last executing test programs:

12.374134472s ago: executing program 3 (id=2116):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$getflags(r0, 0x401)
r1 = socket(0x200000100000011, 0x803, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000080)='M', 0x300, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa890d001}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=@delqdisc={0x50, 0x25, 0x20, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x2, 0xfff2}, {0x2, 0x801c}, {0xffff, 0xffe0}}, [@TCA_STAB={0x2c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe2, 0x2, 0x8, 0x2, 0x3, 0x1000, 0x81, 0x3}}, {0xa, 0x2, [0x81, 0x8, 0x5]}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008051}, 0x4000000)
timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x11}, &(0x7f0000001400))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)
listen(r2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000280)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f00000002c0)={{}, {0x77359400}}, 0x0)
unshare(0x40000000)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x1, 0x2, @thr={&(0x7f0000000180)="4dbf735ecaea8ec662aaae8b2d726c60ba92a9a984032aab8cf30a024d7001965f600f432a19730dd6667cf69cf990bdddb9fe91eb27878904d9c7b25c748658491e90b7ba9d893e7947fad4e2b7a512bed35020c69fc112b9ca579b3d6eb00fd6589c94e0987474bec61365e6242fc197702369dd387a1cbd4a6eb377e66c0425f703844f14c71e3539f1e89619e895bfd90c45cf9e250704cfa81a7c8708785a947aa3661d1fefbfaf0f20", &(0x7f0000000300)="6534865af02f32c8f334cd48dd95277aa9acecd14fc0bbf0f31abeec3b3ed9ae019a8cf942fc47d8b9bd1ee8586fde4f239a9738fc2af374feda57794e266d9dc4ac40eb0c1e7a50026c3c4a34ec00bc24aa837d1ee820304779590a7ac26b8408f97def59898a85"}}, &(0x7f0000000240))
r7 = gettid()
rt_sigqueueinfo(r7, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5)
timer_create(0x0, &(0x7f0000000540)={0x0, 0x400026, 0x0, @thr={&(0x7f00000003c0)="98bff2d146444978d4045621c900480d71653171caaef587b79cc4b3e974583ae70ed1ee24ba9e418afe9e493049bf23ac76092c20f583269049aea5818643b4a2fcdd9f61e47ce658dcef3cd3a54f267a1d2583bb6ae82d5f87f3509b2cbd0d25a698527968e4884a09d2b1cd914c34397c23e562f50eaf8f60bc19384b64c2dab4d30ebec3ea96ca9aa4f57ef54bc3af4f2b", &(0x7f0000000480)="d2db91fc1732f065418d80501575dbe76d4253b28df57e8ca3a4a1ae9faa444db8714e73b42f573cce3b"}}, &(0x7f0000000380)=<r9=>0x0)
clock_gettime(0x0, &(0x7f00000005c0)={<r10=>0x0, <r11=>0x0})
timer_settime(r9, 0x0, &(0x7f0000000080)={{0x77359400}, {r10, r11+60000000}}, &(0x7f0000000600))

10.635902673s ago: executing program 3 (id=2122):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x13, 0x804, 0x5, 0x5, 0xc0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}]}}}, @IFLA_PROMISCUITY={0x8}]}, 0x48}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}]}}}]}, 0x50}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}]}, 0x50}}, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x10, 0xffffffffffffffff, 0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="201000000003fd42facbc57d07010300000000000000000000000009000100fde5c122671b515e"], 0x20}}, 0x0)
r7 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r7, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x0, r7})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f0000000180)={0x0, r7})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x20000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
socket(0x1a, 0x80000, 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000140)=0x632f, 0x4)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000880)={'vxcan0\x00'})

10.036598122s ago: executing program 3 (id=2126):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
linkat(r3, &(0x7f0000000180)='./file1\x00', r3, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(r3, &(0x7f0000000080)='./file3\x00', 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455cb, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x0, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$inet6(r7, &(0x7f00000000c0), 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00001009040000022a3e740009058b"], 0x0)

7.343380113s ago: executing program 3 (id=2127):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000013c0)={0x0, 0x80020000, 0x2, {0x5, @raw_data="439e73c82bad769c1516d4c77a5c5885be9b70b538ec45e7ba36827b0dcf53cc22c46c7ddae950c8f87629ac052d399516111996f2d568d4314f1a6a19db3bdb291cb1a830152d32b2ad880e24ae29ce49a0ba071236284d59f28276b7b6325b4fb369c2aab53751ce9ef9dea4663ae9ce4c521f2918fad161726fe27dd15cc6520d466d80c07cd248fcf58332bf0ee0e5061d4377b24a0c253e86d27c5edcd2ae36ce31344898571a1a4f7f4af1de4747103ee0bb34830f53b67d1578af4dab6f19403d8c88fd8e"}})
syz_emit_vhci(0x0, 0x10)
syz_emit_vhci(0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
shutdown(0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QBUF(r1, 0xc058565d, &(0x7f0000000200)=@multiplanar_userptr={0x0, 0x5, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "162bb54e"}, 0x0, 0x2, {&(0x7f0000000380)=[{0x0, 0x0, {0x0}}, {0x0, 0x0, {0x0}}]}, 0x10001})
r2 = syz_io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x1066, 0x0, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
semop(0x0, &(0x7f0000000100)=[{}, {0x2, 0x8}, {0x2}], 0x3)
semop(0x0, &(0x7f0000000280)=[{0x4}, {0x2, 0x8400, 0x1000}], 0x2)

6.688801258s ago: executing program 4 (id=2132):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$getflags(r0, 0x401)
r1 = socket(0x200000100000011, 0x803, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000080)='M', 0x300, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa890d001}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=@delqdisc={0x50, 0x25, 0x20, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x2, 0xfff2}, {0x2, 0x801c}, {0xffff, 0xffe0}}, [@TCA_STAB={0x2c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe2, 0x2, 0x8, 0x2, 0x3, 0x1000, 0x81, 0x3}}, {0xa, 0x2, [0x81, 0x8, 0x5]}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008051}, 0x4000000)
timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x11}, &(0x7f0000001400))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)
listen(r2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000280)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f00000002c0)={{}, {0x77359400}}, 0x0)
unshare(0x40000000)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x1, 0x2, @thr={&(0x7f0000000180)="4dbf735ecaea8ec662aaae8b2d726c60ba92a9a984032aab8cf30a024d7001965f600f432a19730dd6667cf69cf990bdddb9fe91eb27878904d9c7b25c748658491e90b7ba9d893e7947fad4e2b7a512bed35020c69fc112b9ca579b3d6eb00fd6589c94e0987474bec61365e6242fc197702369dd387a1cbd4a6eb377e66c0425f703844f14c71e3539f1e89619e895bfd90c45cf9e250704cfa81a7c8708785a947aa3661d1fefbfaf0f20", &(0x7f0000000300)="6534865af02f32c8f334cd48dd95277aa9acecd14fc0bbf0f31abeec3b3ed9ae019a8cf942fc47d8b9bd1ee8586fde4f239a9738fc2af374feda57794e266d9dc4ac40eb0c1e7a50026c3c4a34ec00bc24aa837d1ee820304779590a7ac26b8408f97def59898a85"}}, &(0x7f0000000240))
r7 = gettid()
rt_sigqueueinfo(r7, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5)
timer_create(0x0, &(0x7f0000000540)={0x0, 0x400026, 0x0, @thr={&(0x7f00000003c0)="98bff2d146444978d4045621c900480d71653171caaef587b79cc4b3e974583ae70ed1ee24ba9e418afe9e493049bf23ac76092c20f583269049aea5818643b4a2fcdd9f61e47ce658dcef3cd3a54f267a1d2583bb6ae82d5f87f3509b2cbd0d25a698527968e4884a09d2b1cd914c34397c23e562f50eaf8f60bc19384b64c2dab4d30ebec3ea96ca9aa4f57ef54bc3af4f2b", &(0x7f0000000480)="d2db91fc1732f065418d80501575dbe76d4253b28df57e8ca3a4a1ae9faa444db8714e73b42f573cce3b"}}, &(0x7f0000000380)=<r9=>0x0)
clock_gettime(0x0, &(0x7f00000005c0)={<r10=>0x0, <r11=>0x0})
timer_settime(r9, 0x0, &(0x7f0000000080)={{0x77359400}, {r10, r11+60000000}}, &(0x7f0000000600))

6.082007268s ago: executing program 2 (id=2133):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x800448d2, &(0x7f0000000000))
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[], 0x33fe0}}, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000080)=0x8, 0x4)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000600)={0x58, 0x0, 0x0, 0x0, 0x0, {}, [{{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}]}}]}, 0x58}}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000680)={<r6=>0x0})
socket$inet6_icmp(0xa, 0x2, 0x3a)
fremovexattr(r5, &(0x7f00000002c0)=@known='user.incfs.metadata\x00')
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r4, 0xc0182101, &(0x7f0000000200)={r6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000180)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000240)={r7, 0x0, r4, 0x6})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r4, 0xc0182101, &(0x7f0000000280)={r7})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000080))

5.832132837s ago: executing program 1 (id=2134):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$getflags(r0, 0x401)
r1 = socket(0x200000100000011, 0x803, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000080)='M', 0x300, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa890d001}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=@delqdisc={0x50, 0x25, 0x20, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x2, 0xfff2}, {0x2, 0x801c}, {0xffff, 0xffe0}}, [@TCA_STAB={0x2c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe2, 0x2, 0x8, 0x2, 0x3, 0x1000, 0x81, 0x3}}, {0xa, 0x2, [0x81, 0x8, 0x5]}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008051}, 0x4000000)
timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x11}, &(0x7f0000001400))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)
timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000280)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f00000002c0)={{}, {0x77359400}}, 0x0)
unshare(0x40000000)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x1, 0x2, @thr={&(0x7f0000000180)="4dbf735ecaea8ec662aaae8b2d726c60ba92a9a984032aab8cf30a024d7001965f600f432a19730dd6667cf69cf990bdddb9fe91eb27878904d9c7b25c748658491e90b7ba9d893e7947fad4e2b7a512bed35020c69fc112b9ca579b3d6eb00fd6589c94e0987474bec61365e6242fc197702369dd387a1cbd4a6eb377e66c0425f703844f14c71e3539f1e89619e895bfd90c45cf9e250704cfa81a7c8708785a947aa3661d1fefbfaf0f20", &(0x7f0000000300)="6534865af02f32c8f334cd48dd95277aa9acecd14fc0bbf0f31abeec3b3ed9ae019a8cf942fc47d8b9bd1ee8586fde4f239a9738fc2af374feda57794e266d9dc4ac40eb0c1e7a50026c3c4a34ec00bc24aa837d1ee820304779590a7ac26b8408f97def59898a85"}}, &(0x7f0000000240))
r8 = gettid()
rt_sigqueueinfo(r8, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
r9 = getpid()
sched_setscheduler(r9, 0x1, &(0x7f0000000100)=0x5)
timer_create(0x0, &(0x7f0000000540)={0x0, 0x400026, 0x0, @thr={&(0x7f00000003c0)="98bff2d146444978d4045621c900480d71653171caaef587b79cc4b3e974583ae70ed1ee24ba9e418afe9e493049bf23ac76092c20f583269049aea5818643b4a2fcdd9f61e47ce658dcef3cd3a54f267a1d2583bb6ae82d5f87f3509b2cbd0d25a698527968e4884a09d2b1cd914c34397c23e562f50eaf8f60bc19384b64c2dab4d30ebec3ea96ca9aa4f57ef54bc3af4f2b", &(0x7f0000000480)="d2db91fc1732f065418d80501575dbe76d4253b28df57e8ca3a4a1ae9faa444db8714e73b42f573cce3b"}}, &(0x7f0000000380)=<r10=>0x0)
clock_gettime(0x0, &(0x7f00000005c0)={<r11=>0x0, <r12=>0x0})
timer_settime(r10, 0x0, &(0x7f0000000080)={{0x77359400}, {r11, r12+60000000}}, &(0x7f0000000600))

5.628854191s ago: executing program 4 (id=2136):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000d000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400f12ee3af02000000f0ff7fff0000000008001900", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x54, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20000000, {0x2, 0x1f, 0x4, 0x1}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @device_a, @broadcast, @random="c69763e644ef", {0x5, 0x3f}, @value=@ver_80211n={0x0, 0x80, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}, @tdls_setup_cfm={0xc, 0x2, {0x2c, 0x3}}}, 0x21)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_group_source_req(r7, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110400001013292c1242fa79"], 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'erspan0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @hdata="ad65c8435d8a74855146175c4823057931ddd8de52215a0cba4b92c305c136df3a767ec61275c88bbeee48cc3ad39e98881843ed", {}, @esp_ip4_spec={@multicast1, @dev}, {0x0, @local}}}})
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000640)={{0xa, 0x4e22, 0xffff, @private1, 0x2}, {0xa, 0x4e23, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1}, 0xffffffffffffffff, {[0x8000, 0x4, 0xfff, 0x4, 0x1000, 0x1000, 0x0, 0x3ff]}}, 0x5c)

5.597407034s ago: executing program 3 (id=2137):
socket$nl_route(0x10, 0x3, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
close(r0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3b00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r1, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r1, 0x1)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3, &(0x7f0000000d40), 0x9, 0x61d, &(0x7f0000000700)="$eJzs3U1rXFUfAPD/nbwnz/MkDQ9qXWhAtAVt0qStFBG0CK5KqS8LwY1jk5ba6QtNRFMrTaFuBHHjQnDlwrrwO2hBcOUXcOHGlVSKSDdK0ZE7uTNOk7nJTMzMtJnfD6Zzzj03c85t5p9z5s459wbQs6bSfwoRuyPiQhIxWVfWH1nh1Op+t3+7fCJ9JFEuv/JrEpevJCv1r5Vkz2MRkRb8OR7JdxEx2be+3sXlS2eKpdLCxSw/s3T2wszi8qV9p88WTy2cWjg39/Tc4UMHDx2e3V/3UydfbPX4dtWlj157653xD4+9/sVnd5LZL388lsTztbL0uFp97c1MxVSUM/Xb0//Xw9tdWZf01d4n/0jWbljrhTY2iJZUf38DEfFgjEdf3W9zPD54qauNA9qqnEStjwJ6TSL+oUdVxwHVz/bNfQ4ebPOoBOiEW0cinqjF/0BEVOO/f/XcYAxXzg2M3k7uOs+TRMT+bag/reP7b49dSx/RpvNwQGMrV4ey8/Zr+/+kEpsTMVzJjd4u3BX/hew07kSWf3njasbzCqbW5LP6h7ZyLEBrVq5GxEONxv+bx/8b2XO6/c0t1p8T/wAAAAAAAMAW3DgSEU81+v6vUJv/M9hg/s9YRN3qua3b/Pu/ws1tqAZo4NaRiGcbzv8tVHeZ6Mty/63MBxhITp4uLeyPiP9FxN4YGErzs/Uv+lXdT0fEvo8mP82rv37+X/pI66/OBczacbN/zWyg+eJScRsOHXrerasRD/fnz/9J+/+kQf+fxveFJuuYfPz68byyzeMfaJfy5xF7Gvb/SW2fZOPrc8xUxgMz1VHBeo+89/HXefWLf+ietP8f3Tj+h5L66/Ustvb6gxFxYLm/nFe+1fH/YPJqX9StRHy3uLR0cTZiMDm6fvtca22G+8lw87u+HxGVeKjGSxr/ex/b+PxfbfxfF4cj2TW+mvHAX2M/5ZXp/6F70vif37j/n7i7/289MXd94pu8+o831f8frPTpe7Mtzv/BxpoN0G63EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuR4WI+E8khelaulCYno4Yi4j/x2ihdH5x6cmT598+N5+WVe7/X6je6Xd8NZ9U7/8/UZefW5M/EBG7IuKTvpFKfvrE+dJ8tw8eAAAAAAAAAAAAAAAAAAAA7hFjq0/r1v+nfu7ratOATujPnsU79J7+bjcA6BrxD71L/EPvyo//3++UKzraHKCDmu3/y1fa3BCg47Y4/vd1AewAPv9DrxpobrfhdrcD6Ab9PwAAAAAA7Ci7Hr3xQxIRK8+MVB6pways9sXgSLdaB7RTIa9gqLPtADrPHF7oXab+QO9qcvIvsIMltdQfDRf758/+T9rTIAAAAAAAAAAAAABgnT27m1j/D+xIuev/gR1vg/X/jRb2uFwA7CDW/0PvcpkvoDrYz7vTv/X/AAAAAAAAAAAAAHAPGL50plgqLVxcXG46caWVnf994pfIK3quk83YrsRK8Z5oxv2QGIiINUXl8dW37Zli6bXobHuqEdOJugY7WFdOokt/jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHX+DgAA///plSgo")
pipe2(&(0x7f0000000100), 0x0)
syz_emit_ethernet(0x36, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581", @ANYRES64], 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
syz_usb_control_io$hid(r4, 0x0, &(0x7f00000007c0)={0x2c, &(0x7f0000000600)={0x0, 0x0, 0x4, "da156ca3"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, &(0x7f00000002c0)={0x0, 0x0, 0x67, {0x67, 0x0, "730b69a30754d28254cbfeb11600a4bfc0630d70ddfc4a69c61336bf35ded7f20473df329f9c0e696f00ac7ce4c00c60cf5364d5db355cf4e41d0c95c64622d09a67eb68bbbd578935632606662a29b57e4594d6ed9011bef50eb0a9a34c6f964a75cf30d6"}}, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)={0x0, 0x22, 0x9, {[@global=@item_012={0x1, 0x1, 0xb, 'M'}, @global=@item_012={0x0, 0x1, 0x5}, @local=@item_012={0x0, 0x2, 0x8}, @main=@item_012={0x0, 0x0, 0x8}, @local=@item_012={0x0, 0x2, 0x4}, @main=@item_012={0x2, 0x0, 0xe, "b41f"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x0, 0x1, {0x22, 0x2a2}}}}, &(0x7f0000000640)={0x2c, &(0x7f0000000380)={0x20, 0xb, 0xe4, "1a8e21f6d38f4b4324e63d77cd62dac5f380ed3713eecec34868e18b72e7664a02ab91b00fcfed41ac1426877afdb092644e7cd9d45bd606933bf2eb2478df00a7e71fc4a038ee4ee42d4e748a35fc48023fd03b0ebf63380e7c8c2e999f12778ac3dfd996ca8b639d2f1271cce200458911041d2f3cd07164229276cabb60b304fab2b68746c3ed3dd8074bac6f22355208ebca4676bd03d8c213559691aea9f52303a8a3ea6cc9ce1f698372fc2be26896c9e7ab2f4a1dc4f3d6c392912e358f33898af585d4d5d00aa9cbfb76edf2cc0343cdcc51865e8d1bb95175f383b2344e16c7"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0xb2}, &(0x7f00000004c0)={0x0, 0x8, 0x1}, &(0x7f0000000540)={0x20, 0x1, 0x53, "95f519f587187401e70357be97f2533dd8931a96efdfb64a262338ce580da047cb152635a9030623e651edc463d66e1c3c1070a2b5e5cea839d5f4e95afa0a2726355ac33f4522aabf4b40e4af67e377104372"}, &(0x7f00000005c0)={0x20, 0x3, 0x1, 0x8}})
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)

