond2: (slave gretap1): Releasing active interface
[  638.499874][T11944] gretap1: left allmulticast mode
[  638.520841][T11952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1785'.
[  638.600487][T11946] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1787'.
[  638.610201][T11946] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1787'.
[  638.731132][T11946] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1787'.
[  638.917748][T11956] wlan0 speed is unknown, defaulting to 1000
[  639.242203][T11959] wlan0 speed is unknown, defaulting to 1000
[  640.030290][T11971] sctp: [Deprecated]: syz.6.1793 (pid 11971) Use of int in maxseg socket option.
[  640.030290][T11971] Use struct sctp_assoc_value instead
[  641.263293][T11988] wlan0 speed is unknown, defaulting to 1000
[  641.866663][T11992] wlan0 speed is unknown, defaulting to 1000
[  642.076282][T11995] wlan0 speed is unknown, defaulting to 1000
[  642.704645][T12001] wlan0 speed is unknown, defaulting to 1000
[  643.051788][T12005] wlan0 speed is unknown, defaulting to 1000
[  643.943177][T12021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1810'.
[  644.113738][T12025] netlink: 'syz.2.1810': attribute type 10 has an invalid length.
[  644.167158][T12024] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1809'.
[  644.176786][T12024] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1809'.
[  644.291757][T12024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1809'.
[  644.509194][T12032] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  646.098261][T12059] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  646.932227][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  646.932309][   T30] audit: type=1326 audit(33181.288:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  646.961171][   T30] audit: type=1326 audit(33181.288:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.094216][   T30] audit: type=1326 audit(33181.358:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.118139][   T30] audit: type=1326 audit(33181.358:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.141146][   T30] audit: type=1326 audit(33181.358:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.163139][   T30] audit: type=1326 audit(33181.358:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.185083][   T30] audit: type=1326 audit(33181.358:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.207177][   T30] audit: type=1326 audit(33181.358:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.229779][   T30] audit: type=1326 audit(33181.368:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  647.252205][   T30] audit: type=1326 audit(33181.368:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12068 comm="syz.2.1830" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  648.791886][T12081] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1832'.
[  648.955819][T12084] netlink: 'syz.6.1832': attribute type 10 has an invalid length.
[  649.241751][T12089] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1834'.
[  649.252191][T12089] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1834'.
[  649.351687][T12089] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1834'.
[  651.302245][T12126] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  652.456120][T12147] 8021q: adding VLAN 0 to HW filter on device bond0
[  652.492658][T12147] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  654.700701][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  654.940747][T12180] Bluetooth: MGMT ver 1.23
[  655.436344][T12188] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  656.703917][T12211] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  656.726746][T12208] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1878'.
[  657.637869][T12221] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1883'.
[  657.760972][T12222] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  659.861456][T12230] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  661.187523][T12196] Set syz1 is full, maxelem 65536 reached
[  662.237394][T12249] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  663.785168][T12277] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1902'.
[  663.858099][T12274] tipc: New replicast peer: 127.0.0.1
[  663.865860][T12274] tipc: Enabled bearer <udp:syz2>, priority 10
[  664.967488][T12293] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1908'.
[  665.035040][T12291] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  667.012648][T12332] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1922'.
[  667.086857][T12326] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  668.062137][T12350] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1931'.
[  668.151009][T12348] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  670.025761][ T5870] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  670.192174][ T5870] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  670.202972][ T5870] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  670.212509][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.311301][ T5870] usb 5-1: config 0 descriptor??
[  670.361097][ T5870] pwc: Askey VC010 type 2 USB webcam detected.