5.494871586s ago: executing program 0 (id=2138):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="003be5f836f43436c3d51a08712c0ded211d63fdfc608cf8b1bd44d5e38c01e801798cd25301a1c7cb31f3285b9cafc5b590c382fb63e3a18aa7a1e84e6da265e9"], 0x1, 0x13f, &(0x7f0000000200)="$eJzszLFLMnEYwPHvvd77+lKaRgYWZEFDR2KeJ7Y1aCQJ2UHh0iTYRYFmJERjBW0N/QEOldAkDtHYUNZiKYT9HUJD0FicJ4gRDc2/DxzH7/s8PAtzDQU3tD9gPp/b2TUKBWN9YkVPxlevrm8GzG4H/vfMrf3bKGyafxlah2DmeydsbGWNmUw+a75bUVCAWL/VVazdPrN5rBbqNGUSqsNW075p4U4blSHm6t77OIcp895g994bsF/0V8qPy/VaIjB9OWbjOOEfH5J6u8840eIjJYfXRsp4uCDWnr8Ea4HnYKXcbNSTS3pSb4Q1bTashlQ10tSf6onIwSnyomMP1r7c+4fXJ6fgSIKiBOX2vHUnOYHq2buec9k9wOu2G6SfJpm0928p7XH/waYgIQiCIAiCIAiCIAi/9BkAAP//OCds6A==")
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
creat(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r6, 0x6, 0x2, 0x0, &(0x7f0000000100)=0x315)
sched_setscheduler(r3, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4b0}}, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, 0x0, 0x0)
shutdown(r1, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed, 0x7ff}, 0xe)
writev(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

5.493947416s ago: executing program 1 (id=2139):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000480)=ANY=[@ANYRES64=r0, @ANYRES32=r0, @ANYBLOB="31134198d14a20163636e132323f7adad30e450e5b7b8bc83ff10b1ecfb053973d15c608061201ef1614239badcd54082e6314a5a2538da4c10889ebd33885bf84612e07584910da0491a8c16d7d41f78e53793a995866bc57227b5135b12d61a97edc392d4f57ccf63e714adf68a9443de5ae1d345d55cb5222cadf72a42147c1d875915594ade9e752b2ae488f39d53063d6fa341f1f275bb1072036d04ee8d2e8d18e8092b6b73fa1f92c8450c56c66c5b77ddfaddbdeac"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
setitimer(0x1, &(0x7f0000000040)={{0x0, 0xea60}, {0x0, 0xea60}}, &(0x7f0000000080))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
creat(&(0x7f0000000100)='./bus\x00', 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0)
r5 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0)
ftruncate(r5, 0x2008002)
sendfile(r4, r5, 0x0, 0x80000001)
creat(&(0x7f0000000480)='./bus\x00', 0x0)
getitimer(0x1, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000300)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00'})

5.256187803s ago: executing program 1 (id=2140):
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04"], 0x47)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x1, 0x1, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000480)=""/255})
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000080), 0xc)
read(r3, &(0x7f00000001c0)=""/149, 0x95)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_TIOCOUTQ(r3, 0x891a, 0x0)
connect$qrtr(r4, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
write$binfmt_script(r4, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000040))
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffd}]})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(r8, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000002c0)=ANY=[@ANYBLOB="000000001465cd3457096f4bb115f8048793d38480846c3122c0b466d94004c843407cd6a025c89cae031dbdb1152e403fe8a5c8b223f1357ec807f306fbb6f65c7c688825694f7f034fb20008bb37", @ANYRES16=r9, @ANYBLOB="01000000000000000000010000000000000007410000001400180000000069623a6e6963766630000000"], 0x30}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0xb1b2350], 0x0, 0x202})
ioctl$KVM_SET_PIT2(r6, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}], 0xfffffffc})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

4.665384032s ago: executing program 4 (id=2141):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8}]}}}]}, 0x3c}}, 0x0)
socket$kcm(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x0, 0x0, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8}]}, 0x34}}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="02"], 0x5)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9"], 0x17)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0x0, 0x2)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000480)=0x14)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYRES16=r0], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x81, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0xa)
syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{0x35, 0x6}, {@none}}}, 0x9)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="f5c78fea75301600"], 0x1b)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
write$tun(0xffffffffffffffff, &(0x7f0000000680)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)
r4 = getpid()
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000b00000900030073797a320000000044000000060a010c00000000000000000100000008000b40000000001c0004801800018008000100636d70000c00028008000140000000000900010073797a3000000000140000001100010000000000000000000000000a"], 0xb8}}, 0x0)
kexec_load(0x0, 0x0, 0x0, 0x0)
r7 = openat$tcp_congestion(0xffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r7, &(0x7f0000000100)='reno\x00', 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)

4.467259055s ago: executing program 2 (id=2142):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$P9_RVERSION(r1, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15)
r3 = dup(r1)
r4 = getuid()
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000400), 0x80, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@posixacl}, {@version_9p2000}, {@version_L}, {@cache_mmap}], [{@euid_gt={'euid>', r4}}, {@permit_directio}]}})
mount$overlay(0x0, &(0x7f0000000540)='./file2\x00', &(0x7f0000000580), 0x809000, &(0x7f0000000700)={[{@index_off}], [{@obj_role={'obj_role', 0x3d, 'trans=fd,'}}]})
setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000740)={0x170, {{0x2, 0x4e20, @broadcast}}}, 0x88)
r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
unlink(&(0x7f0000000380)='./file0/file0\x00')
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000008c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000001100)={0x20, r6, 0x1, 0x0, 0x0, {0x14}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r8, &(0x7f0000000200)='./bus\x00', 0x0)
mount$overlay(0x20000f7a, &(0x7f0000000500)='./bus\x00', &(0x7f0000000240), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]})
mmap$usbfs(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000008, 0x8010, r5, 0x2fdf)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', <r11=>0x0})
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2040048}, 0xc, &(0x7f0000000840)={&(0x7f0000001240)=@newtfilter={0x2aa0, 0x2c, 0x10, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0xf, 0xffe2}, {0xffe0, 0xb}, {0x9, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0xa482}, @TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x6, 0x5, {0x9}}, @filter_kind_options=@f_route={{0xa}, {0x2a40, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r11}, @TCA_ROUTE4_ACT={0x1594, 0x6, [@m_tunnel_key={0x154, 0x15, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast2}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast2}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x1}]}, {0xde, 0x6, "3cf25b51057a4b326c3954542df2bdc9e9bd4f8c5393a94c0aa54f1313fc5c04dec329f1474b71f63fce5c19f7741a64846f62d298b24a1d7c23f4a9d02b48e86d5ccd741bff88849408be4c086b19a58077116d99f486d001d5374bf4a115be62b5cb4393d560f4e291d7ba232680e7b9129bd4660d4a09c022de94ac2af963f4de87f7357144ef807f7ac1d22a5fc26cf7eeb9523adb3f390d55d09035386ee841cca3b77e05aabff5b325cf437339cec7701976185e6e173911e905da810093a92f7ae2218fced0ec38f7bc4607216909e301e5c606de32b2"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_xt={0x264, 0x12, 0x0, 0x0, {{0x7}, {0x148, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x7}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TARG={0x9c, 0x6, {0x8, 'security\x00', 0xce, 0x100, "add3163995c56bb1bbd1802800cba4cb2c90de04c8bebd5e787a6affe310e5c78b7cda71521c964b24496f7abe07830eadfd5c051fc0f65cf72d50151a015f4a7b433597b9b865327ac4162f1a77b348601e58c3019a5d5991674ba59bdfee5d844b55331c12ef50ac11b1ac8e09b18fefbc"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x7}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0xf5, 0x6, "fc3546f524a85d592b394d45bb4f68b045b3d36f9be3c6057f727ee592b96d0c26f32e4e65d2e8f67cc2383151c65c431ff60f0d1fb4f2f1af42530755db8d72eb8793534eaea0f2743fcf09ce80b9530bfc1ffd014aca37f26f37dce8b48e78fdc7a3bd4291467fde3e067381a68f59bfab3df5972cba50d8ea3bb20510b9cce92656cf8ced7269ea7ca5e1be87e2e37e14f12998cdce98f1a1d9ce84db092d04fb68a0f1735d83761b0c61d2d7efa35090b7362b5346478a3465e4b9dd16ce4903d6e2566e6de65b626021a42d9374c28a1ef16150b45310b4856ed495b9ef27a2e2f025e45ca64ea3c71444bb001d58"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x4}}}}, @m_skbmod={0x180, 0x13, 0x0, 0x0, {{0xb}, {0x6c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x80000000, 0x9, 0x6, 0x7, 0x3a1}, 0x8}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x8c60, 0x2, 0x4, 0x11d}, 0xe}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x20}, @TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}]}, {0xeb, 0x6, "306f8f9dac84876e7b460ff9c98fe6c4f860475d3d14140550b82a301d54c8d7e5db3a1cbc436a847ce5ea7e4f0461b1f04560e1b4656baaa285743d79a03f46b6474283f1a613b8cf16ab93b5b491b4d7976eb1002e8cb283315b3380e8966bcc4f9864f67b11ebaf070b0bbeee0639955e1badd1b27512a1c01fde4f9475bd1b7996aed3624832f364d6d7cd96e3fabf767b181d0533d9e07a741fc09ab62fc044050f72e8800692de25ccd9719f1e2e9d4260ed47cf22b1e234af39662ab0ce658f9d6e9c2d4eb11bf933d104ccf33b70626792da7162007652a4da717a0c9ddfd19687c11c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_mpls={0x1058, 0xe, 0x0, 0x0, {{0x9}, {0x2c, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_TC={0x5, 0x6, 0x7}, @TCA_MPLS_PROTO={0x6, 0x4, 0x17}, @TCA_MPLS_BOS={0x5}, @TCA_MPLS_PROTO={0x6, 0x4, 0x11}]}, {0x1004, 0x6, "fc451f7b6e376c00061f2cbea3ac23729cffd1e984417e274081ea57e1ed139566b06f24aa81633a6541393dc400ecf4dc0b07745fdf7a9618d536b932844d024410b09585bfc9046303cb14b81b2548c1aed9aeafec5268a5d1de783eaa606c543dfe3eb1fb07e31354b995e0bd16bf8106c7aec996837ad5ebe628028c8b23ce3b6b2ec9318e2d7cd8a76a5c5afb6bd0825e9d06ae1354dcda203a4d6228d485d993c9a2e51977cd635c9241fdc691364ce845fafe67e9cea265214a8fafdffb6a1257184137315d1a0f10e19c28925e28beca1cfac0f2d2ed5114d8645fb96a81aeecf15c643ac12450e7665b95165ebed502a2cbb740718251671c01fedfd8f0916b88ca3195491196b4d5566f34a8e3ea8f1a5668dc90a4ccb14611276a8195c961d0493adf6f9ebfff6be73dccbf97cec3ed81663e7481fd7da8497dd2df5b5b0cd611cfbff6fa899c25dd27d376828a51d5cc751046e6f4722870eb3cf455638e3f64c3e9d657d10d04f12e92c788bee7d41dc8567b774b35a6cc6c1dcb8dc4b6b5032ce29682bc989d142d4b43ad8affa3864d07c42bac09b38f4e5f42a84ff480006e8ad0f4f7266e2642a349a5992e80d1a65d7cddd54512488fa5b602265ae5182d042b2e90adf16d409113aaa37982c9109cc0fb88ac3d304e438b91f9c3970f3630543a7f2c863b64d50c0f5c1f67fefa440c57ab1103efd7f8deb1ac5778d7421eedb266bab79ed6dcc6911b8e8ac17011b55dec3a1b88e13a750eda9d1e6f318afb61957f8ba90d159c1823e53f65ae25b3f6cb07e300a5e08fe7e7e919ff23820c1ed696a9c65c72b5917d6853c8093fe495e2b2833817231896fdf98941cd7b3073a5981e4ce3873cc53fe7d0be8b046bc1aeb3fa1886954337ac686838582d97b5b50f3593c14828d30223952f9944b7cd3cef1deb16725cf44210be6c8ab00b8f406425d9d7100d1c56ffe1d369135cae6c36d1cf9297e047e34b2a87b5b9b23672b602290711ab7eb1f0f1699302f0115792397c900fcd7ed86dab10f68c756765e507389c1ec5e92f0072ab64120a7575cc8eaf10e9afa0d9fe058076c7a768e9ed0fca810d45c7f7a656e0c010c152d4b149667dd247d9e933d0c1f2cd2bc56ecdd7431a3f6334d8f797de6103774d766ee4ea6378964b051542a3a06f4a03dd32627817049f65e989b5d04095055d85f297a7a6356346fd0533845e52517a4ab808f26cbf070225174ff21e5d1ffc24eba945b6641d05270f300a9dfaa32ac01a9a37e4462c11fb99eace77ccaf95335d59b265a0a484dfd83565ef903f416962cc44be8df4e64517dd347dd197ff0168d51016cb6671ab9563a5bc3f6b2dbb7127ff615a1f9f2fb869f2de3131fd6b18826f46d29f6f3566f31d4b2985acaaf5a767c8d4bc587e7cf4f818bbb7217119745598dec615deb001e0353407029be3f3d052598e49ce5ad0abdef2a47daefc359f6f380f6b21dcbe84e5eb3f51ffc61f8af8907ceb526bfce05eb3c8b371abfe2586a6d15cf87007ce0fb63df679fda948c06f87f26a6c143ce8acc7f614e1223970f5b54bbd6260f7ef2d486b183c906e846cc67ed587c7a39513b03db56540ea2de2cee1a04486807c1abfb57cb095b75a537c40eb6675de3050f06f32a41a4017742d14fb14990e5184eb852cdc24b5241a3221ec32a13ea4d32622f4ed9ae467d623f1e0ce59aab0ad453c9720b5b8985291a5587b54efaa270019e1b589ae94a592cc0897f0c12076e6e70da0ab43b86fa6a193ca958d6203f7c29cc8e0bdda24c8ff683de97fa9234af78696f24b66a6fa1c15c0836af491e373386cb2866833a17194f8e2866590281633b1253db01ab7c15b13465186d5fd96e43943af9ac50f5558fd7bf36dd41a2e9878e49a434c90005d6a1b6be1192bb3c307acb931701061f16fed8a049015b1e324aca347b6bcadf113432108b07f1c1d61a20e40cc45b0b2a549b970c0d81e0b8da95b2a9117a6d83823e884f4673523609bf82ff19e82562e0a154e7a54cea1941c3144b7da179db0e5daa356e27078c484caeb87602f271fb6ff90f54d70dafce007a36fd949092fc07808d0a9692841656b1db558b9b58986f1e94d52c1347bed6ef4c0b68d66f266688ecf0b1a45665310e45cf3857ac82f841da1456125690c9e4bcf0b0d174671665040224c605ba70817cc17a5b279653faa5fbf9fe5606b14e188d2d029fdebc0b7968e942fb6206c10508aec274f30927b0c81a88b8ba10b84561d8dd24df693ae24f68c470dce7d780a626fb05e4a519fe81cc796b7d8fe13c0b9debcc21bcb7ca80dc3ae19c31bdb5721de8aaf97280d47027fe33cec9b9fbdb8971baf86a86c397449ca0ab22f02fced0f16df06329fc2ebe032cda85c67b7e309ee6a6af2c2167069afc3ce8d27fa029779fea8d407ebc2faac09320936b20536b7eec24b12413303d61be70eea7150798d90b03d92c785251abdf8c0bf99f6441f2a68b642d9bc84654ebb05e322d5b2a20001b8ec795537f7691c772a167ee0b81b06d45743c4394ebf4d74756ec0ebdc71f12114957cba6d15143f5ba971702106680f67aa79a0556f0f00b97355da681abe0b369e7e9b35dafad8dbb6f21eb6bddc929672ce1e706b497b304c5686cabccc9fb7f91c7c223a5834247327782f34c93ee3835c5533493d4032b4324dd79e48805ca5bf4075d456733692187df1d0011efd0adee7b826ec8660af13119597a2f37c87670dc1afa4f67c93fc4b79324be84cca75aee7df87dacc7719d578dbf46e82d7c7548d5b671544e3a7f3abbc1fb1858708df5c4f1773d57b62b7db01a8330ceb603f917f76119f011828b1b0793431f9fda986b5b528b15d1c4c722940b73096a85e19828000bcbd39736387daa40ecee9cdfb7b3407fe8b45a6ff6e1b97caa5b49e362fc7f1e34eb8ca1b9de9f9f2beffa5fcd28131f4b46226faa7f8525db96cad1b42dd04c17001bbcdcf824dda42b8c30288ebde34ce3c6ce7e641f934dbd3f3877d0a944a3b5a6dcc3c221cdfd9467cd8c94370003b19d9f19573739da22241b69f5e1ec904845c4bc25fff17ea39eef6954066c3c07e3fcd22627c2a7fb369725a3270dd7e3ce55e8b2b51177213af1a8f2c1d01df02ada9c383ead068910c65c0de9a9b8556d59794a671178f9b766d5077426c65c231a343e52cf88706eb1c48eab7318e137d6661a9156c81352a4943af790d8d102f08b8e318f71cda30772e111ddf95670ab6dd1c02cda1ff5721e710a7fbbe55b3710b5ce290d0c996d62e856bb904c1fd94c2ba2ed9fea98bb91d3db16334c8465bccda7bc177e41962f59340cbeaf88151635e3a2b193ed2fbd747c0269622a3bcce876fc6307aaf2d1fff16f5b3aef488eeba993df81522b3d5f17f030b2736dfbe5e37b25c94b392ec089e1972ac3adf5aa4db1e164377b1c59f18921edfec760acd969d95866ec9f06d1b1db6df35fca9b4f8eff99d23d5bbd562bd330507a12a2ae24a34ef36ea73c45090285732e17302666e2dbdc556a300104fcdd32d74e0140316d6d0104ac4c4add584e3b302a461e237d76ebf1208cf4b66449fa9150954269dd48ff7d9ee3a2c0c0ad88a6153a12fe26dcbc10ffe09dd95f86bdfe6aa4c9fda95f58db389fc548ba2b1007091bde16998b025e6eea25be71cbc9dfe3df5c719393d3a0a302fddb27c5c7af7d4000b75bf216acf181d459ee7376bab911a8ed1d47757557cd8037e6009852b9673953eaffd762b6126fea13a59ae63a385843ef2974c517bc6d5cebbd543d3c8b850f5b2019186131dfd527c99a7e2d7ac01958ac35fb98ec9608893daacbbf957a8d8565989f6b4cfa2ea5922c61b3ea3e9d4c3ed25a0e050209e17a1d243c4470abc90b1c7ff2de4c58caa0149c755e69f09906f7464b4c1ca15d32a1fefd3df2ced50c4c7a58a2b886e54c4b1d565218c61ea40e1194479accaa22afd34405a6c98b184a987060b3c0b0fb8824ee53e719774793181ed99a463ebce02748d1b632e760c62dd2bcc69ba4dd4544455beb6697084cc6ed1a5d4e9fa9923ffa75362494f63877ebaa93d6bc3ab6533daecf8284ff09899e035fddb05f1ed48c894e830d12b993e6524d3c1d3137b91877904650746d4a5b0cce0036337ee711dd25f83e87d50698f2c29099702310fae4479c8d9cc64861954e8e84afeeb0a4012d81bd35dbf36014ff0f6ab36967b42681ed8530686a8f6cac456994dabb4d6d7e0e1eae5a0fa925f532bc64d8090a2fbf967504343b308cbfd3839e4e1a36c3004b64c08203903cc53e8f4c0a129bc697dc274bf8db713a6483e4e89c15a8a5e1086ff0e169defa736e0cfaacc275f22a5a187e76e1d4b579c64634199f5504cac9f5539cfd482fee872361942e28990323aff865626a1d8a1ed9e01d7f9a637f58dd73096d43d1d0b1888a3ae2c53cdf037d8463d75b8e6b547434d0db8d40acf65f311ff97a2becbf546e5d79895676e7e255edf223bbaaf7673d3830c4e69e29d152c2cc2470cb3fcbf00362b67e5eb98c0228881996ddfa66611f90510b9b939e9439b7ca45ff2d01fb6a97d25cfe3ac922bb23c0e04cd500031622defd8a6ced6c931e7cef56cffaf48b04f3a5b16d37836371cc1682e0f0109214948f2f0ac69e2ca57d1061e79d2e0c7b9506dc68f7aabc2af036455e7c3a17c9a816542d41bfdb64287b691a26014a5fffe7332d47324aff6ed0f454d82a2ee906e6ade35524ee79b0111e44666ad09efdcf0563d0ec99d83964d13bc9c560816c2b57e82ffc62ce1512947f6b24fd73c1a3299e0ceb84adb4eeae7ae4385d8ef87c066a1bb81cd4381f4f2c4ffc69bf3f746a243de2493ed314721b7c4495965b4f996e58a883b0aeea474fd4ac817d9ca04d25321e29afd671cf5ae96e3ffdd7fc92e3bfb48a0422ad6d8a251cb45d4f108e1092982dc7cb2a13af8c10dff72110effb4d82c691860e2c6a1637bc2eaa6f33eae14aa6ee2b3aff8cf379db9ce2199defe50c9a0c748eb71c5113218cf8ec2bbca78cd68e3abbaee6978bdeb07cb288999ed3ae2c3fff35a001d5a1cbf039f3d95daa1a6ac0c4b0c2aef0cc97cd7df551db9141f4156413b0c9b0332908c68d12f799602f067ff491d2b47517520e1a6a2452f03a150ea36087d3d80c57f4077f2428d7e40879a67958073aa619a2bb898eee455398384cab7580fad38112c61ee882a9e189b1d59560699bceb3fa4e5f77daef816eb1aba58d0062ce2f5e734956be1afdde3909213fe22c1bd10c092aa83b8b7d81b73347e52450f53ab6f00068139be5929e01d1bf05f8419dec16dd51a291a7f3a7e9780dd99a694d9808c2512b84ea5d30f583974e7871153899054da416db6ee67acb8d06dc920b40d329f21d84a39342891d7d60a38288947fca50d134a0c439d8a0e1f213a11d6aed51bc4a076f1c8cc435a317f880c97aa6e145f0b8875a2794abb73a05b04d7edb2ce53f130e0a984503c15bd4c7b837d143a1143edd4f685791bfef201a1e3e670214e08de0605a5d1f9a9f9d8022bc21492f0f8cf05f6183cc8aa2572a8d5cdff2cbd9edb4348c8d24d5946a01ca2f061b43d70c6a0297f63bf030f8998db95e1f4c11b328e63ffd656afd91cee987369335c98c201062b874463d55edbf0aaa06063ce9405c2022178042a3496141210bc884e7d3f4e1ca41de28c527c5f80044cf9ad164cc65c355bca37fe5a8e6f6517ad4ec23d4a480ca301"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}, @TCA_ROUTE4_ACT={0x1480, 0x6, [@m_police={0x10ac, 0x0, 0x0, 0x0, {{0xb}, {0x103c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x81, 0x80000000, 0x6, 0x3, 0x8, 0x6, 0x1000, 0x8001, 0x2, 0x8, 0x0, 0xfffffff7, 0xffffffff, 0x32b, 0x5, 0x1, 0x0, 0x9, 0x4, 0x7, 0x4, 0x8000, 0x9, 0x8, 0x7f, 0x8, 0x6, 0x80000001, 0x2, 0xffffffff, 0x99, 0x4, 0x2, 0x8, 0x20, 0x9, 0x2, 0x9, 0xffffffff, 0xffffff00, 0x6, 0x8, 0x8, 0x9f2, 0xfff, 0x400, 0x6, 0x96ba0, 0x5, 0x1000, 0x5, 0x1a39, 0x0, 0x200, 0xa0a, 0x6, 0x401, 0x4, 0x94dd, 0x6, 0xc61, 0xfffffff7, 0x83cc, 0x6, 0x8, 0x6, 0x3, 0x6, 0x8000, 0x6, 0x2, 0x5, 0x3, 0x2, 0x7d4, 0x1f00000, 0x984, 0x1, 0x3, 0x1, 0x442b, 0x8, 0xff, 0x80000001, 0x2, 0x200, 0x7, 0x80000001, 0x1, 0x8000, 0x6, 0x7fff, 0x7, 0x7fffffff, 0x0, 0xfff, 0x3, 0x9, 0x8000, 0x1, 0x80000001, 0x6a, 0xa20c, 0xffffffff, 0x4, 0x4, 0x8, 0x4, 0x4, 0x0, 0x300000, 0x1, 0xe3, 0x7, 0x6, 0x0, 0xf8e57c4d, 0x0, 0x9, 0xffff8000, 0x0, 0x1d000000, 0x2, 0x4, 0x4, 0x0, 0x6ffbdb2e, 0x2, 0x1ff, 0x7, 0x5b4, 0x8bf8, 0x854b, 0x6, 0x7f, 0x1, 0x2, 0xc9c7, 0x7, 0x1ff, 0x0, 0x9, 0x3, 0x3f, 0x4, 0x1f, 0x3ff, 0x4, 0x1, 0x0, 0x3, 0xff, 0x8, 0xfff, 0x1, 0x3ff, 0xffff, 0x276, 0x8e, 0x9, 0xeffd, 0x4, 0xffff, 0x7, 0x3, 0xd2, 0x40, 0x80000000, 0xb024, 0x9bbe, 0x5, 0x9, 0x5, 0x3f2, 0x4, 0x1, 0x51, 0x20000, 0xfffffffc, 0x2, 0x9927, 0x0, 0x3f, 0x8001, 0x7fff, 0xffffffff, 0x101, 0x0, 0x1, 0x5, 0x4, 0x2, 0x1, 0x2, 0x8, 0x6, 0xff, 0x9, 0x7, 0x7, 0x0, 0x4, 0xffffffff, 0x7, 0x9, 0x84, 0x9, 0x1, 0xa7, 0x2949, 0x20, 0x0, 0x8, 0x2, 0x2, 0x4, 0x7ff, 0x800, 0x0, 0x8, 0x401, 0x7, 0xc58, 0xffff, 0x8, 0x1, 0x100, 0xff, 0x2, 0x6, 0x200, 0x101, 0x5321, 0xa9, 0x4, 0x6, 0x3, 0x2, 0x7fffffff, 0x7, 0x0, 0x451d, 0x8, 0x7, 0x5, 0xffff, 0x3, 0x4, 0x8, 0x4, 0xbe, 0x8000, 0xfd, 0x5, 0x29e7151f]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x852, 0x1, 0x0, 0xcea, 0x4, 0x81, 0x3ff, 0x0, 0x3, 0xfffffe01, 0x8, 0x0, 0x6, 0x7f, 0x3, 0x649, 0x4, 0xf3, 0x10001, 0x81, 0x4d15, 0x9, 0x100, 0x9c3, 0x9675, 0x1, 0x5, 0x5b6, 0x9, 0x5, 0x7fff, 0x54b, 0x0, 0x363, 0x1, 0x4, 0x5, 0xec, 0x6, 0x27b8, 0xcf, 0x7, 0x6fb, 0x80000001, 0x0, 0x7, 0x9, 0x2, 0x80, 0x3ff, 0x0, 0x5, 0x81, 0x1, 0x9, 0x598, 0x6, 0xdf78, 0x10000, 0x4, 0x3, 0xd9aa, 0x1000, 0x8, 0x707c, 0x0, 0x100, 0x800, 0x5, 0x5, 0x3ff, 0x1, 0x0, 0x0, 0xff, 0x9, 0x1, 0x9, 0x3, 0x600, 0xff, 0x3f, 0xe4c, 0x59, 0x10001, 0xffffff3b, 0x8, 0x0, 0x400, 0x8, 0x4d0, 0xb5, 0x200, 0x4, 0x2, 0xe606, 0x3e4, 0xfffffffb, 0xffffffff, 0x8, 0x3ff, 0x5, 0x0, 0xbf5, 0x1aef, 0x4, 0x7ff, 0x5, 0x5, 0x1, 0x14, 0x0, 0x0, 0x4, 0x6, 0x101, 0x1, 0x0, 0xe1, 0x8, 0x8, 0x7, 0x3, 0xff, 0x3, 0x100, 0x4, 0x8001, 0x10000, 0xb7, 0x3f, 0xa03, 0x2, 0x8, 0x7, 0x7ff, 0x0, 0x5, 0x9, 0xec, 0xfd7, 0x8, 0x3, 0x6, 0xc14, 0x0, 0x8, 0x9, 0x1, 0x5, 0x5, 0x2, 0xfffffffa, 0x1ff, 0x1ff, 0x9, 0x44f, 0x6, 0x7, 0x5, 0x2, 0xffffffff, 0x3, 0x74, 0x371, 0x8, 0x5, 0x8, 0x4, 0x7, 0x9, 0xeb000000, 0x8, 0x7fff, 0x6, 0x4, 0x94a3, 0x6, 0x401, 0x6, 0x7, 0x0, 0x8, 0x1000, 0x2, 0x7fffffff, 0x2, 0x2, 0x2, 0x8, 0x6, 0x3, 0x2, 0x2, 0x80000000, 0x3, 0x5, 0x3f, 0x3, 0xffffff65, 0x9, 0x6, 0x8000, 0x80000000, 0x5, 0xa0, 0x2, 0x6, 0x3, 0x100, 0x7f, 0x0, 0x4, 0x0, 0xffff, 0x0, 0x2, 0x2, 0x5, 0x1ff, 0x4, 0x6, 0x401, 0x20000, 0x1, 0x7, 0x80, 0x0, 0x1f, 0x9, 0x0, 0x0, 0x34cc, 0x9, 0x7, 0x800, 0x9, 0x3, 0x1, 0x1ff, 0x5, 0xfff, 0xfff, 0xfffffffb, 0x6a6, 0x2, 0x8001, 0x7fff, 0xb, 0x6, 0x1f, 0x80000001, 0x4, 0x0, 0xffffffff, 0x1]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x4003}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x4d, 0x3, 0xffffffff, 0x401, 0xf6, 0x86de, 0x9, 0x1, 0x3, 0xf214, 0x7a8, 0x7, 0x943, 0x80, 0x3, 0xb77a, 0x6, 0x7fffffff, 0x2, 0x7, 0x555, 0x10000, 0x7, 0xfffffff9, 0x9, 0xe7f, 0x9, 0x0, 0x6, 0x1, 0x3, 0x1, 0x7fff, 0x8, 0x1, 0x4, 0x9, 0xffffffff, 0x6, 0x7f, 0x5, 0x9, 0x8, 0x3, 0x6, 0x5, 0x6, 0x2, 0x6, 0x6, 0x7ff, 0x7, 0x8, 0x1, 0x200, 0x3, 0xc7, 0x6, 0x80000001, 0x1, 0x1f, 0x1, 0x70, 0x8000, 0x6, 0x6c2, 0x7, 0x9, 0x9, 0x3, 0x4, 0x7, 0x5, 0x5, 0x69a9a7ef, 0x5, 0x0, 0x8, 0x2, 0x2, 0x1, 0x1, 0x6, 0x6, 0xbc24, 0x1, 0x2, 0xfff, 0x3, 0x7, 0x7, 0x3, 0xb502, 0x400, 0x7f, 0x5, 0x6, 0x4, 0x1, 0x3, 0x7f9c, 0x7ff, 0x5f018ef4, 0x6, 0x5, 0x401, 0x2, 0x200, 0x3, 0x7fff, 0x7fffffff, 0x1533cad, 0x4, 0x3f, 0x0, 0x7, 0xffff, 0x0, 0xe30, 0x1, 0x9d7c, 0x8ea1, 0x0, 0x7, 0x7, 0x10000, 0x40, 0x7f, 0x3ff, 0x3, 0x20, 0xf1, 0xff, 0x40, 0x3, 0x20000000, 0xa11, 0x1, 0x1f, 0x0, 0x1, 0x1, 0x0, 0x48e, 0x8000, 0x130, 0x2, 0x5, 0x3f, 0x2, 0x4, 0x101, 0x1, 0x2, 0xfffff800, 0x5, 0xd8, 0x5, 0x3, 0x756, 0x0, 0xff, 0xf0, 0x1, 0x7c6, 0x4, 0x4, 0x6, 0x20, 0x5, 0x1, 0xffff0, 0x4652, 0x80000001, 0x8, 0x7fff, 0x8000, 0x10001, 0x5, 0x6, 0x5, 0x1, 0x20, 0xfe8, 0x10001, 0x61f, 0xffff7095, 0x40, 0xffffff8a, 0x1, 0x0, 0xc23, 0x401, 0x1, 0xfffff801, 0x80, 0x9, 0xffff, 0x6, 0x80000000, 0x1000, 0x0, 0x60d, 0x4, 0x401, 0x6, 0x9, 0x80, 0x3, 0x5, 0x1, 0x4, 0x2, 0x8000, 0x3, 0x80000000, 0x7, 0x835d, 0x6, 0xdb, 0x9, 0x7ff, 0x8, 0x7, 0x6, 0x8, 0x81, 0x10000, 0x4, 0x9, 0x9, 0x7ff, 0x1000, 0x38636188, 0x7f, 0x6, 0xb13d, 0x100, 0x81, 0x8, 0x3, 0x1000, 0x500000, 0x3, 0xbc38dca2, 0x200, 0x5, 0x101, 0x3, 0xe9f, 0x7, 0x2, 0x3, 0xbb7, 0x7ff]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x200}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_RATE={0x404, 0x2, [0xff, 0x7, 0x9686, 0x1, 0x8, 0x8000, 0x8, 0x7f910c62, 0x8, 0x5, 0x0, 0x7, 0x1, 0x1, 0x4, 0x1000, 0x0, 0x7, 0x0, 0x2, 0x5, 0x80000000, 0xffff8000, 0x5, 0x9, 0x8, 0x2cd, 0x6, 0x2ee6, 0x2, 0x6, 0x20, 0x8, 0xff, 0x6, 0x36a, 0x6, 0x4, 0x2, 0xc31, 0x10001, 0x5, 0x2, 0x401, 0x9, 0x1, 0x9, 0x684, 0x3, 0x800, 0x4, 0x9, 0x9, 0x81, 0x9, 0x8, 0x0, 0x0, 0xb439, 0x1, 0x430f, 0xfff, 0x40ea, 0x38e, 0x3f, 0xa3b4, 0x400, 0x3, 0x81, 0x8, 0xfffffff9, 0x10001, 0x0, 0x3ff, 0x6, 0xd205, 0x6f, 0x3f, 0x5, 0x2, 0x2, 0x3, 0x4, 0x7fffffff, 0x0, 0x4, 0xac0, 0x7fff, 0x8, 0xb81, 0x6, 0x2, 0x7d, 0x2, 0x602f, 0x80000001, 0x508, 0x8, 0x9, 0x3, 0x1f, 0x0, 0x8, 0x6, 0x5d, 0x3, 0x80000001, 0x40, 0x8, 0x80, 0x4, 0x4, 0x80000000, 0x7ff, 0x7, 0x80000000, 0x0, 0x68e, 0xd20, 0x56, 0x3, 0x46f6, 0x2, 0x0, 0x7, 0x7, 0x8000, 0x4, 0xeb2, 0x1, 0x8, 0x4, 0x3f, 0x10000, 0x7, 0x0, 0x4, 0x1, 0x100, 0x606, 0x9, 0x9, 0x8, 0x2, 0x4, 0x3f, 0x40000000, 0x9, 0x7, 0x100, 0x8, 0x5, 0x7, 0x0, 0x800, 0x5, 0x3, 0x8, 0xff, 0xab, 0x101, 0x80f4, 0x1, 0x1f, 0x2, 0x80, 0x3, 0x0, 0x5, 0x9c5a, 0x5d, 0x8, 0x7f, 0x2, 0x8, 0x40, 0x4, 0x78dcf587, 0x2, 0x3ed0, 0x7, 0x9, 0xfffff001, 0x4, 0x0, 0x9c, 0x3, 0x5, 0x40000, 0x7, 0xf85, 0x8, 0x2, 0x10001, 0x1, 0xad, 0x7, 0x7, 0x7, 0x80000000, 0x20, 0x40, 0x2, 0x3, 0x400, 0x9, 0x0, 0x4, 0x9, 0x9, 0x8d, 0x80000000, 0x6, 0x0, 0x7, 0x100, 0xffff, 0x6, 0x0, 0x200, 0x1ff, 0x6, 0x4, 0x800, 0x5, 0x3, 0x5, 0xd3, 0x0, 0x4, 0x896, 0x7fff, 0x5, 0x2, 0xe370, 0x80000000, 0x3ff, 0xbf, 0x9eb, 0x8000, 0x44, 0x81, 0x10000, 0x401, 0x8001, 0x2, 0x1000, 0x3a470390, 0x40, 0x41, 0x10001, 0x8074, 0x6, 0x0, 0x1000, 0x6]}]]}, {0x45, 0x6, "abb9be7384a1d77d2a518e64d50dff97922f14bd41e057f9991b367fde72573d59bdd37a50f6c86cc2032781fedf749d981945d0fcb678be4bfa484ea6c9580805"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_police={0xf8, 0x16, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_AVRATE={0x8, 0x4, 0xffff}, @TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x1, 0x1, 0x13, 0x7b, {0x1, 0x1, 0x4, 0x5, 0x6, 0x6}, {0x0, 0x1, 0x4303, 0x3, 0x62, 0x6}, 0x7, 0x8, 0x80}}]]}, {0x88, 0x6, "a3496d612628785447d5b458a27f54e1c9a812395115feab967d70f5d36fc71cf3c2b56debe2af43ad259db9053aeb0ccd6c019347e5450d1c1e0ff15d38ea7a6c33b426d2792f81857898991714a32818310f79aa34e185ed8a5ea4aa761a255f787c2261107974a2f30248e9b6701529062c2d3f0cf4f8a97dab615e7f12316bf0b3cf"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x4, 0x3}}}}, @m_xt={0x5c, 0x1d, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x7fffffff}, @TCA_IPT_INDEX={0x8, 0x3, 0xfe6b}, @TCA_IPT_INDEX={0x8, 0x3, 0x4a}]}, {0x1b, 0x6, "728ba4bbf3e6807d725ce4bdaaadf215b200bef0375029"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_xt={0x160, 0xc, 0x0, 0x0, {{0x7}, {0x11c, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0xd4, 0x6, {0x0, 'security\x00', 0x1b, 0x3, "60b9d7451a304325e1a4c53d01426daa9ae6fcda1082e389132bca692d4d3687e874bb1f5bb175cc8a8eee407a9490034c0c8b8bd99168a33fd60bca872732ae3d28ec9bfade9170a2174956ce9e0d3a39d44ca5e33df204878141256a677e29319df43cbdacf5a1d6f6c9e19d02bb0d5ede82dac7e4ee711364c64b84beef728015218f79943db10b12841bbf363122fe2a6658e354b8f7405701f77cf0c29c1566498a87e6c798f01a"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x80000000}]}, {0x1d, 0x6, "5b987b210227d5602df2660a1b2dd2d4f4359f54ea278e8837"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_csum={0x11c, 0xa, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x5, 0x1, 0x6, 0x647}, 0x5f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7ff, 0xff, 0x3, 0x2, 0x3ff}, 0x17}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x20, 0x5, 0x2, 0x80}, 0x2a}}]}, {0x99, 0x6, "ac12ec1fcf0dcb42c8015688ff8629436e8344d0b6fe5489c021c2522ca699408c8f9eddfca7fc9091d10bf45f7bec25c17b1ac71f27ff5907884d23ca60c517512475eb27c6a46215133f90d53ca440e9f4ef145f764d5f079ff89d0993989c8c5be6a8f5eec7a7c9b8b19ab9dcb7fd2eb29eca1aa25295e096aac056b726a8902320351e5b7233ff08bb3e6b109ec9fa860067cb"}, {0xc}, {0xc, 0x8, {0x1}}}}]}, @TCA_ROUTE4_IIF={0x8, 0x4, r11}, @TCA_ROUTE4_TO={0x8, 0x2, 0x23}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0xb, 0xa}}, @TCA_ROUTE4_FROM={0x8, 0x3, 0xe3}]}}, @TCA_CHAIN={0x8, 0xb, 0xd1}, @TCA_CHAIN={0x8, 0xb, 0x3ff}, @TCA_CHAIN={0x8, 0xb, 0x7a}]}, 0x2aa0}, 0x1, 0x0, 0x0, 0x88811}, 0x4004000)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000600)={'syztnl0\x00', r11, 0x20, 0x7, 0xffffffff, 0x7fff, {{0x34, 0x4, 0x0, 0x1a, 0xd0, 0x68, 0x0, 0x22, 0x4, 0x0, @broadcast, @rand_addr=0x64010102, {[@timestamp={0x44, 0x1c, 0xad, 0x0, 0x1, [0x100, 0x5, 0x4, 0x1, 0x0, 0x69]}, @lsrr={0x83, 0x17, 0xa0, [@dev={0xac, 0x14, 0x14, 0x3c}, @empty, @loopback, @local, @private=0xa010102]}, @timestamp_prespec={0x44, 0x4c, 0xf3, 0x3, 0x0, [{@empty, 0x101}, {@multicast2, 0xcbd}, {@dev={0xac, 0x14, 0x14, 0x15}, 0x3f}, {@rand_addr=0x64010100, 0x9}, {@remote, 0x4}, {@remote, 0x10000}, {@multicast2, 0x1f}, {@empty, 0x4}, {@local, 0xfff}]}, @timestamp_addr={0x44, 0x3c, 0x33, 0x1, 0x7, [{@remote, 0x7}, {@rand_addr=0x64010100, 0x1}, {@multicast2, 0x40}, {@loopback, 0x8}, {@remote, 0x8}, {@empty, 0x2}, {@multicast1, 0x4}]}, @noop]}}}}})
sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x44, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x5d3bf4aa}, @TCA_FQ_CE_THRESHOLD={0x8}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0xffffffff}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x71}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x2}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x2}]}}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'geneve1\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x70, r6, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8004}, 0x4004)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x5, 0x2000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}, 0x64}]}})