[  670.835049][ T5870] pwc: recv_control_msg error -32 req 02 val 2b00
[  670.850156][ T5870] pwc: recv_control_msg error -32 req 02 val 2700
[  670.867190][ T5870] pwc: recv_control_msg error -32 req 02 val 2c00
[  670.893599][ T5870] pwc: recv_control_msg error -32 req 04 val 1000
[  670.936305][ T5870] pwc: recv_control_msg error -32 req 04 val 1300
[  670.944514][ T5870] pwc: recv_control_msg error -32 req 04 val 1400
[  670.953693][ T5870] pwc: recv_control_msg error -32 req 02 val 2000
[  670.963031][ T5870] pwc: recv_control_msg error -32 req 02 val 2100
[  671.023809][ T5870] pwc: recv_control_msg error -32 req 04 val 1500
[  671.040395][ T5870] pwc: recv_control_msg error -32 req 02 val 2500
[  671.049403][ T5870] pwc: recv_control_msg error -32 req 02 val 2400
[  671.063237][ T5870] pwc: recv_control_msg error -32 req 02 val 2600
[  671.078953][ T5870] pwc: recv_control_msg error -32 req 02 val 2900
[  671.111757][ T5870] pwc: recv_control_msg error -32 req 02 val 2800
[  671.166285][ T5870] pwc: recv_control_msg error -32 req 04 val 1100
[  671.196334][ T5870] pwc: recv_control_msg error -71 req 04 val 1200
[  671.220586][ T5870] pwc: Registered as video103.
[  671.228303][ T5870] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input10
[  671.285153][ T5870] usb 5-1: USB disconnect, device number 13
[  672.296592][T12405] netlink: 'syz.4.1950': attribute type 4 has an invalid length.
[  673.213160][T12424] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1965'.
[  673.584327][T12425] siw: device registration error -23
[  673.804249][T12430] wlan0 speed is unknown, defaulting to 1000
[  674.105526][T12434] wlan0 speed is unknown, defaulting to 1000
[  675.319960][   T30] kauditd_printk_skb: 152 callbacks suppressed
[  675.320037][   T30] audit: type=1326 audit(33209.688:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12447 comm="syz.6.1961" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e539 code=0x0
[  676.871878][T12466] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1969'.
[  676.957579][T12463] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1968'.
[  676.967947][T12463] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1968'.
[  677.487109][T12473] wlan0 speed is unknown, defaulting to 1000
[  677.611560][T12479] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1974'.
[  677.680952][T12477] wlan0 speed is unknown, defaulting to 1000
[  678.184418][T12479] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  679.340271][T12509] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1981'.
[  679.768984][T12514] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  682.482122][T12529] wlan0 speed is unknown, defaulting to 1000
[  682.749138][T12530] wlan0 speed is unknown, defaulting to 1000
[  683.527026][T12539] 8021q: adding VLAN 0 to HW filter on device bond0
[  683.672243][T12539] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  686.266121][T12555] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1996'.
[  686.327168][T12552] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1996'.
[  686.351534][T12552] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1996'.
[  686.834734][T12563] wlan0 speed is unknown, defaulting to 1000
[  687.121348][T12567] wlan0 speed is unknown, defaulting to 1000
[  688.192450][T12576] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2004'.
[  689.793265][T12579] wlan0 speed is unknown, defaulting to 1000
[  690.210995][T12597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2011'.
[  690.254193][T12597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2011'.
[  690.277609][T12597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2011'.
[  691.650114][T12612] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2015'.
[  694.401190][   T30] audit: type=1326 audit(33228.728:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12615 comm="syz.6.2018" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  694.424294][   T30] audit: type=1326 audit(33228.738:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12615 comm="syz.6.2018" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf703e539 code=0x7ffc0000
[  694.447729][   T30] audit: type=1326 audit(33228.738:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12615 comm="syz.6.2018" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  694.469912][   T30] audit: type=1326 audit(33228.758:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12615 comm="syz.6.2018" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703e539 code=0x7ffc0000
[  694.492228][   T30] audit: type=1326 audit(33228.758:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12615 comm="syz.6.2018" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  695.077377][T12639] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2024'.
[  695.111874][T12639] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2024'.
[  695.171455][T12639] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2024'.
[  697.273455][T12654] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2028'.