4.457706726s ago: executing program 0 (id=2143):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80, &(0x7f0000000140)={[], [], 0x22}, 0x0, 0x4c9, &(0x7f0000001a40)="$eJzs3FtrHFUcAPD/bC5tbGtivfaijVYxeEma9Prgi6LQF0FQpD6uSVpq01aaCG0JNopU8EHpJ/DyIAh+AvHFF1GfFF8VX0Uokpe2PsjI7M6mm+5ukm022dj9/WDbc2bOzDn/OTO7M+cwCaBjDWb/JBFbI+K3iOgvZxcXGCz/d31+dvzG/Ox4Emn66t9Jqdy1+dnxStHKdlvyzFAhovBBErvq1Dt94eKp4tTU5Lk8PzJz+u2R6QsXnz15unhi8sTkmbEjRw7s7zt8aOxgS+LM2nRt57tnd+84+saVl8ePXXnzx6+z9qb5+uo4ygaarKGrZslgDC4+llWeaHLvG922qnTS3caG0JTsrM26q6d0/fdHV9zsvP546f22Ng5YU2mapptqli78ls2l1ZKkvAFwh0hc0tChKj/01+azJ9XZ8drn4Dvb1eej9ASUxX09/5TXdEche4YfKD8b9axR/fdFxLG5fz7NPlF3HAIAoNW6I54p33dUPuXlhXigqtTd+dzQQETcExHbI+Le/P7l/ohS2Qcj4qGqbbI7ytqxpcUGb8nX3v/80req8JaR3f89l89tLb7/K1SKDHTluW2l+HuS4yenJvflx2QoejZl+dHaXX9bSXz34q+fNKp/sOr+L/tk9VfuBfN2/NV9y0GcKM4UVxt3xdX3SkN6l2rjTxZmArJ+3BERO29j/9kxO/nUV7sbrV8+/o8b77wF80zp5xFPlvt/Lm6JP9Obp+rPT44ePjR2cGRzTE3uG6mcFbV++vnyK3my5jFi+fjXVtb/d9U9/xdmLgeS6vna6ebruPz7hw2faW73/O9NXiule/Nl54szM+dGI3qTudrlYze3PV/sW1Q+i39ob/3rf3vEv5/l2+2KiOwkfjgiHomIPXnbH42IxyJi7xLx//DC4281eoTcCP0/0VT/N5/oOvX9NzUVfzS4wviz/j9QSg3lSyaKM5uXCKl0nFfawJYcRAAAANjg9kTE1kgKw/kY59YoFIaHI7YsjKBMzzx9/Ow7ZybK7wgMRE+hMtLVXzUeOpqPDWf5bKuxqny2fn9p3DhN07SvlB8ePzu1rb2hQ8fb0uD6z/xZ+0oLcKdpah6t0RttwP/S7c+jpy1tB7D+vK8NnavR9T+3zu0A1t+Kf//X6i04oG3qXf+XIq63oSnAOqt3/b/ehnYA68/4H3Qu1z90rCtf3vANAB1oNe/1L5XYfnSJMkn32lTaOFGIpf8KwEBEczv8oxDRmhZ2tTTSvhX06eZoRV1RWLZMdxN/iGF9E4UN0Izs6JQSmyqJxmfvwsl2qZK4uNYtLH09fNHu7ycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDV+i8AAP//R4vb+Q==")
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe0000000000007bae020000c0bd0000000000000000060000000000000000001f00c2"], 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000480)={[{@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x6}}, {@sb}, {@barrier_val={'barrier', 0x3d, 0x6}}, {@user_xattr}]}, 0x6, 0x529, &(0x7f0000000780)="$eJzs3c9vI1cdAPDvOHY3uw04bTmUSmyX/tAugnU2TX9EHEpX/DpVQpR7NiROFMWJV7HTbqIVpH8BCFWAxKWcuCDxByCh/gkIqRLcOHACVZClBySEjMYebxLHDg7reNrk85Em8+a9eL7f58TOezMTTwAX1rWIeCMiJiLixYgoZ/WFbIm9zpJ+34P9+0vpkkSr9dbfk0iyut59Pp49LPXdb0d8Pzket7Gzu75Yq1W3jlbv3lzbWFytrlY35+ZmX51/bf6V+VtD9iQpntT6RES8/o2Pf/qjX33r9d995Z2/LPztxg/StO5k7f36EVEaMvYJWWX7mTyyfX6kvzfFkTxTAACMw1MR8WREPBcRX4pyTMTxYfSlXDIDAAAARqX1tanu9L4FAAAAnE+FiJiKpFDJrvedikKhUulcw/u5uFKo1RvNL6/UtzeX07aI6SgVVtZq1VvZtcLTUUrS7dl2+WD7pZ7tuewa3PfKl9PtdhsAAAAwHrd75v8flzvzfwAAAOCc6X8yfmLseQAAAABnx8X4AAAAcP6Z/wMAAMC59p0330yX1oP9++37ACy/vbO9Xn/75nK1sV7Z2F6qLNW37lZW6/XVWrUyxH8E1Or1uy/H5va9mWax0Zxp7OwubNS3N5sL7ft6L1SfHEOfAAAAgKOeePaDPyURsffVy+0l9VjWVso1M+ATJCn2VNz5Yk6ZACNx6g/5ubZ9NokAY9f7Nx24OMzxgaS3omdgMDloqPD73oqr/zOWMQcAAOTj+ued/4eLqvD/POjfrdEnAozdj/NOAMjN0Mfir51tHsD4ldzmDy68Y+f/e0wOajh2/n+QloMGAACQs6nOai+yc4FTUShUKg9PCyYra7XqrYj4bET8sVy6lG7P5pgvAAAAAAAAAAAAAAAAAAAAAAAAAHwatVpJtAAAAIBzLaLw1yS7/9f18gtTvccHHkv+VW6vI+KdX7z1s3uLzebWbFr/j4f1zZ9n9S/lcQQDAAAALqLSsZrlrx+Uu/P07jweAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEbpwf79pe4yzrgf3Y7LMd0vfjEm2+vJKEXElX8mUTz0uCQiJkYQf+/diHi6X/wkTSumsyx64xci4nLO8R8fQXy4yD64HRFv9Hv9FeJae93/9VfMlkf10e32i7xv/O7738SA97/PDBnjmQ9/MzMw/rsRzxT7v/904ycD4j8/ZPw739vdHdTW+mXE9b5/f5LOqpB9Y3Pj7kxjZ/fm2sbianW1ujk3N/vq/Gvzr8zfmllZq1Wzr31j/OQLv917Ly1c6df/ToDD8bv9nO5k+MNB/X9hyP7/58N7+091iqXj8SNuPN//5/90e93/+U9/J17Mnp60/Xq3vNcpH3b113+4Oii3NP7ygOe/8/Mvtw7iF4/0/8Zw3T/c5/cfJg8A5Kaxs7u+WKtVt8ZQeO7l0e0waRfSgcSYks+70B0zfQLyeb+w1diZzCf6pci379985P10h8OPsp8/n+5RJ8RK5wz9m3J8UwIAAM7EwaA/70wAAAAAAAAAAAAAAAAAAADg4mr////EKT8I8NnTfWJZb8y9fLoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/wYAAP///Q/DaA==")
r1 = socket(0x8, 0x80000, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xe, 0x0, 0x0, 0xfffffffe}})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004070000000800000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4dd4f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd255985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69c584146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8c7049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69239500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181070000005e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8504000000000000004fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3d99e3568c51cd1eab8a26b232ac46bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d89f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290c7536fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef0a96e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246bae0b04bec8e30b6772b8950f32e87beda060f9af2a0ccd4a8eab8e395ee3628eb976b7fff835e6c1bdc4a6e00acd0fe63ba8425b21845db903b38c80148e6aa497dbf0e2baf938d3ecbd433527602d89f10aca419ff54e47354194f75e343d4c75227448530b0d8d59b9f94a3fa0ca9210177926c58ef46dcd09e79c343d35aa954d12f89410c47ac29c881f8a6bda8dd40df0d1e5881338d2c5a01bf1ee6b28169fef18df13c759e767d3442ae6598106496f42b73074bb804e8763915c3e04400ad44e9f3130e904062d204d385c026722a094255db1572d66e7a4917bba2a0f6a1a57482cdb4070de8dd60fd65dacb9ec5003fb1cca05ce1c9f924cc2ec45e8d5adf7c89e3b0b8da35c1aa7fbbee6f839a8f05294a6c02281afb7601252611583408f1"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r8, 0x4)
sendmsg$inet(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="25b096f681cd731c3f3a9badc4e3cf5edeae1f3b5082d7ab3a97c053df68744e7c7e24d0b59997bab4bccff8363b275de3510b0ebe4275d8d2f153395668e3d608e358fc2294263c03f8dc4f8bf194e4fde4600a2dec2f483a914e2fde0cbc344a2b9fc18dd198966045a6d4d4eb8571e8bb69e6724e37fcbaa6e4c64050b47256b9bb17f5c0aa5101e015ecdcb62fec46fc0205512535", 0x97}, {&(0x7f0000000280)="d3a88bea5916e313729a3989393caca70c74cd74e62e524bdd37be131ad827f911027e70ccf679d8e7c0cd3333095f83d6d473db345ded2ac8acaa87503de74c82431758e8e11e3ecb7bce02d6cd65f4eb88cc49ceb9e39f7117eb0f62323dc9b80dea447b0c96a383f14281bb87b09de0a6153ceeaae2b50a2b0f0f41810f379f9c3a1f3938461829d716a4bda86ab11b41f754bc15d71b", 0xfed0}], 0x2}, 0x0)
r9 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r9, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)

4.414198411s ago: executing program 1 (id=2144):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xc, 0x4, 0x8, 0x8, 0x3002, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0xc, &(0x7f00000002c0)=ANY=[@ANYRES64], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000ac0)={0x2c, r3, 0x1, 0x0, 0x80, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "95f4ed09f7d22120"}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
rt_sigqueueinfo(0x0, 0x0, &(0x7f00000009c0)={0x0, 0x0, 0x5})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0xfffffffffffffe59)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7", 0xf)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000180))
sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
read$alg(r6, &(0x7f00000005c0)=""/194, 0xc2)
socket(0x0, 0x8000f, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000001300)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
bind$inet6(r8, &(0x7f0000000080)={0xa, 0x4c26, 0xfffffff8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
listen(r8, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7d1}, 0x1c)
bind$inet6(r9, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r9, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x62)

4.362626017s ago: executing program 2 (id=2145):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000d000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400f12ee3af02000000f0ff7fff0000000008001900", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x54, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20000000, {0x2, 0x1f, 0x4, 0x1}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @device_a, @broadcast, @random="c69763e644ef", {0x5, 0x3f}, @value=@ver_80211n={0x0, 0x80, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}, @tdls_setup_cfm={0xc, 0x2, {0x2c, 0x3}}}, 0x21)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_group_source_req(r8, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
setsockopt$inet_group_source_req(r8, 0x0, 0x2d, &(0x7f0000000300)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04010000000c000000"], 0x9)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110400001013292c1242fa79"], 0x1e)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'erspan0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @hdata="ad65c8435d8a74855146175c4823057931ddd8de52215a0cba4b92c305c136df3a767ec61275c88bbeee48cc3ad39e98881843ed", {}, @esp_ip4_spec={@multicast1, @dev}, {0x0, @local}}}})
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000640)={{0xa, 0x4e22, 0xffff, @private1, 0x2}, {0xa, 0x4e23, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1}, 0xffffffffffffffff, {[0x8000, 0x4, 0xfff, 0x4, 0x1000, 0x1000, 0x0, 0x3ff]}}, 0x5c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r3}, 0x10)

3.583780157s ago: executing program 0 (id=2146):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000080)={0x98f907, 0x1, @name="1d9a1d6db10802ccdae75f4a7ecc77db6733c25f37aeaf5505071c108401fa7d"})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x90)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map, r2, 0x2b, 0x4000, 0xffffffffffffffff, @void, @value}, 0x20)
ioctl$sock_bt_hci(r1, 0x400448e4, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000"], 0x2c}}, 0x0)
bind$bt_hci(r1, &(0x7f0000000040), 0x1e)
r4 = io_uring_setup(0xe7e, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x329})
io_uring_register$IORING_REGISTER_FILES(r4, 0x18, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(&(0x7f0000000540)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000005c0)='befs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r5=>r4}, './file0\x00'})
r6 = openat$incfs(0xffffffffffffffff, &(0x7f0000001800)='.log\x00', 0x0, 0x1)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000001840)={{0x1, 0x1, 0x18, r6, {0x2}}, './file6/file0\x00'})
mount(0x0, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r7 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r7, &(0x7f00000002c0)='./file1\x00', 0xc000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r7, &(0x7f0000000100)='./file1\x00', r7, &(0x7f0000000240)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)

3.497834027s ago: executing program 1 (id=2147):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000013c0)={0x0, 0x80020000, 0x2, {0x5, @raw_data="439e73c82bad769c1516d4c77a5c5885be9b70b538ec45e7ba36827b0dcf53cc22c46c7ddae950c8f87629ac052d399516111996f2d568d4314f1a6a19db3bdb291cb1a830152d32b2ad880e24ae29ce49a0ba071236284d59f28276b7b6325b4fb369c2aab53751ce9ef9dea4663ae9ce4c521f2918fad161726fe27dd15cc6520d466d80c07cd248fcf58332bf0ee0e5061d4377b24a0c253e86d27c5edcd2ae36ce31344898571a1a4f7f4af1de4747103ee0bb34830f53b67d1578af4dab6f19403d8c88fd8e"}})
syz_emit_vhci(0x0, 0x10)
syz_emit_vhci(0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
shutdown(0xffffffffffffffff, 0x0)
ioctl$VIDIOC_QBUF(r1, 0xc058565d, &(0x7f0000000200)=@multiplanar_userptr={0x0, 0x5, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "162bb54e"}, 0x0, 0x2, {&(0x7f0000000380)=[{0x0, 0x0, {0x0}}, {0x0, 0x0, {0x0}}]}, 0x10001})
r2 = syz_io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x1066, 0x0, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
semop(0x0, &(0x7f0000000100)=[{}, {0x2, 0x8}, {0x2}], 0x3)
semop(0x0, &(0x7f0000000280)=[{0x4}, {0x2, 0x8400, 0x1000}], 0x2)

3.460116851s ago: executing program 4 (id=2148):
syz_mount_image$nilfs2(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', 0x1014800, &(0x7f0000002340)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRESDEC, @ANYBLOB="74e77474749ada47befe086cf7bba216879ec1adf408af43f1261ba5f81dc6a4a665c16e66f6d3fdb5e6b994a9b1a17fa159eadb70ccb6901fd2ac240cc40e2487cc124c4d80910e785abf8fdca4e235fe894e237c19c1184320ac08b456a5da6c46aaee7939c3e005558c64f37a8bba9ec5af12ace3853f49b9e09cef811389fabc2bb215ba6944757c89f729dbc0400af013c0b78c0678a98089b69d23798ab43b450edd3a9cd26e4f64966f5d4d3be68f638f97fa826c6e3afa517a8777ba", @ANYRES8=0x0, @ANYRESDEC, @ANYRESOCT=0x0, @ANYRES64, @ANYRESDEC], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = fanotify_init(0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r4, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)}}], 0x1, 0x4000800)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x71, 0x8000000, r5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0700000004070000000000000000e2ff00000000", @ANYRES32=0x0, @ANYRES32], 0x48)
r6 = fanotify_init(0x200, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_aout(r7, &(0x7f00000002c0)=ANY=[], 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r7, 0x0)
fanotify_mark(r6, 0x40, 0x4000102c, r7, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

3.304212889s ago: executing program 0 (id=2149):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$getflags(r0, 0x401)
r1 = socket(0x200000100000011, 0x803, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000080)='M', 0x300, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa890d001}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=@delqdisc={0x50, 0x25, 0x20, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x2, 0xfff2}, {0x2, 0x801c}, {0xffff, 0xffe0}}, [@TCA_STAB={0x2c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe2, 0x2, 0x8, 0x2, 0x3, 0x1000, 0x81, 0x3}}, {0xa, 0x2, [0x81, 0x8, 0x5]}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008051}, 0x4000000)
timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x11}, &(0x7f0000001400))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)
timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=<r5=>0x0)
listen(r2, 0x0)
timer_settime(r5, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000280)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f00000002c0)={{}, {0x77359400}}, 0x0)
unshare(0x40000000)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x1, 0x2, @thr={&(0x7f0000000180)="4dbf735ecaea8ec662aaae8b2d726c60ba92a9a984032aab8cf30a024d7001965f600f432a19730dd6667cf69cf990bdddb9fe91eb27878904d9c7b25c748658491e90b7ba9d893e7947fad4e2b7a512bed35020c69fc112b9ca579b3d6eb00fd6589c94e0987474bec61365e6242fc197702369dd387a1cbd4a6eb377e66c0425f703844f14c71e3539f1e89619e895bfd90c45cf9e250704cfa81a7c8708785a947aa3661d1fefbfaf0f20", &(0x7f0000000300)="6534865af02f32c8f334cd48dd95277aa9acecd14fc0bbf0f31abeec3b3ed9ae019a8cf942fc47d8b9bd1ee8586fde4f239a9738fc2af374feda57794e266d9dc4ac40eb0c1e7a50026c3c4a34ec00bc24aa837d1ee820304779590a7ac26b8408f97def59898a85"}}, &(0x7f0000000240))
r7 = gettid()
rt_sigqueueinfo(r7, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000100)=0x5)
timer_create(0x0, &(0x7f0000000540)={0x0, 0x400026, 0x0, @thr={&(0x7f00000003c0)="98bff2d146444978d4045621c900480d71653171caaef587b79cc4b3e974583ae70ed1ee24ba9e418afe9e493049bf23ac76092c20f583269049aea5818643b4a2fcdd9f61e47ce658dcef3cd3a54f267a1d2583bb6ae82d5f87f3509b2cbd0d25a698527968e4884a09d2b1cd914c34397c23e562f50eaf8f60bc19384b64c2dab4d30ebec3ea96ca9aa4f57ef54bc3af4f2b", &(0x7f0000000480)="d2db91fc1732f065418d80501575dbe76d4253b28df57e8ca3a4a1ae9faa444db8714e73b42f573cce3b"}}, &(0x7f0000000380)=<r9=>0x0)
clock_gettime(0x0, &(0x7f00000005c0)={<r10=>0x0, <r11=>0x0})
timer_settime(r9, 0x0, &(0x7f0000000080)={{0x77359400}, {r10, r11+60000000}}, &(0x7f0000000600))

2.917728573s ago: executing program 0 (id=2150):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x24, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x88H'}]}]}, 0x24}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x0, 0x2, 0x103, 0x63, 0xffffffffffffffff, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x0, 0x6, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x10, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='jbd2_handle_stats\x00', r3}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
accept4(r2, 0x0, 0x0, 0x0)
ioctl$TUNSETLINK(r5, 0x400454cd, 0x118)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x1, 0x1}]}]}, {0x0, [0x2e, 0x30, 0x2e]}}, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
getsockopt$inet_mptcp_buf(r4, 0x11c, 0x3, &(0x7f0000000ec0), &(0x7f0000000f00))
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r8=>0x0})
r9 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r9, &(0x7f0000000380)=[{{&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000580)="a905000000000000000100338bb335529f56ed5c0e5d4da8efbebde700000000e5c064c6", 0x24}], 0x1}}], 0x1, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=@ipv4_newaddr={0x48, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r8}, [@IFA_CACHEINFO={0x14, 0x6, {0x6, 0xfffff918, 0x1000, 0xfffffffe}}, @IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_CACHEINFO={0x14}]}, 0x48}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x9b}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x2, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0)
socket(0x10, 0x803, 0x0)

2.845017262s ago: executing program 2 (id=2151):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x4, 0x590, [0x200001c0, 0x0, 0x0, 0x0, 0x20000530], 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff02000000190000000a00000000156e727000000000000000000000000000626f6e643000000000000000000000007465616d5f736c6176655f310000000062637366300000000000000000000000ffffffffffffffff00ffffff0180c2000000ffffffffff650000e000000050010000880100007374700000000000000000000000000000000000000000000000000000000000480000000000000002000000020000000000ffffffffffffffffffbc00000000000000003b0a000002000900efb5b7059b3fffffdfff00004e234e21040071ac0600ff7f3828030005005b060000f4f200000000000000000000000000000000000000000000000000000000000000001000000000000000d1f9c15dee9e0000ffffffff000000006172707265706c7900000000dc000000000000000000000000000000000000001000000000000e00aaaaaaaaaa0f0000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa1a0000feffffff00000000030000004000000000117465616d3000000000000000000000006772657461703000000000000000000076657468315f746f5f626f6e64000000626f6e6430000000000000000000000052a1927247eaffff470000006a72dd4b319d0000ffffffff0000e8000000500100008801000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000bbfe8000000000000000000000e7ff00aa000000ff00000000ffffffff00000000ffffffffff000000ffffffff00000000093b14044e204e234e214e24000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000010000feffffff0000000072656469726563740000000000000000000000000000000000000000000000000800000000000000fcffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff02000000090000004a00000000020000000000000000000000000000000073797a5f747581000000000000000000626f6e6430000000000000000000000069705f767469300000000000000000009f7f83bddffa0000ffffffffffffffffffffff0000ffffff0000c0000000c00000000801000068656c70657200000000000000000004000000000000000000000000000000002800000000000000010000006674702d32303030300000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000c3331f141f48b36a6e8a93c4f2796fab65c75e2fdab6f98342ae6b68a6b900000500000002000000e90d69705f76746930000000000000000000627269646765300000000000000000006966623000000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa11ff0000ffffffffffffffffffffff00ffffff0000b0000000b0000000e800000071756f7461000000000000000000000000000000000000000000000000000000180000000000000000000000307b0000010000000000000007000000000000006172707265706c790008000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa"]}, 0x5fd)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
socket(0x10, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x3, 0xda7f, 0x10000, 0x3f, 0x202, r0, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000800)=@fragment={0x2b, 0x0, 0x2, 0x1, 0x0, 0x2, 0x66}, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0), 0x10)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f0000d10ffc)=0x3f, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080), 0x3f)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1d, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x50, '\x00', 0x0, @lsm, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f0000000140)=@add_del={0x2, &(0x7f0000000780)='veth1_macvtap\x00'})
connect$vsock_stream(r4, &(0x7f0000000000), 0x10)
connect$vsock_stream(r4, &(0x7f0000000040), 0x10)
syz_emit_ethernet(0x0, 0x0, &(0x7f00000007c0)={0x0, 0x2, [0xf87, 0x0, 0xe77, 0x4e0]})
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x104, 0x4, 0x3f0, 0x0, 0x0, 0x110, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@random="09f9e309f8bb"}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @mac, @rand_addr, @multicast2}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0xa15}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})

2.118926316s ago: executing program 0 (id=2152):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000d000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2400f12ee3af02000000f0ff7fff0000000008001900", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x54, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20000000, {0x2, 0x1f, 0x4, 0x1}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @device_a, @broadcast, @random="c69763e644ef", {0x5, 0x3f}, @value=@ver_80211n={0x0, 0x80, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}, @tdls_setup_cfm={0xc, 0x2, {0x2c, 0x3}}}, 0x21)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_group_source_req(r7, 0x0, 0x2a, &(0x7f0000000040)={0x6, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x5, [{0x0, 0x1}, {0x4}, {0xb, 0x1}, {}, {}]}, @void}, 0x25)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'erspan0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @hdata="ad65c8435d8a74855146175c4823057931ddd8de52215a0cba4b92c305c136df3a767ec61275c88bbeee48cc3ad39e98881843ed", {}, @esp_ip4_spec={@multicast1, @dev}, {0x0, @local}}}})
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000640)={{0xa, 0x4e22, 0xffff, @private1, 0x2}, {0xa, 0x4e23, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1}, 0xffffffffffffffff, {[0x8000, 0x4, 0xfff, 0x4, 0x1000, 0x1000, 0x0, 0x3ff]}}, 0x5c)

2.117886626s ago: executing program 2 (id=2153):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/fscaps', 0x0, 0x0)
fchdir(r0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x5, &(0x7f0000000400)=[{0x6, 0x3, 0x7, 0x7613}, {0x86, 0x2, 0x8, 0x2b52}, {0x5, 0x0, 0x9, 0x3ff}, {0xc0e, 0x3f, 0x55, 0x1f}, {0x0, 0x0, 0x7, 0x2}]})
open_tree(0xffffffffffffff9c, 0x0, 0x89001)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xb7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000))
io_uring_setup(0xfc2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x203, 0x0, 0x0, r2})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x24, &(0x7f0000000000)={0x0, 0x0, 0xd4a4})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r4, 0xffffffffffffffff, 0x2b, 0x0, 0x4000, @void, @value}, 0x10)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
unshare(0x8020400)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
sync_file_range(r5, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000440)={0xa, 0x4e22, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0xfc26)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000002030102000000000000000000000010080001000100000016c798a7a8be429f266aaa9fc26d5d401e00572f6bbf0e38b11b74fb052adbead0994c7e8c6a24cc5be3479fc2117ee54cc3b0a38ad3b7f90b31dfae64b66dd684f56214dcdc8185e581b1c33f5ad671e8ac18454066395c8eec06f484df86911de70a9410dc9f2a63839212062db703bd9a386bb2ca210a712924631d3923da233f43ce65cff9022548853c33ff260bfd4ca4580f8a1c80d4548497e4b492b934d2052345915c29838b78932aa8abe8c36f053711e5dc0b6a0812"], 0x1c}}, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000140)={'wg1\x00', 0x2000})

2.115991136s ago: executing program 1 (id=2154):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r0=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x21}, [@ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0)
fallocate(r1, 0x0, 0x0, 0x1000f4)
r2 = socket$unix(0x1, 0x1, 0x0)
sendfile(r2, r1, 0x0, 0x200)
r3 = socket(0x200000100000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00'})
socketpair(0xb, 0x3, 0x8, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000006c0)={'lo\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000000)={0x11, 0xf7, r7, 0x1, 0x0, 0x6, @broadcast}, 0x14)
sendmmsg$inet(r5, &(0x7f0000000380)=[{{0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x6000}}], 0x300, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'erspan0\x00'})
sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x54, 0x10, 0x1, 0x70bd2b, 0x0, {0x10, 0x0, 0x4c, 0x0, {0x0, 0x8}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0xa, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
sendto$inet6(r3, &(0x7f0000000480)="9feb0531bba20d81dd276d0878e98c1940fcfcebd2508db02abd4e91da37800ff44a73d5048ced3311903fc53a7bd2f6d2708d1e9ddcdff0548d8b9cca2f2c4369b5d3ac6da40871534cca095b5659907c33261fc991b1629328deb8043f4f94dddcb1a3d7a832d2e4015f8c38e8799ad06231e214f00225a3e1547b302626d5a3f535fe88dfe48ad01088e079d468a706e2c61d4a8a582f27db25f8409e44", 0x9f, 0x80, &(0x7f0000000580)={0xa, 0x4e24, 0x401, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a40), r9)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r8, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2426bb000012", @ANYRES16=r10, @ANYBLOB="000f2702254b57b60ca3692d4dbd70080003004632000008000500b5ffda5000680000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x44001)
getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYRES8, @ANYRES16=r10, @ANYRESHEX=r3, @ANYRESHEX, @ANYBLOB="08e33536", @ANYRES32=r11, @ANYBLOB="0299277ebee590392e", @ANYRES32=r7, @ANYBLOB='\b\x00\a\x00', @ANYRES64=r8, @ANYBLOB="140004d85c13782a494f567501cb0a1d00000000000000000000000000000400000000000036768d9b845da0493796808ebf7e58b4488bfc043fa179b59180e7c99e7c654d56ec7c6805e83f4feed498cf405f8858953f295a9326b31fd34f1ceafd014b97243eb8630428ecacdbac6066b025c16979491a9c342f3d36dc821f6f454622c560511449a2e1e1a8859377ea7ac9be9589e7f152b1dd75b83e9853d61423a323d66055"], 0x6c}, 0x1, 0x0, 0x0, 0xa4f32e7fec33999d}, 0x20000080)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000400)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000fc7831581acf9fc9953da9ba03d6cdc1d2607d5fefcf5819ae5dc89de104329159e03c21f64bd17cb2c7bb1045383d47c6c5b02c7e32768011672a9425729f5f1cdec3f7064d92e1220bdf59a08a00ad892254c87da4e4b3cbeec3b397527ae6f771b67e361cdf5e4cfbee162597d590f388e2ae5fe30a9599ac2a8afab35044f469bfddcdb5fae5d6aae406387adf18efc1c3c63fa921", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fcdbdf25210000000c00ff0700000000600000000400ec00"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20044090)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="100025bd7000dbdbdf2505000000300001800800060005000000060005004e20000014000400ff029d04daff00000000000000000001080006000f0000001c000180060001000a000000130005044e20000008000700", @ANYRES32=0x0, @ANYBLOB], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x811)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a0001da68eeef17f8ccdf25f0000", @ANYRES16=r10, @ANYBLOB="00002cbd7000fbdbdf250300000024000180060001000a00000006000100020000000800060010000000080006001200000008000200000000000500050005000000140006800800060015000000060005004e210000080003000800000034000680080006000000000005000200050000000600010002000000050002003d000000080003000a01010106000100000000000800020006000000"], 0xa0}, 0x1, 0x0, 0x0, 0x480}, 0x81)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000080)={'syztnl0\x00', <r12=>0x0, 0x29, 0x9, 0x5, 0x9, 0x48, @local, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x8027, 0x0, 0x7}})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r10, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x9}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r12}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xf8}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xc0d1}, 0x8000)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x78, r10, 0x200, 0x70bd2a, 0xfffffff8, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r0}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x40000000)

2.114040786s ago: executing program 4 (id=2155):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000600)={'syztnl1\x00', 0x0, 0x20, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @loopback}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r2, &(0x7f0000000480)=[{{&(0x7f0000000240)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f0000000140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000290000003e"], 0x30}}], 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0)
mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000580000/0x4000)=nil)
mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r3)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)={0x48, r4, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x4}]}, 0x48}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10003)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, 0x0, &(0x7f0000000140))
getpeername(r2, &(0x7f0000000580)=@isdn, &(0x7f0000000340)=0x80)
preadv(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x400000, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x10)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000440)={0x100000, 0x6000})
openat$nullb(0xffffffffffffff9c, &(0x7f0000001140), 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx2\x00'}, 0x58)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003400)=@ipv4_newroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x80200, 0x0)

1.914286139s ago: executing program 3 (id=2156):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095", @ANYRESDEC], &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
syz_emit_vhci(0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'veth0_to_team\x00', 0x400})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote}, 0x1c)
ioctl$DRM_IOCTL_AGP_INFO(0xffffffffffffffff, 0x80206433, &(0x7f0000000080)=""/12)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e75"], 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x800800, &(0x7f0000000340)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRES16, @ANYRESOCT, @ANYRESOCT], 0x1, 0x1d3, &(0x7f00000024c0)="$eJzKKC4sZmdgYPj7sSaZQYCBgYGFgYGRgYfhAgMjiMmgzsgAAUwQaj2U/wJKz4RKs0HpZqj4fyiouKW9bg0zw5mTnrpay2SZGVo9teXBYqf8wGJyy3uM3CQXszMwM4Qe5WdgqKzKTszJST3BsJChgpOBgeH0CQaW6/bXVJolOB3+yHM4JGk66DAd8fHImtFYwjlJSlOMjS1T4eyZD/Lr2DSOMDxawbyxzjOvsa4wdWpeWl5SVVZV1jwGpo0zGzsbG1dOrItK81vF2JLisqmpk5HJYYuawGZmQ/VJNtoT3rWvepjkwNrj4dd8yljpdSrzJeOFRVKnVlTNnPBFaTaj4XeGOzxlKyQ0NJwkrkhYNJgwHKmzbXBlqLjFysDAkKYQxpikxibWtuXMnBBmfja3BQotySeYQo9yLJ0pYXFAqOrkT0vNtw6JbjO2PXVgO8Nz+DjPmoI+QaPjEgxOCwX/w4KuTGMt01LbBV+KNP5KeK02dspgcLdnWgYLUJYGELkSypNlqLiVnJCQvMJDR1PTKCU5oWGTQkKSW4GhMsPWPZyrBRoYENEGciLDdqhGWHRegzFGwSgYBaNgFIyCUTAKRsEoGAWjYBSMCAAIAAD//10hlcU=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000040)={'wlan0\x00'})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000440)={0x4})
syz_open_dev$dri(0x0, 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSIFNETMASK(r4, 0x891c, &(0x7f0000000000)={'batadv_slave_0\x00', {0x2, 0x4e21, @broadcast}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_setup(0x0, &(0x7f00000004c0))
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000040)={0x18, 0x0, {0x2, @broadcast, 'bond0\x00'}}, 0x1e)
syz_emit_vhci(0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x4, 0xca, &(0x7f0000000500)=""/202, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

1.327492367s ago: executing program 2 (id=2157):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000001bc0)=@framed, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4}, 0xe)
connect$bt_l2cap(r0, &(0x7f00000011c0)={0x1f, 0x0, @any, 0x6}, 0xe)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000180))
r1 = userfaultfd(0x1)
read(r1, 0x0, 0x0)
syz_mount_image$udf(&(0x7f0000000e00), &(0x7f0000000180)='./file0\x00', 0x400007, &(0x7f0000000ec0)={[{@volume={'volume', 0x3d, 0x3f}}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@session}, {@uid_forget}, {@undelete}, {}, {@longad}, {@uid_forget}, {@utf8}]}, 0x1, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1e4047c, &(0x7f0000000ec0)=ANY=[], 0x1, 0x0, &(0x7f0000000000))
fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r3, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
openat(0xffffffffffffffff, &(0x7f0000001180)='./file1\x00', 0x4000, 0x8a)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x200000000000011, 0x2, 0x0)
syz_usb_connect(0x0, 0x35, &(0x7f0000000000)=ANY=[@ANYBLOB="12012200b224ef10402064d862370102030109022300010000000009040000016b2aa800080b3c921e3b2cf0090500000000000000"], 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r7=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r9=>0x0})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000054001ffff7ff00000800000007000000", @ANYRES32=r7, @ANYBLOB="20000100", @ANYRES32=r9, @ANYBLOB="01000000ff"], 0x38}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x49, &(0x7f0000000f80)=""/192, &(0x7f0000000e40)=0xc0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x12)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 4 (id=2158):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket$unix(0x1, 0x2, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x46)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x10}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xbc)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0xb8}}, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaacce3906777428100000086dd600cbb0500302f00fc010000000000000000000000000000fe8000000000000000000000000000aa037800000000600120d200000000ff020000000000000001000000000001050000000000000000000000000000bb1fba6eea96e3bef03ca82b72b7fba9f07a08412d5ee10b07cfbc5a5e32ede4540e9c2acaf1a033caa31a577d3b06920d9551fca02e12b6f008a83b3d910093e5564a9aca390c57e636cd224303cebfb79686df0f1188ae4aae86293c23797a4fe6f5ad9ce80e9005d0c057ff9fd319ce30e88380407e28c49faf8c4f0a5f98fec98acd06a260323e1426e3f0cbf923e9c26405002c4bec29a03f9930e792a8f63e26016dd9d5406eebd9"], 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000800)=ANY=[@ANYBLOB="00020201"], 0x18)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000007c0)=[{{&(0x7f00000002c0)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000300)='Y', 0x1}], 0x1}}], 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$netlink(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000022000106000000001700000009000080f8dcde7030000000"], 0x1c}], 0x1}, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000000)="d2", 0x1}], 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000001c0), 0x4)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)

kernel console output (not intermixed with test programs):