[  697.622757][T12660] IPv6: Can't replace route, no match found
[  697.827538][   T30] audit: type=1326 audit(33232.198:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12659 comm="syz.2.2031" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  697.849579][    C0] vkms_vblank_simulate: vblank timer overrun
[  697.885613][   T30] audit: type=1326 audit(33232.228:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12659 comm="syz.2.2031" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  697.909131][   T30] audit: type=1326 audit(33232.228:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12659 comm="syz.2.2031" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  697.930965][    C0] vkms_vblank_simulate: vblank timer overrun
[  697.937959][   T30] audit: type=1326 audit(33232.228:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12659 comm="syz.2.2031" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  697.960367][   T30] audit: type=1326 audit(33232.228:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12659 comm="syz.2.2031" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  697.982129][    C0] vkms_vblank_simulate: vblank timer overrun
[  698.461667][T12670] wlan0 speed is unknown, defaulting to 1000
[  698.764334][T12673] wlan0 speed is unknown, defaulting to 1000
[  699.338179][ T7816] =====================================================
[  699.347089][ T7816] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xbe8/0x98a0
[  699.356750][ T7816]  n_tty_receive_buf_standard+0xbe8/0x98a0
[  699.362734][ T7816]  n_tty_receive_buf_common+0x1a68/0x2540
[  699.369869][ T7816]  n_tty_receive_buf2+0x4c/0x60
[  699.374837][ T7816]  tty_ldisc_receive_buf+0xc3/0x2c0
[  699.381225][ T7816]  tty_port_default_receive_buf+0xd7/0x1a0
[  699.388237][ T7816]  flush_to_ldisc+0x43b/0xe30
[  699.394511][ T7816]  process_scheduled_works+0xb91/0x1d80
[  699.401440][ T7816]  worker_thread+0xedf/0x1590
[  699.407550][ T7816]  kthread+0xd59/0xf00
[  699.411754][ T7816]  ret_from_fork+0x1e3/0x310
[  699.417558][ T7816]  ret_from_fork_asm+0x1a/0x30
[  699.422512][ T7816] 
[  699.424905][ T7816] Uninit was created at:
[  699.430433][ T7816]  __kmalloc_noprof+0x95f/0x1310
[  699.436671][ T7816]  __tty_buffer_request_room+0x3d4/0x7a0
[  699.444585][ T7816]  __tty_insert_flip_string_flags+0x157/0x6f0
[  699.452472][ T7816]  uart_insert_char+0x368/0x930
[  699.458628][ T7816]  serial8250_read_char+0x1ba/0x670
[  699.464009][ T7816]  serial8250_handle_irq+0x930/0x1110
[  699.470529][ T7816]  serial8250_default_handle_irq+0x116/0x330
[  699.477648][ T7816]  serial8250_interrupt+0xc8/0x400
[  699.482930][ T7816]  __handle_irq_event_percpu+0x11f/0xbf0
[  699.488804][ T7816]  handle_irq_event+0xe0/0x2a0
[  699.493671][ T7816]  handle_edge_irq+0x2a9/0xb50
[  699.498623][ T7816]  __common_interrupt+0xa2/0x220
[  699.503772][ T7816]  common_interrupt+0x94/0xb0
[  699.509314][ T7816]  asm_common_interrupt+0x2b/0x40
[  699.514514][ T7816] 
[  699.517074][ T7816] CPU: 1 UID: 0 PID: 7816 Comm: kworker/u8:28 Tainted: G        W           6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(none) 
[  699.530827][ T7816] Tainted: [W]=WARN
[  699.534713][ T7816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  699.546060][ T7816] Workqueue: events_unbound flush_to_ldisc
[  699.552231][ T7816] =====================================================
[  699.559684][ T7816] Disabling lock debugging due to kernel taint
[  699.566145][ T7816] Kernel panic - not syncing: kmsan.panic set ...