35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11282 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x7ffc0000
[  699.434562][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  699.501739][   T26] audit: type=1326 audit(1729666271.272:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11282 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x7ffc0000
[  699.514263][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  699.531239][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  699.540030][ T3615] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  699.568473][ T3615] cp210x 4-1:0.0: querying part number failed
[  699.603555][ T3615] usb 4-1: cp210x converter now attached to ttyUSB0
[  699.615818][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  699.644881][   T26] audit: type=1326 audit(1729666271.272:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11282 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fc9da28fff9 code=0x7ffc0000
[  699.688944][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  699.710402][ T3616] Bluetooth: hci3: command 0x040f tx timeout
[  699.728750][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  699.765695][ T3621] bridge0: port 2(bridge_slave_1) entered blocking state
[  699.772881][ T3621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  699.779468][ T3615] usb 4-1: USB disconnect, device number 28
[  699.807816][ T3615] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  699.818066][   T26] audit: type=1326 audit(1729666271.272:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11282 comm="syz.0.1603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x7ffc0000
[  699.843946][ T3615] cp210x 4-1:0.0: device disconnected
[  699.900453][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  699.921629][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  699.952945][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  699.988125][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  700.008247][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  700.046109][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  700.074463][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  700.116755][T11240] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  700.210514][T11240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  700.253412][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  700.289256][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  700.309957][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  700.334418][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  700.367201][T11298] loop3: detected capacity change from 0 to 4096
[  700.373886][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  700.474374][T11298] ntfs: volume version 3.1.
[  701.448476][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  701.466292][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  701.529493][T11309] netlink: 'syz.4.1609': attribute type 24 has an invalid length.
[  701.695320][T11240] 8021q: adding VLAN 0 to HW filter on device batadv0
[  701.989458][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  702.001445][T11309] can: request_module (can-proto-3) failed.
[  702.009717][T11308] dccp_close: ABORT with 4968 bytes unread
[  702.040852][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  702.172707][T11240] device veth0_vlan entered promiscuous mode
[  702.226302][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  702.242678][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  702.265200][ T1074] Bluetooth: hci3: command 0x0419 tx timeout
[  702.278465][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  702.286559][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  702.315516][T11319] netlink: 'syz.2.1612': attribute type 17 has an invalid length.
[  702.330962][T11240] device veth1_vlan entered promiscuous mode
[  702.413488][T11240] device veth0_macvtap entered promiscuous mode
[  702.424753][T11240] device veth1_macvtap entered promiscuous mode
[  702.443363][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  702.454721][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.472475][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  702.488212][T11328] usb usb8: usbfs: process 11328 (syz.0.1611) did not claim interface 0 before use
[  702.555763][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.555791][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  702.555808][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.555832][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  702.555847][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.555868][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  702.555883][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.570166][T11240] batman_adv: batadv0: Interface activated: batadv_slave_0
[  702.570668][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  702.571297][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  702.571884][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  702.572485][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  702.573052][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  702.573570][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  702.601830][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  702.602744][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  702.612016][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  702.612041][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.612057][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  702.612072][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.612086][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  702.612101][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.612116][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  702.612131][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.612145][T11240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  702.612160][T11240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  702.617720][T11240] batman_adv: batadv0: Interface activated: batadv_slave_1
[  702.617836][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  702.618481][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  702.634947][T11240] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  702.634988][T11240] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  702.635019][T11240] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  702.635050][T11240] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  703.437731][ T3932] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  703.695516][ T1253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  703.695629][ T1253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  703.728387][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  703.744925][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  703.745036][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  703.749017][ T1253] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  703.789894][T11338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1615'.
[  703.845196][ T3932] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  703.845244][ T3932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  703.934054][ T3932] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  703.934088][ T3932] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  703.934110][ T3932] usb 3-1: Manufacturer: syz
[  703.948554][ T3932] usb 3-1: config 0 descriptor??
[  704.002495][   T26] kauditd_printk_skb: 54 callbacks suppressed
[  704.002511][   T26] audit: type=1326 audit(1729666276.053:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11343 comm="syz.1.1594" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x0
[  704.294550][ T3932] rc_core: IR keymap rc-hauppauge not found
[  704.294571][ T3932] Registered IR keymap rc-empty
[  704.297397][ T3932] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  704.298521][ T3932] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input35
[  704.351743][ T9592] usb 3-1: USB disconnect, device number 25
[  705.145344][T11355] loop4: detected capacity change from 0 to 8
[  705.270462][T11362] loop3: detected capacity change from 0 to 256
[  705.336811][   T26] audit: type=1326 audit(1729666277.380:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.371817][T11355] SQUASHFS error: Failed to read block 0x63a: -5
[  705.378387][T11355] SQUASHFS error: Unable to read metadata cache entry [638]
[  705.392151][T11362] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  705.399343][T11355] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  705.417577][   T26] audit: type=1326 audit(1729666277.410:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.445404][T11366] SQUASHFS error: Unable to read metadata cache entry [638]
[  705.453285][T11366] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  705.481209][   T26] audit: type=1326 audit(1729666277.410:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.530326][   T26] audit: type=1326 audit(1729666277.490:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.560134][   T26] audit: type=1326 audit(1729666277.490:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.609281][T11362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1622'.
[  705.618052][T11355] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  705.630985][   T26] audit: type=1326 audit(1729666277.560:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.674122][T11355] SQUASHFS error: Unable to read metadata cache entry [638]
[  705.691112][T11355] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  705.727502][   T26] audit: type=1326 audit(1729666277.560:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  705.909663][   T26] audit: type=1326 audit(1729666277.560:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  706.014202][   T26] audit: type=1326 audit(1729666277.570:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11354 comm="syz.4.1620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  706.385659][T11371] loop3: detected capacity change from 0 to 2048
[  706.935250][T11371] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  707.028364][T11371] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  707.493890][ T3562] udevd[3562]: inotify_add_watch(7, /dev/loop3, 10) failed: No such file or directory
[  708.587725][T11393] xt_limit: Overflow, try lower: 6/2147483648
[  710.108015][ T3562] udevd[3562]: inotify_add_watch(7, /dev/loop3, 10) failed: No such file or directory
[  711.087216][ T1242] device hsr_slave_0 left promiscuous mode
[  711.142082][ T1242] device hsr_slave_1 left promiscuous mode
[  711.157424][ T1242] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  711.211593][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_0
[  711.253121][ T1242] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  711.264863][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_1
[  711.274409][ T1242] device bridge_slave_1 left promiscuous mode
[  711.295726][ T1242] bridge0: port 2(bridge_slave_1) entered disabled state
[  711.316867][ T1242] device bridge_slave_0 left promiscuous mode
[  711.332451][ T1242] bridge0: port 1(bridge_slave_0) entered disabled state
[  711.357514][ T1242] device veth1_macvtap left promiscuous mode
[  711.382458][   T26] kauditd_printk_skb: 38 callbacks suppressed
[  711.382475][   T26] audit: type=1326 audit(1729666283.419:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11413 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7fc00000
[  711.429877][ T1242] device veth0_macvtap left promiscuous mode
[  711.431869][   T26] audit: type=1326 audit(1729666283.459:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11413 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f8a51d78ff9 code=0x7fc00000
[  711.445078][ T1242] device veth1_vlan left promiscuous mode
[  711.811206][ T1242] team0 (unregistering): Port device team_slave_1 removed
[  711.829358][ T1242] team0 (unregistering): Port device team_slave_0 removed
[  711.844559][ T1242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  711.870986][ T1242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  711.992857][ T1242] bond0 (unregistering): Released all slaves
[  712.688171][   T26] audit: type=1326 audit(1729666284.717:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11413 comm="syz.4.1636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7fc00000
[  712.789920][T11439] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  712.808385][T11421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1636'.
[  716.652746][T11455] loop1: detected capacity change from 0 to 8
[  717.046787][T11472] vivid-004: disconnect
[  717.824307][T11471] vivid-004: reconnect
[  718.984678][ T3644] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  720.767685][ T3644] usb 2-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[  720.776866][ T3644] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.788738][ T3644] usb 2-1: Product: syz
[  720.793743][ T3644] usb 2-1: Manufacturer: syz
[  720.799336][ T3644] usb 2-1: SerialNumber: syz
[  720.834986][ T3644] usb 2-1: config 0 descriptor??
[  720.852356][T11519] raw_sendmsg: syz.4.1667 forgot to set AF_INET. Fix it!
[  720.901888][ T3644] usb 2-1: selecting invalid altsetting 3
[  720.907665][ T3644] comedi comedi0: could not set alternate setting 3 in high speed
[  720.946263][ T3644] usbdux 2-1:0.0: driver 'usbdux' failed to auto-configure device.
[  720.974994][ T3644] usbdux: probe of 2-1:0.0 failed with error -22
[  720.997053][T11522] loop0: detected capacity change from 0 to 128
[  721.032887][ T3644] usb 2-1: USB disconnect, device number 24
[  721.310726][T11530] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1671'.
[  721.551338][   T26] audit: type=1800 audit(1729666293.562:928): pid=11537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1668" name="bus" dev="loop0" ino=1048707 res=0 errno=0
[  723.030730][T11540] netlink: 872 bytes leftover after parsing attributes in process `syz.4.1673'.
[  723.421047][T11547] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1676'.
[  723.436082][T11548] Unsupported ieee802154 address type: 0
[  723.448359][T11547] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1676'.
[  723.482386][T11547] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1676'.
[  723.523365][T11547] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available
[  723.625043][T11552] loop0: detected capacity change from 0 to 2048
[  723.743843][T11552] UDF-fs: bad mount option "dmod{ü�õš²¨Žÿ·<Œe=00000000000000000002004" or missing value
[  724.305110][T11573] bridge0: port 3(gretap0) entered blocking state
[  724.354337][T11573] bridge0: port 3(gretap0) entered disabled state
[  724.366013][T11573] device gretap0 entered promiscuous mode
[  724.372334][T11573] bridge0: port 3(gretap0) entered blocking state
[  724.378837][T11573] bridge0: port 3(gretap0) entered forwarding state
[  724.397074][T11574] device gretap0 left promiscuous mode
[  724.415817][T11574] bridge0: port 3(gretap0) entered disabled state
[  724.739594][T11576] loop1: detected capacity change from 0 to 512
[  724.827399][T11578] bridge0: port 3(team0) entered blocking state
[  724.883833][T11578] bridge0: port 3(team0) entered disabled state
[  724.891620][T11576] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  724.904302][T11578] device team0 entered promiscuous mode
[  724.909903][T11578] device team_slave_0 entered promiscuous mode
[  724.918262][T11578] device team_slave_1 entered promiscuous mode
[  724.925807][T11578] device dummy0 entered promiscuous mode
[  724.934145][T11576] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  724.934554][T11578] bridge0: port 3(team0) entered blocking state
[  724.950846][T11578] bridge0: port 3(team0) entered forwarding state
[  725.155461][  T144] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  725.165745][  T144] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  725.206155][ T4328] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  725.817570][T11587] loop2: detected capacity change from 0 to 64
[  725.955166][ T4328] usb 1-1: Using ep0 maxpacket: 8
[  726.110703][ T4328] usb 1-1: config 1 has an invalid descriptor of length 185, skipping remainder of the config
[  726.131381][ T4328] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  726.374030][ T4328] usb 1-1: New USB device found, idVendor=1d6b, idProduct=00f2, bcdDevice= 0.40
[  726.393340][ T4328] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.405200][ T4328] usb 1-1: Product: syz
[  726.420423][ T4328] usb 1-1: Manufacturer: syz
[  726.442262][ T4328] usb 1-1: SerialNumber: syz
[  726.454790][   T26] audit: type=1326 audit(1729666298.465:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11600 comm="syz.4.1692" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  727.520671][T11580] netlink: 320 bytes leftover after parsing attributes in process `syz.0.1687'.
[  727.602593][T11629] loop1: detected capacity change from 0 to 256
[  728.219302][T11631] loop4: detected capacity change from 0 to 24
[  728.301413][T11631] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  728.348595][ T4328] usb 1-1: 0:2 : does not exist
[  728.383370][T11631] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  731.546915][ T4328] usb 1-1: USB disconnect, device number 19
[  731.758516][ T3562] udevd[3562]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  732.037654][T11647] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1704'.
[  732.318759][T11659] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  732.899288][T11672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1711'.
[  732.959046][T11672] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1711'.
[  733.030354][T11672] device geneve2 entered promiscuous mode
[  733.081289][   T26] audit: type=1326 audit(1729666305.077:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11664 comm="syz.3.1709" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x0
[  733.203436][T11675] program syz.2.1712 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  733.480679][T11682] loop2: detected capacity change from 0 to 1024
[  734.419213][T11688] loop1: detected capacity change from 0 to 128
[  734.597311][T11688] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  734.608956][T11688] ext4 filesystem being mounted at /22/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  734.640862][    C1] vkms_vblank_simulate: vblank timer overrun
[  735.287013][   T26] audit: type=1326 audit(1729666307.284:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11701 comm="syz.1.1719" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x0
[  735.390819][T11707] loop1: detected capacity change from 0 to 256
[  735.448935][T11707] UDF-fs: bad mount option "ÿ" or missing value
[  735.840431][T11713] loop4: detected capacity change from 0 to 512
[  735.986778][T11713] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  736.067219][T11713] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,errors=remount-ro,nombcache,sysvgroups,. Quota mode: writeback.
[  736.114448][T11721] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1726'.
[  736.148542][T11713] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  736.424603][T11725] loop1: detected capacity change from 0 to 32768
[  736.566468][T11725] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.1727 (11725)
[  736.589297][T11725] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  736.598829][T11725] BTRFS info (device loop1): using free space tree
[  736.605814][T11725] BTRFS info (device loop1): has skinny extents
[  737.011430][ T3919] BTRFS warning (device loop1): checksum verify failed on 1052672 wanted 0x3226f9dadc896f8f7b9a0be7c609110345c27f6019125c38f3283b3a68e897a5 found 0xe319098c5852be6aa936b498854dcc8d93e2e528ebcb7a6e4b5988dec46fb60b level 0
[  737.040002][T11714] chnl_net:caif_netlink_parms(): no params data found
[  737.151035][T11725] BTRFS error (device loop1): failed to read chunk root
[  737.185496][T11725] BTRFS error (device loop1): open_ctree failed
[  738.286474][T11754] loop4: detected capacity change from 0 to 131072
[  738.295062][ T4328] Bluetooth: hci4: command 0x0409 tx timeout
[  738.380136][T11754] F2FS-fs (loop4): invalid crc value
[  738.554632][T11754] F2FS-fs (loop4): Found nat_bits in checkpoint
[  738.617406][T11754] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  738.665774][T11714] bridge0: port 1(bridge_slave_0) entered blocking state
[  738.722002][T11714] bridge0: port 1(bridge_slave_0) entered disabled state
[  738.737602][T11714] device bridge_slave_0 entered promiscuous mode
[  738.757429][T11714] bridge0: port 2(bridge_slave_1) entered blocking state
[  738.771007][T11714] bridge0: port 2(bridge_slave_1) entered disabled state
[  738.787667][T11714] device bridge_slave_1 entered promiscuous mode
[  738.992404][T11754] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1730'.
[  739.910459][T11783] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1733'.
[  739.929319][T11714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  739.968865][T11714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  740.058612][T11790] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1737'.
[  740.089815][T11793] fuse: Bad value for 'fd'
[  740.114151][T11714] team0: Port device team_slave_0 added
[  740.134672][T11714] team0: Port device team_slave_1 added
[  740.274009][T11714] batman_adv: batadv0: Adding interface: batadv_slave_0
[  740.297311][T11714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  740.333112][T11613] Bluetooth: hci4: command 0x041b tx timeout
[  740.391013][T11714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  740.434931][T11714] batman_adv: batadv0: Adding interface: batadv_slave_1
[  740.442056][T11714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  740.470574][T11714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  740.566172][T11714] device hsr_slave_0 entered promiscuous mode
[  740.589654][T11714] device hsr_slave_1 entered promiscuous mode
[  740.622938][T11714] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  740.646257][T11714] Cannot create hsr debugfs directory
[  740.773331][ T1242] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  740.811276][T11803] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  740.821129][T11803] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  740.829927][T11803] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  740.838750][T11803] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  740.968788][ T1242] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.177920][ T1242] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.282832][ T1242] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.419398][T11815] netlink: 'syz.0.1744': attribute type 1 has an invalid length.
[  741.465285][T11815] loop0: detected capacity change from 0 to 16
[  741.524449][T11613] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  741.535543][   T26] audit: type=1326 audit(1729666313.527:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11816 comm="syz.4.1745" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  741.605771][T11815] erofs: (device loop0): mounted with root inode @ nid 36.
[  741.828710][T11613] usb 4-1: Using ep0 maxpacket: 32
[  741.953007][T11815] mac80211_hwsim hwsim44 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  741.994991][T11613] usb 4-1: New USB device found, idVendor=06cd, idProduct=0107, bcdDevice=44.fe
[  742.012303][T11613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.054205][T11613] usb 4-1: config 0 descriptor??
[  742.133308][T11613] keyspan 4-1:0.0: Keyspan 1 port adapter converter detected
[  742.199056][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 84
[  742.228452][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[  742.236668][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 82
[  742.245727][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[  742.258514][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[  742.268936][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[  742.277488][T11613] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[  742.303444][T11613] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  742.406869][T11613] Bluetooth: hci4: command 0x040f tx timeout
[  742.472359][T11842] KVM: debugfs: duplicate directory 11842-5
[  742.483405][ T3612] usb 4-1: USB disconnect, device number 29
[  742.531470][   T26] audit: type=1326 audit(1729666314.526:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11840 comm="syz.4.1747" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  742.564327][ T3612] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  742.585007][ T3612] keyspan 4-1:0.0: device disconnected
[  742.792413][T11849] xt_CT: You must specify a L4 protocol and not use inversions on it
[  742.835628][T11714] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  742.875663][T11851] loop1: detected capacity change from 0 to 8
[  742.907262][T11714] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  742.917371][T11714] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  742.949480][T11714] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  742.996000][   T26] audit: type=1326 audit(1729666314.985:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.032095][T11851] SQUASHFS error: Failed to read block 0x63a: -5
[  743.065692][T11851] SQUASHFS error: Unable to read metadata cache entry [638]
[  743.095441][T11851] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  743.120123][   T26] audit: type=1326 audit(1729666315.025:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.172363][T11856] SQUASHFS error: Unable to read metadata cache entry [638]
[  743.185887][T11860] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  743.225942][T11857] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1750'.
[  743.276569][   T26] audit: type=1326 audit(1729666315.275:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.298956][    C1] vkms_vblank_simulate: vblank timer overrun
[  743.323575][T11856] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  743.443732][   T26] audit: type=1326 audit(1729666315.275:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.466077][    C1] vkms_vblank_simulate: vblank timer overrun
[  743.492206][T11851] SQUASHFS error: Unable to read metadata cache entry [638]
[  743.542253][T11851] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  743.566708][T11714] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.666046][   T26] audit: type=1326 audit(1729666315.305:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.741069][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  743.777511][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  743.790489][   T26] audit: type=1326 audit(1729666315.305:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.832941][T11714] 8021q: adding VLAN 0 to HW filter on device team0
[  743.913191][   T26] audit: type=1326 audit(1729666315.305:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  743.988444][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  744.306288][ T3772] wlan0: Trigger new scan to find an IBSS to join
[  744.315508][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  744.382182][ T3621] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.382893][   T26] audit: type=1326 audit(1729666315.305:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11850 comm="syz.1.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  744.389328][ T3621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  744.431796][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  744.458914][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  744.487684][ T3612] Bluetooth: hci4: command 0x0419 tx timeout
[  744.514341][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  744.546320][ T3621] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.553487][ T3621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  744.601554][T11899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  744.601935][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  744.668344][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  744.809983][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  744.867339][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  744.903412][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  744.948166][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  744.958875][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  744.972934][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  744.985920][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  745.050939][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  745.063740][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  745.099804][T11714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  745.469010][ T1242] device hsr_slave_0 left promiscuous mode
[  745.483625][ T1242] device hsr_slave_1 left promiscuous mode
[  745.508431][ T1242] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  745.523988][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_0
[  745.556051][ T1242] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  745.575373][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_1
[  745.603717][ T1242] device team0 left promiscuous mode
[  745.620557][ T1242] device team_slave_0 left promiscuous mode
[  745.651218][ T1242] device team_slave_1 left promiscuous mode
[  745.661046][T11898] loop4: detected capacity change from 0 to 32768
[  745.667785][ T1242] device dummy0 left promiscuous mode
[  745.685173][ T1242] bridge0: port 3(team0) entered disabled state
[  745.707634][ T1242] device bridge_slave_1 left promiscuous mode
[  745.724519][T11898] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1756 (11898)
[  745.751385][ T1242] bridge0: port 2(bridge_slave_1) entered disabled state
[  745.789756][ T1242] device bridge_slave_0 left promiscuous mode
[  745.799471][ T1242] bridge0: port 1(bridge_slave_0) entered disabled state
[  745.803487][T11898] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  745.830098][ T1242] device veth1_macvtap left promiscuous mode
[  745.856907][ T1242] device veth0_macvtap left promiscuous mode
[  745.860334][T11898] BTRFS info (device loop4): using free space tree
[  745.886132][T11898] BTRFS info (device loop4): has skinny extents
[  745.904246][ T1242] device veth1_vlan left promiscuous mode
[  745.929638][ T1242] device veth0_vlan left promiscuous mode
[  746.220694][T11898] BTRFS info (device loop4): enabling ssd optimizations
[  746.324731][T11898] BTRFS error (device loop4): balance: invalid convert metadata profile single
[  747.565661][ T1390] ieee802154 phy0 wpan0: encryption failed: -22
[  748.102223][ T7260] wlan0: Trigger new scan to find an IBSS to join
[  749.011006][ T1242] team0 (unregistering): Port device team_slave_1 removed
[  749.028589][ T1242] team0 (unregistering): Port device team_slave_0 removed
[  749.042710][ T1242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  749.058029][ T1242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  749.104557][ T1242] team0 (unregistering): Port device batadv0 removed
[  749.120543][ T1242] team0 (unregistering): Port device dummy0 removed
[  749.156840][ T1242] bond0 (unregistering): Released all slaves
[  749.335390][ T3772] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  749.347674][ T3772] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  749.411048][T11714] 8021q: adding VLAN 0 to HW filter on device batadv0
[  749.515642][ T7260] wlan0: Creating new IBSS network, BSSID 0e:a6:fa:d8:aa:af
[  749.636382][ T3772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  749.639148][T11960] loop0: detected capacity change from 0 to 8192
[  749.648795][ T3772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  749.665842][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  749.684488][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  749.693156][T11613] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  749.718193][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  749.728398][T11960] REISERFS warning (device loop0): super-6515 reiserfs_parse_options: journaled quota format not specified.
[  749.741568][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  749.779234][T11714] device veth0_vlan entered promiscuous mode
[  749.839531][T11714] device veth1_vlan entered promiscuous mode
[  749.890829][T11954] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  749.914637][T11974] loop1: detected capacity change from 0 to 8
[  749.947348][T11960] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  749.978780][T11960] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
[  750.010620][T11714] device veth0_macvtap entered promiscuous mode
[  750.031871][   T26] kauditd_printk_skb: 25 callbacks suppressed
[  750.031889][   T26] audit: type=1326 audit(1729666322.008:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.033394][T11974] SQUASHFS error: Failed to read block 0x63a: -5
[  750.042844][   T26] audit: type=1326 audit(1729666322.008:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.096253][T11976] loop4: detected capacity change from 0 to 128
[  750.114218][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  750.122374][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  750.143935][T11974] SQUASHFS error: Unable to read metadata cache entry [638]
[  750.154073][T11613] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  750.160787][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  750.173127][T11974] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  750.180815][T11613] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  750.202433][T11977] SQUASHFS error: Unable to read metadata cache entry [638]
[  750.202703][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  750.210207][T11613] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  750.218298][T11977] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  750.233043][   T26] audit: type=1326 audit(1729666322.218:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.252058][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  750.275597][T11613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.278438][T11976] EXT4-fs error (device loop4): ext4_fill_super:4841: inode #2: comm syz.4.1769: iget: checksum invalid
[  750.304704][T11976] EXT4-fs (loop4): get root inode failed
[  750.308285][T11714] device veth1_macvtap entered promiscuous mode
[  750.310491][T11976] EXT4-fs (loop4): mount failed
[  750.343090][T11613] usb 4-1: config 0 descriptor??
[  750.348893][T11974] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  750.356485][   T26] audit: type=1326 audit(1729666322.258:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.382224][   T26] audit: type=1326 audit(1729666322.268:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.415774][   T26] audit: type=1326 audit(1729666322.268:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.431341][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.440240][   T26] audit: type=1326 audit(1729666322.268:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.463876][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.478379][T11974] SQUASHFS error: Unable to read metadata cache entry [638]
[  750.489039][T11974] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  750.503534][   T26] audit: type=1326 audit(1729666322.268:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.523460][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.555921][   T26] audit: type=1326 audit(1729666322.268:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.561396][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.598769][   T26] audit: type=1326 audit(1729666322.268:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11973 comm="syz.1.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  750.618966][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.654780][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.673585][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  750.693592][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.715195][T11714] batman_adv: batadv0: Interface activated: batadv_slave_0
[  750.733722][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  750.764458][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  750.812909][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.849330][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.891140][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.901837][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.918642][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  750.973862][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  750.984007][T11714] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  751.003892][T11714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  751.035316][T11714] batman_adv: batadv0: Interface activated: batadv_slave_1
[  751.055534][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  751.084590][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  751.103544][T11714] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  751.122477][T11714] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  751.140156][T11714] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  751.164089][T11714] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  751.412386][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  751.435829][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  751.481946][T11996] loop4: detected capacity change from 0 to 512
[  751.483023][T11993] loop1: detected capacity change from 0 to 128
[  751.499048][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  751.514287][ T7260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  751.541491][ T7260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  751.569994][T11993] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  751.589766][T11996] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  751.604491][T11996] UDF-fs: Scanning with blocksize 512 failed
[  751.608398][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  751.623738][T11996] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  751.633967][T11993] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  751.695160][T11996] UDF-fs: Scanning with blocksize 1024 failed
[  751.729857][T11996] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  751.748469][T11996] UDF-fs: Scanning with blocksize 2048 failed
[  751.770751][T11996] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  751.809242][T11996] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  752.105252][ T3612] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  752.341675][T12013] loop1: detected capacity change from 0 to 256
[  752.385369][ T3612] usb 3-1: Using ep0 maxpacket: 8
[  752.396163][T12013] exfat: Deprecated parameter 'namecase'
[  752.409789][T12013] exfat: Deprecated parameter 'utf8'
[  752.441818][T12013] exfat: Deprecated parameter 'namecase'
[  752.449738][T12013] exfat: Deprecated parameter 'utf8'
[  752.487533][T12013] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d)
[  752.515769][ T3612] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  752.533853][ T3612] usb 3-1: config 0 has no interface number 0
[  752.555598][T11613] usbhid 4-1:0.0: can't add hid device: -71
[  752.566796][ T3612] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  752.581984][T11613] usbhid: probe of 4-1:0.0 failed with error -71
[  752.781179][T11613] usb 4-1: USB disconnect, device number 30
[  752.787535][ T3612] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  752.798784][ T3612] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.826673][ T3612] usb 3-1: config 0 descriptor??
[  752.847649][T12018] loop4: detected capacity change from 0 to 4096
[  752.905999][ T1076] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  753.196611][ T3612] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  753.219030][T11999] udc-core: couldn't find an available UDC or it's busy
[  753.242683][T12024] loop0: detected capacity change from 0 to 8
[  753.259627][T11999] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  753.404499][T11764] Bluetooth: hci4: command 0x0411 tx timeout
[  753.490168][T12018] NILFS (loop4): invalid segment: Checksum error in segment payload
[  753.524025][T12024] SQUASHFS error: Failed to read block 0x63a: -5
[  753.531038][T12018] NILFS (loop4): trying rollback from an earlier position
[  753.559498][T12024] SQUASHFS error: Unable to read metadata cache entry [638]
[  753.597369][T12024] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  753.606067][T12027] SQUASHFS error: Unable to read metadata cache entry [638]
[  753.610848][T12018] NILFS (loop4): recovery complete
[  753.637116][T12027] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  753.649243][T12028] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  753.686626][T12024] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  753.786739][ T1076] usb 2-1: not running at top speed; connect to a high speed hub
[  753.799159][T12024] SQUASHFS error: Unable to read metadata cache entry [638]
[  753.816628][T12024] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  754.046013][T12032] tmpfs: Unknown parameter 'usrquota'
[  755.459346][ T1076] usb 2-1: config index 0 descriptor too short (expected 51325, got 125)
[  755.498646][ T1076] usb 2-1: config 204 has too many interfaces: 180, using maximum allowed: 32
[  755.540460][ T1076] usb 2-1: config 204 contains an unexpected descriptor of type 0x1, skipping
[  755.589007][ T1076] usb 2-1: config 204 has an invalid descriptor of length 0, skipping remainder of the config
[  755.642127][ T1076] usb 2-1: config 204 has 0 interfaces, different from the descriptor's value: 180
[  756.169032][ T1076] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  756.202670][ T1076] usb 2-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[  756.269542][ T1076] usb 2-1: Product: syz
[  756.304820][ T1076] usb 2-1: Manufacturer: ㅽꑋᡕ�涮缗壼烷녠��唗鬼�஭�᥅옧２괲貤⊘붑�塑�ꤶ밹缬䯟拫�르맂ꦔ䡮㛰⣔�缚ﳕ�嶤烖ጔ嶽�⶗뷀ㄌ㄰綜�䵄�犼⸻ￗ뱨訤뷆ૃ低�࡯뼌ᄌ䒬↨尛�㤾⢶羰๧�锠뢈⭺悳㷄㿵蓥렗橎枨�륳⋆骲凘逸
[  756.678049][ T3930] usb 3-1: USB disconnect, device number 26
[  757.146038][ T3930] iowarrior 3-1:0.1: I/O-Warror #0 now disconnected
[  757.173800][ T1076] usb 2-1: can't set config #204, error -71
[  757.195854][ T1076] usb 2-1: USB disconnect, device number 25
[  757.625474][T12051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  757.695806][T12055] loop1: detected capacity change from 0 to 1024
[  757.762955][T12055] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  757.771188][ T1076] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  757.782093][T12056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  757.803979][T12055] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  757.877546][T12047] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  757.884680][T12055] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,errors=remount-ro,dioread_nolock,max_dir_size_kb=0x0000000000000009,nomblk_io_submit,data_err=abort,. Quota mode: writeback.
[  758.131383][ T1076] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  758.147021][ T1076] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  758.173886][ T1076] usb 4-1: config 0 descriptor??
[  758.378113][ T1076] cp210x 4-1:0.0: cp210x converter detected
[  758.509029][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  758.770951][T11939] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  759.256504][T12076] loop2: detected capacity change from 0 to 8192
[  759.321484][T11939] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  759.335239][T11939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  759.345875][T11939] usb 2-1: config 0 descriptor??
[  759.383493][T11939] cp210x 2-1:0.0: cp210x converter detected
[  759.498714][T12076] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  759.509756][T12076] REISERFS (device loop2): using ordered data mode
[  759.517206][T12076] reiserfs: using flush barriers
[  759.525937][T12076] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  759.543279][T12076] REISERFS (device loop2): checking transaction log (loop2)
[  759.601563][T11939] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71
[  759.609116][T11939] cp210x 2-1:0.0: querying part number failed
[  759.624909][T11939] usb 2-1: cp210x converter now attached to ttyUSB0
[  759.633277][T11939] usb 2-1: USB disconnect, device number 26
[  759.641764][T11939] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  759.649947][T11939] cp210x 2-1:0.0: device disconnected
[  759.676944][T12083] loop0: detected capacity change from 0 to 512
[  759.752968][T12076] REISERFS (device loop2): Using tea hash to sort names
[  759.763132][T12076] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  759.777928][T12076] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  759.829051][T12083] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.1796: corrupted in-inode xattr
[  759.841968][ T1076] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  759.850021][ T1076] cp210x 4-1:0.0: querying part number failed
[  759.854279][T12086] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  759.894628][ T1076] usb 4-1: cp210x converter now attached to ttyUSB0
[  759.910158][T12083] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.1796: couldn't read orphan inode 15 (err -117)
[  759.930368][T12076] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 5) not found (pos 2)
[  759.941000][ T1076] usb 4-1: USB disconnect, device number 31
[  759.970841][ T1076] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  759.987209][T12083] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  760.006560][ T1076] cp210x 4-1:0.0: device disconnected
[  760.024513][T12082] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #2: comm syz.0.1796: Directory hole found for htree leaf block 0
[  760.063732][T12086] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1797'.
[  760.183902][T12088] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.1794'.
[  760.214968][T12092] netlink: 'syz.1.1799': attribute type 1 has an invalid length.
[  760.253128][T12092] loop1: detected capacity change from 0 to 16
[  760.356792][T12095] ptrace attach of "./syz-executor exec"[10850] was attempted by "./syz-executor exec"[12095]
[  760.375085][T12095] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  760.392612][T12092] erofs: (device loop1): mounted with root inode @ nid 36.
[  760.518260][T12092] mac80211_hwsim hwsim50 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  761.604745][T12111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1804'.
[  761.827768][T12119] loop1: detected capacity change from 0 to 1024
[  761.879626][T12126] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1808'.
[  762.152338][T12133] loop0: detected capacity change from 0 to 512
[  762.234106][T12133] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  762.309241][T12133] EXT4-fs (loop0): 1 orphan inode deleted
[  762.324286][T12133] EXT4-fs (loop0): 1 truncate cleaned up
[  762.333886][ T3930] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  762.346544][T12133] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,max_dir_size_kb=0x0000000000000004,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,jqfmt=vfsold,noload,data_err=ignore,init_itable,debug_want_extra_isize=0x0000000000000006. Quota mode: none.
[  762.714354][ T3930] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  762.744944][ T3930] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.766344][ T3621] hfsplus: b-tree write err: -5, ino 3
[  762.776260][ T3930] usb 3-1: config 0 descriptor??
[  762.815595][ T3930] cp210x 3-1:0.0: cp210x converter detected
[  763.039202][T12155] loop0: detected capacity change from 0 to 64
[  763.050426][   T26] kauditd_printk_skb: 93 callbacks suppressed
[  763.050443][   T26] audit: type=1326 audit(1729666335.017:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12144 comm="syz.4.1817" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  763.078506][    C0] vkms_vblank_simulate: vblank timer overrun
[  763.084494][ T3621] wlan0: Trigger new scan to find an IBSS to join
[  763.085157][T12150] 8021q: adding VLAN 0 to HW filter on device bond1
[  763.103358][T12150] bridge0: port 3(bond1) entered blocking state
[  763.112640][T12150] bridge0: port 3(bond1) entered disabled state
[  763.121623][T12150] device bond1 entered promiscuous mode
[  763.127807][T12150] bridge0: port 3(bond1) entered blocking state
[  763.134114][T12150] bridge0: port 3(bond1) entered forwarding state
[  763.216673][  T144] bridge0: port 3(bond1) entered disabled state
[  764.099160][ T3612] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  764.225312][ T3930] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71
[  764.255347][ T3930] cp210x 3-1:0.0: querying part number failed
[  764.279741][ T3930] usb 3-1: cp210x converter now attached to ttyUSB0
[  764.300692][ T3930] usb 3-1: USB disconnect, device number 27
[  764.343583][ T3930] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  764.384592][ T3930] cp210x 3-1:0.0: device disconnected
[  764.401942][ T3612] usb 4-1: Using ep0 maxpacket: 16
[  764.611864][ T3612] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  764.634741][ T3612] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  764.658865][ T3612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.670343][T12172] loop0: detected capacity change from 0 to 256
[  764.768766][T12175] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1823'.
[  765.528685][ T3612] usb 4-1: config 0 descriptor??
[  765.731674][   T26] audit: type=1326 audit(1729666337.705:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12171 comm="syz.0.1822" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x0
[  765.873005][T12161] PKCS7: Unknown OID: [4] (bad)
[  765.878206][T12161] PKCS7: Only support pkcs7_signedData type
[  765.890608][T12183] xt_limit: Overflow, try lower: 0/0
[  765.920228][ T8582] Bluetooth: Wrong link type (-71)
[  765.927243][ T8582] Bluetooth: hci1: link tx timeout
[  765.932858][ T8582] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  765.960814][T12161] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1819'.
[  766.072958][T12185] udc-core: couldn't find an available UDC or it's busy
[  766.147797][T12185] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  767.157837][ T3772] wlan0: Trigger new scan to find an IBSS to join
[  767.178877][T12199] loop0: detected capacity change from 0 to 8
[  767.257525][ T3612] usbhid 4-1:0.0: can't add hid device: -71
[  767.263548][ T3612] usbhid: probe of 4-1:0.0 failed with error -71
[  767.292404][T12203] loop2: detected capacity change from 0 to 2048
[  767.340340][ T3612] usb 4-1: USB disconnect, device number 32
[  767.421683][T12203] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  767.439059][T12214] loop4: detected capacity change from 0 to 256
[  767.541848][T12214] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  767.934517][ T3612] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  768.714630][T11611] Bluetooth: hci1: command 0x0406 tx timeout
[  768.732188][T12218] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  768.752328][T12218] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  768.765420][T12218] EXT4-fs (loop2): This should not happen!! Data will be lost
[  768.765420][T12218] 
[  768.775134][T12218] EXT4-fs (loop2): Total free blocks count 0
[  768.781205][T12218] EXT4-fs (loop2): Free/Dirty block details
[  768.787487][T12218] EXT4-fs (loop2): free_blocks=2415919104
[  768.793315][T12218] EXT4-fs (loop2): dirty_blocks=16
[  768.798476][T12218] EXT4-fs (loop2): Block reservation details
[  768.804462][T12218] EXT4-fs (loop2): i_reserved_data_blocks=1
[  768.912010][ T3919] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  768.949076][T12214] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d)
[  768.975222][ T3919] EXT4-fs (loop2): This should not happen!! Data will be lost
[  768.975222][ T3919] 
[  769.005848][T12214] vhci_hcd: invalid port number 0
[  769.091672][T12222] loop1: detected capacity change from 0 to 128
[  769.098968][ T3612] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  769.136156][ T3612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.170097][ T3612] usb 4-1: config 0 descriptor??
[  769.187811][T12222] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  769.210337][T12222] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  769.246882][ T3772] wlan0: Creating new IBSS network, BSSID 8a:01:ee:a9:4e:70
[  769.260128][ T3612] cp210x 4-1:0.0: cp210x converter detected
[  769.548625][T12236] tmpfs: Unknown parameter 'usrquota'
[  773.082317][ T3612] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  773.099298][ T3612] cp210x 4-1:0.0: querying part number failed
[  773.167242][ T3612] usb 4-1: cp210x converter now attached to ttyUSB0
[  773.244770][ T3612] usb 4-1: USB disconnect, device number 33
[  773.408394][ T3612] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  773.436302][ T3612] cp210x 4-1:0.0: device disconnected
[  773.647834][   T26] audit: type=1326 audit(1729666345.609:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12246 comm="syz.0.1840" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x0
[  773.781571][T12257] loop2: detected capacity change from 0 to 4096
[  775.523045][T11613] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  775.933516][T11613] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  777.640293][T11613] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.719206][T11613] usb 3-1: config 0 descriptor??
[  777.752519][   T26] audit: type=1326 audit(1729666349.707:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  777.779077][T11613] cp210x 3-1:0.0: cp210x converter detected
[  777.951680][   T26] audit: type=1326 audit(1729666349.717:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  778.364084][   T26] audit: type=1326 audit(1729666349.717:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  779.076225][   T26] audit: type=1326 audit(1729666349.737:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  779.251780][   T26] audit: type=1326 audit(1729666349.737:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  779.545987][ T3919] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  779.615687][T11613] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71
[  779.629068][T11613] cp210x 3-1:0.0: querying part number failed
[  779.696790][   T26] audit: type=1326 audit(1729666349.737:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  779.776292][T11613] usb 3-1: cp210x converter now attached to ttyUSB0
[  779.948141][T11613] usb 3-1: USB disconnect, device number 28
[  780.171419][   T26] audit: type=1326 audit(1729666349.737:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  780.205000][T11613] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  780.255524][T11613] cp210x 3-1:0.0: device disconnected
[  780.356068][T11939] Bluetooth: hci2: command 0x0406 tx timeout
[  780.519336][   T26] audit: type=1326 audit(1729666349.737:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  780.964847][   T26] audit: type=1326 audit(1729666349.737:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  780.980820][T12313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1857'.
[  781.056003][   T26] audit: type=1326 audit(1729666349.737:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  781.198844][   T26] audit: type=1326 audit(1729666349.737:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  781.307083][   T26] audit: type=1326 audit(1729666349.737:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  782.290789][   T26] audit: type=1326 audit(1729666349.737:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12289 comm="syz.1.1850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x7ffc0000
[  782.425954][T12328] loop2: detected capacity change from 0 to 4096
[  782.441900][T12325] loop1: detected capacity change from 0 to 2048
[  782.550604][T12325] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  782.578471][T12328] NILFS (loop2): invalid segment: Checksum error in segment payload
[  782.586624][T12328] NILFS (loop2): trying rollback from an earlier position
[  782.666576][T12328] NILFS (loop2): recovery complete
[  782.682870][T12334] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  783.240309][T12325] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  783.255303][T12325] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  783.267633][T12325] EXT4-fs (loop1): This should not happen!! Data will be lost
[  783.267633][T12325] 
[  783.277282][T12325] EXT4-fs (loop1): Total free blocks count 0
[  783.283319][T12325] EXT4-fs (loop1): Free/Dirty block details
[  783.289278][T12325] EXT4-fs (loop1): free_blocks=2415919104
[  783.295007][T12325] EXT4-fs (loop1): dirty_blocks=16
[  783.300235][T12325] EXT4-fs (loop1): Block reservation details
[  783.306224][T12325] EXT4-fs (loop1): i_reserved_data_blocks=1
[  783.318470][T12325] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 11 with error 28
[  783.331809][T12325] EXT4-fs (loop1): This should not happen!! Data will be lost
[  783.331809][T12325] 
[  784.254242][T12344] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1863'.
[  784.482301][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  784.482316][   T26] audit: type=1326 audit(1729666356.443:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.4.1865" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  785.094319][   T26] audit: type=1326 audit(1729666357.052:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12357 comm="syz.1.1878" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f666ad85ff9 code=0x0
[  785.138752][ T9592] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  785.149711][T12360] 8021q: adding VLAN 0 to HW filter on device bond1
[  785.157735][T12360] bridge0: port 3(bond1) entered blocking state
[  785.169199][T12360] bridge0: port 3(bond1) entered disabled state
[  785.188411][T12360] device bond1 entered promiscuous mode
[  785.258679][T12360] bridge0: port 3(bond1) entered blocking state
[  785.265046][T12360] bridge0: port 3(bond1) entered forwarding state
[  785.318150][T12366] loop4: detected capacity change from 0 to 512
[  785.375381][ T7260] bridge0: port 3(bond1) entered disabled state
[  785.414749][T12366] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  785.529549][ T9592] usb 3-1: config 0 has an invalid interface number: 18 but max is 0
[  785.547997][ T9592] usb 3-1: config 0 has no interface number 0
[  785.614495][T12366] EXT4-fs (loop4): 1 orphan inode deleted
[  785.625549][T12366] EXT4-fs (loop4): 1 truncate cleaned up
[  785.639271][T12366] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,max_dir_size_kb=0x0000000000000004,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,jqfmt=vfsold,noload,data_err=ignore,init_itable,debug_want_extra_isize=0x0000000000000006. Quota mode: none.
[  785.678719][ T9592] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  785.750536][ T9592] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  785.909530][ T9592] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  785.940226][ T9592] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  785.987682][ T9592] usb 3-1: Manufacturer: syz
[  786.046441][ T9592] usb 3-1: config 0 descriptor??
[  786.192510][   T26] audit: type=1326 audit(1729666358.152:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12373 comm="syz.3.1871" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x0
[  786.430710][T12378] loop4: detected capacity change from 0 to 512
[  786.606398][ T9592] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.18/0003:054C:03D5.0008/input/input39
[  786.635419][T12378] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nobarrier,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  786.688385][T12378] ext4 filesystem being mounted at /55/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  786.742549][ T9592] sony 0003:054C:03D5.0008: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.2-1/input18
[  786.809408][   T26] audit: type=1326 audit(1729666358.761:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12377 comm="syz.4.1872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  788.141867][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  788.528373][T11613] usb 3-1: reset high-speed USB device number 29 using dummy_hcd
[  790.323414][T12409] 9pnet: p9_errstr2errno: server reported unknown error 