[  699.572696][ T7816] CPU: 1 UID: 0 PID: 7816 Comm: kworker/u8:28 Tainted: G    B   W           6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(none) 
[  699.586367][ T7816] Tainted: [B]=BAD_PAGE, [W]=WARN
[  699.591491][ T7816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  699.601865][ T7816] Workqueue: events_unbound flush_to_ldisc
[  699.607912][ T7816] Call Trace:
[  699.611289][ T7816]  <TASK>
[  699.614314][ T7816]  __dump_stack+0x26/0x30
[  699.618835][ T7816]  dump_stack_lvl+0x53/0x270
[  699.623608][ T7816]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  699.629615][ T7816]  dump_stack+0x1e/0x25
[  699.633954][ T7816]  vpanic+0x361/0xc50
[  699.638137][ T7816]  panic+0x15d/0x160
[  699.642265][ T7816]  kmsan_report+0x31c/0x320
[  699.646954][ T7816]  ? __msan_warning+0x1b/0x30
[  699.651823][ T7816]  ? n_tty_receive_buf_standard+0xbe8/0x98a0
[  699.657990][ T7816]  ? n_tty_receive_buf_common+0x1a68/0x2540
[  699.664172][ T7816]  ? n_tty_receive_buf2+0x4c/0x60
[  699.669449][ T7816]  ? tty_ldisc_receive_buf+0xc3/0x2c0
[  699.675105][ T7816]  ? tty_port_default_receive_buf+0xd7/0x1a0
[  699.681310][ T7816]  ? flush_to_ldisc+0x43b/0xe30
[  699.686721][ T7816]  ? process_scheduled_works+0xb91/0x1d80
[  699.692761][ T7816]  ? worker_thread+0xedf/0x1590
[  699.697816][ T7816]  ? kthread+0xd59/0xf00
[  699.702300][ T7816]  ? ret_from_fork+0x1e3/0x310
[  699.707213][ T7816]  ? ret_from_fork_asm+0x1a/0x30
[  699.712454][ T7816]  ? ret_from_fork_asm+0x1a/0x30
[  699.717582][ T7816]  ? _raw_spin_lock+0x11/0x60
[  699.722437][ T7816]  ? filter_irq_stacks+0x49/0x190
[  699.727688][ T7816]  ? stack_depot_save_flags+0x35/0x7b0
[  699.733306][ T7816]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  699.739298][ T7816]  ? kmsan_get_metadata+0xfb/0x160
[  699.744588][ T7816]  ? kmsan_get_metadata+0xfb/0x160
[  699.749990][ T7816]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  699.756030][ T7816]  ? kmsan_get_metadata+0xfb/0x160
[  699.761509][ T7816]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  699.767601][ T7816]  ? __update_load_avg_cfs_rq+0xc30/0x1010
[  699.773713][ T7816]  ? kmsan_get_metadata+0xfb/0x160
[  699.779017][ T7816]  __msan_warning+0x1b/0x30
[  699.783611][ T7816]  n_tty_receive_buf_standard+0xbe8/0x98a0
[  699.789552][ T7816]  ? kmsan_get_metadata+0xfb/0x160
[  699.794757][ T7816]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  699.801200][ T7816]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  699.807501][ T7816]  n_tty_receive_buf_common+0x1a68/0x2540
[  699.813369][ T7816]  ? kmsan_get_metadata+0xfb/0x160
[  699.818573][ T7816]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  699.825168][ T7816]  n_tty_receive_buf2+0x4c/0x60
[  699.830133][ T7816]  ? __pfx_n_tty_receive_buf2+0x10/0x10
[  699.835801][ T7816]  tty_ldisc_receive_buf+0xc3/0x2c0
[  699.841223][ T7816]  tty_port_default_receive_buf+0xd7/0x1a0
[  699.847166][ T7816]  flush_to_ldisc+0x43b/0xe30
[  699.851967][ T7816]  ? __pfx_tty_port_default_receive_buf+0x10/0x10
[  699.858519][ T7816]  ? __pfx_flush_to_ldisc+0x10/0x10
[  699.863974][ T7816]  process_scheduled_works+0xb91/0x1d80
[  699.869778][ T7816]  worker_thread+0xedf/0x1590
[  699.874584][ T7816]  kthread+0xd59/0xf00
[  699.878738][ T7816]  ? __pfx_worker_thread+0x10/0x10
[  699.883979][ T7816]  ? __pfx_kthread+0x10/0x10
[  699.888747][ T7816]  ret_from_fork+0x1e3/0x310
[  699.893517][ T7816]  ? __pfx_kthread+0x10/0x10
[  699.898222][ T7816]  ret_from_fork_asm+0x1a/0x30
[  699.903215][ T7816]  </TASK>
[  699.906499][ T7816] Kernel Offset: disabled
[  699.910878][ T7816] Rebooting in 86400 seconds..