[  790.361056][T12411] loop4: detected capacity change from 0 to 2048
[  790.523220][T12419] loop2: detected capacity change from 0 to 8
[  790.553540][T12411] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  790.602378][ T3613] Bluetooth: hci1: command 0x0406 tx timeout
[  790.693913][T12414] loop1: detected capacity change from 0 to 1024
[  790.986292][T12428] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  791.001715][T12428] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  791.014139][T12428] EXT4-fs (loop4): This should not happen!! Data will be lost
[  791.014139][T12428] 
[  791.024075][T12428] EXT4-fs (loop4): Total free blocks count 0
[  791.030202][T12428] EXT4-fs (loop4): Free/Dirty block details
[  791.036206][T12428] EXT4-fs (loop4): free_blocks=2415919104
[  791.042011][T12428] EXT4-fs (loop4): dirty_blocks=16
[  791.047196][T12428] EXT4-fs (loop4): Block reservation details
[  791.053253][T12428] EXT4-fs (loop4): i_reserved_data_blocks=1
[  791.108811][T12428] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 11 with error 28
[  791.121172][T12428] EXT4-fs (loop4): This should not happen!! Data will be lost
[  791.121172][T12428] 
[  791.846180][   T21] usb 3-1: USB disconnect, device number 29
[  791.943551][T12414] EXT4-fs (loop1): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,data_err=ignore,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none.
[  792.013579][   T26] audit: type=1326 audit(1729666363.969:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12425 comm="syz.0.1881" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x0
[  792.349874][   T26] audit: type=1800 audit(1729666364.299:1092): pid=12409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1888" name="bus" dev="loop1" ino=19 res=0 errno=0
[  792.458234][   T26] audit: type=1804 audit(1729666364.409:1093): pid=12414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1888" name="/newroot/56/file1/memory.events" dev="loop1" ino=18 res=1 errno=0
[  792.504684][T12414] EXT4-fs error (device loop1) in ext4_setattr:5578: Out of memory
[  792.609987][T12414] EXT4-fs (loop1): Remounting filesystem read-only
[  792.628854][T12443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  792.670521][T12443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  792.675855][T12445] netlink: 'syz.0.1886': attribute type 1 has an invalid length.
[  792.735709][T12447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1886'.
[  792.772277][T12443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  792.801868][T11240] EXT4-fs error (device loop1): ext4_map_blocks:628: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  792.834893][T11240] EXT4-fs (loop1): Remounting filesystem read-only
[  792.841968][T11240] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5806: Out of memory
[  792.864793][T11240] EXT4-fs (loop1): Remounting filesystem read-only
[  792.871482][T11240] EXT4-fs error (device loop1): ext4_dirty_inode:6010: inode #2: comm syz-executor: mark_inode_dirty error
[  792.896656][T11240] EXT4-fs (loop1): Remounting filesystem read-only
[  793.524499][T12451] loop4: detected capacity change from 0 to 4096
[  793.622513][T12451] NILFS (loop4): invalid segment: Checksum error in segment payload
[  793.676299][T12451] NILFS (loop4): trying rollback from an earlier position
[  793.780215][T12451] NILFS (loop4): recovery complete
[  793.820291][T12461] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  793.830787][T12460] loop0: detected capacity change from 0 to 2048
[  794.071561][T12463] PKCS7: Unknown OID: [5] 0.0
[  794.077859][T12460] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  795.180295][T12463] PKCS7: Only support pkcs7_signedData type
[  795.225177][T12460] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  795.560611][T12250] udevd[12250]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  795.676599][T12476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  795.678099][T12474] netlink: 'syz.4.1900': attribute type 27 has an invalid length.
[  795.705145][T12250] udevd[12250]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  795.750377][T12465] chnl_net:caif_netlink_parms(): no params data found
[  795.816688][T12481] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  795.906118][   T26] audit: type=1326 audit(1729666367.857:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12477 comm="syz.2.1899" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x0
[  795.950284][T12492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  796.090403][T12465] bridge0: port 1(bridge_slave_0) entered blocking state
[  796.117880][T12465] bridge0: port 1(bridge_slave_0) entered disabled state
[  796.119744][ T1076] Bluetooth: hci3: command 0x0409 tx timeout
[  796.136919][T12465] device bridge_slave_0 entered promiscuous mode
[  796.146318][T12465] bridge0: port 2(bridge_slave_1) entered blocking state
[  796.153386][T12465] bridge0: port 2(bridge_slave_1) entered disabled state
[  796.161909][T12465] device bridge_slave_1 entered promiscuous mode
[  797.269106][T12465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  797.455428][T12507] netlink: 892 bytes leftover after parsing attributes in process `syz.3.1908'.
[  797.493886][T12465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  797.621433][T12508] loop4: detected capacity change from 0 to 1024
[  798.530647][ T1076] Bluetooth: hci3: command 0x041b tx timeout
[  798.532034][T12499] sp0: Synchronizing with TNC
[  798.763802][T12508] EXT4-fs (loop4): Ignoring removed orlov option
[  799.413693][T12465] team0: Port device team_slave_0 added
[  799.420376][T12465] team0: Port device team_slave_1 added
[  799.436975][T12508] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,nombcache,journal_dev=0x0000000000000001,usrjquota=,orlov,errors=remount-ro,lazytime,jqfmt=vfsold,grpjquota=,. Quota mode: none.
[  799.547353][T12465] batman_adv: batadv0: Adding interface: batadv_slave_0
[  799.554337][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  799.672244][T12522] xt_CT: You must specify a L4 protocol and not use inversions on it
[  799.698458][T12465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  799.711222][T12465] batman_adv: batadv0: Adding interface: batadv_slave_1
[  799.728523][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  799.755257][T12465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  799.767723][T12522] xt_CT: You must specify a L4 protocol and not use inversions on it
[  799.784169][T12522] loop2: detected capacity change from 0 to 8
[  799.826997][T12525] RDS: rds_bind could not find a transport for ::c001:20:0:0, load rds_tcp or rds_rdma?
[  799.867012][T12522] squashfs image failed sanity check
[  799.877290][T12526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  799.947311][T12465] device hsr_slave_0 entered promiscuous mode
[  799.956658][T12465] device hsr_slave_1 entered promiscuous mode
[  799.963523][T12465] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  799.971477][T12522] loop2: detected capacity change from 0 to 1024
[  799.981653][T12465] Cannot create hsr debugfs directory
[  800.018226][T12522] EXT4-fs (loop2): Test dummy encryption mode enabled
[  800.031912][T12522] EXT4-fs (loop2): Ignoring removed orlov option
[  800.051529][T12522] Quota error (device loop2): v2_read_file_info: Number of blocks too big for quota file size (1316864 > 530432).
[  800.071076][T12522] EXT4-fs warning (device loop2): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  800.099320][T12522] EXT4-fs (loop2): mount failed
[  800.123375][T12534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  800.305692][T12465] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.360049][T12536] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  800.405722][T12465] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.430773][   T26] audit: type=1326 audit(1729666372.385:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12535 comm="syz.2.1915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x0
[  800.546126][T12465] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.591434][T12540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  800.606652][ T3615] Bluetooth: hci3: command 0x040f tx timeout
[  800.641486][T12540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  800.758028][T12540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  800.821490][T12545] loop4: detected capacity change from 0 to 128
[  800.837266][T12465] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.800563][   T26] audit: type=1800 audit(1729666373.754:1096): pid=12557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1918" name="bus" dev="loop4" ino=1048712 res=0 errno=0
[  801.855201][T12556] loop2: detected capacity change from 0 to 2048
[  802.075833][T12465] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  802.439255][T12465] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  802.697121][T12556] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none.
[  802.913313][T12465] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  803.041901][ T3615] Bluetooth: hci3: command 0x0419 tx timeout
[  803.247832][ T1242] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  803.280949][T12465] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  803.368837][T12575] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  803.400082][T12575] overlayfs: filesystem on './file1' not supported as upperdir
[  804.531284][T12579] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  804.761155][T12465] 8021q: adding VLAN 0 to HW filter on device bond0
[  804.826202][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  804.863462][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  804.917694][T12465] 8021q: adding VLAN 0 to HW filter on device team0
[  805.023863][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  805.041839][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  805.053048][ T3919] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.060186][ T3919] bridge0: port 1(bridge_slave_0) entered forwarding state
[  805.080198][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  805.097338][T12588] loop2: detected capacity change from 0 to 64
[  805.130451][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  805.174683][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  805.216130][ T3919] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.223273][ T3919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  805.316356][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  805.355172][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  805.395139][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  805.464548][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  805.501019][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  805.549805][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  805.569930][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  805.618215][T12465] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  805.664412][T12465] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  805.747564][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  805.756965][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  805.799643][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  805.829484][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  805.877833][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  806.273107][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  806.286591][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  806.316181][T12465] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.386518][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  806.399218][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  806.453065][T12600] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  806.484319][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  806.518837][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  806.569879][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  806.589006][ T3673] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  806.602584][   T26] audit: type=1326 audit(1729666378.553:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12599 comm="syz.3.1929" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x0
[  806.608232][T12465] device veth0_vlan entered promiscuous mode
[  806.715676][T12465] device veth1_vlan entered promiscuous mode
[  806.770628][T12607] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1931'.
[  806.856080][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  806.872238][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  806.897819][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  806.936096][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  807.073252][T12465] device veth0_macvtap entered promiscuous mode
[  807.091407][ T3919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  807.113447][T12465] device veth1_macvtap entered promiscuous mode
[  807.179644][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  807.231246][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.258750][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  807.285165][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.305583][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  807.336950][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.375757][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  807.427595][T12610] kvm [12609]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010006 data 0x0
[  807.437488][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.458199][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  807.479382][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.551473][T12465] batman_adv: batadv0: Interface activated: batadv_slave_0
[  807.595600][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  807.611475][ T7260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  807.630676][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  807.663876][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.675769][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  807.693279][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.705601][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  807.748266][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.762227][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  807.776648][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.786960][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  807.804644][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  807.817568][T12465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  807.836409][T12614] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1933'.
[  807.848981][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  807.874993][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  807.913084][T12465] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  807.958255][T12465] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  807.999133][T12465] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  808.048164][T12465] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  808.061987][T12622] netlink: 'syz.3.1935': attribute type 10 has an invalid length.
[  808.125896][T12622] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  808.613515][ T3673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.698265][ T3673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.715806][ T7260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  808.741644][ T7260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.775544][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  808.833043][ T1242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  808.932142][ T1390] ieee802154 phy0 wpan0: encryption failed: -22
[  809.099750][T12636] loop1: detected capacity change from 0 to 4096
[  809.204013][T12636] NILFS (loop1): invalid segment: Checksum error in segment payload
[  809.573232][T12634] kvm: apic: phys broadcast and lowest prio
[  810.079943][T12636] NILFS (loop1): trying rollback from an earlier position
[  810.219954][T12636] NILFS (loop1): recovery complete
[  810.281186][T12648] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  810.343218][T12647] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  810.351930][T12651] netlink: 'syz.4.1944': attribute type 1 has an invalid length.
[  810.395890][   T26] audit: type=1326 audit(1729666382.343:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12646 comm="syz.3.1942" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x0
[  810.417853][    C0] vkms_vblank_simulate: vblank timer overrun
[  810.434022][T12651] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1944'.
[  810.680670][T12660] loop1: detected capacity change from 0 to 1024
[  810.689578][ T3621] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  810.813581][T12660] EXT4-fs (loop1): Unrecognized mount option "subj_role=" or missing value
[  811.165161][T12665] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1946'.
[  812.514297][   T26] audit: type=1326 audit(1729666384.463:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12668 comm="syz.2.1948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x0
[  812.681364][T12669] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1947'.
[  814.257126][T12701] ieee802154 phy0 wpan0: encryption failed: -22
[  814.330537][T12706] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1957'.
[  814.411876][T12710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  814.444901][T12696] IPv6: NLM_F_REPLACE set, but no existing node found!
[  814.528319][T12703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  814.637715][T12698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  814.705915][T12713] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  814.739439][   T26] audit: type=1326 audit(1729666386.683:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12712 comm="syz.0.1960" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc9da28fff9 code=0x0
[  814.768154][ T3930] Bluetooth: hci3: command 0x2016 tx timeout
[  815.300281][T12726] loop4: detected capacity change from 0 to 512
[  815.376734][T12727] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1962'.
[  816.727809][ T1076] Bluetooth: hci1: command 0x2016 tx timeout
[  816.995379][T12726] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  817.188779][T12726] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  817.452883][T12734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  818.964726][T12752] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  819.029414][T12752] device veth0_to_bridge entered promiscuous mode
[  819.068411][T12751] device veth0_to_bridge left promiscuous mode
[  820.513543][T12767] bridge0: port 3(gretap0) entered blocking state
[  820.530448][T12767] bridge0: port 3(gretap0) entered disabled state
[  820.543190][T12767] device gretap0 entered promiscuous mode
[  820.578532][T12767] bridge0: port 3(gretap0) entered blocking state
[  820.585033][T12767] bridge0: port 3(gretap0) entered forwarding state
[  820.609764][T12772] device gretap0 left promiscuous mode
[  820.617716][T12772] bridge0: port 3(gretap0) entered disabled state
[  821.066603][T12778] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  821.130628][   T26] audit: type=1326 audit(1729666393.083:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12776 comm="syz.2.1977" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x0
[  821.359775][   T26] audit: type=1326 audit(1729666393.313:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12785 comm="syz.4.1981" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  822.581321][    C0] hrtimer: interrupt took 79482 ns
[  823.303974][T12799] loop4: detected capacity change from 0 to 1024
[  823.417554][T12803] netlink: 'syz.3.1984': attribute type 39 has an invalid length.
[  824.273719][T12801] loop1: detected capacity change from 0 to 131072
[  824.722247][T12799] EXT4-fs (loop4): Test dummy encryption mode enabled
[  824.729494][T12799] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  824.741122][T12799] EXT4-fs (loop4): unsupported descriptor size 0
[  824.754176][T12799] overlayfs: empty lowerdir
[  824.778824][T12801] F2FS-fs (loop1): invalid crc value
[  824.856697][T12801] F2FS-fs (loop1): Found nat_bits in checkpoint
[  824.960453][T12824] fuse: Unknown parameter '0xffffffffffffffff'
[  825.766850][T12801] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  825.876057][T12801] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1982'.
[  825.916686][T12828] netlink: 892 bytes leftover after parsing attributes in process `syz.0.1989'.
[  826.155927][T12831] netlink: 'syz.3.1991': attribute type 7 has an invalid length.
[  826.186221][T12831] netlink: 'syz.3.1991': attribute type 8 has an invalid length.
[  826.507875][T12841] xt_CT: You must specify a L4 protocol and not use inversions on it
[  826.535057][T12841] xt_CT: You must specify a L4 protocol and not use inversions on it
[  827.388747][   T26] audit: type=1326 audit(1729666399.343:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12845 comm="syz.3.1996" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x0
[  827.557528][T12857] loop4: detected capacity change from 0 to 4096
[  827.733414][T12865] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1990'.
[  827.837115][T12868] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  828.025975][T12870] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2003'.
[  828.116738][T12874] netlink: 892 bytes leftover after parsing attributes in process `syz.2.2004'.
[  828.669429][T12861] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2000'.
[  828.736967][T12857] NILFS (loop4): invalid segment: Checksum error in segment payload
[  828.751733][T12857] NILFS (loop4): trying rollback from an earlier position
[  828.773031][T12877] program syz.1.2005 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  828.833945][T12857] NILFS (loop4): recovery complete
[  829.860633][T12885] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  831.355863][T12877] device bond0 entered promiscuous mode
[  831.379453][T12877] device bond_slave_0 entered promiscuous mode
[  831.413938][T12877] device bond_slave_1 entered promiscuous mode
[  831.462545][T12893] netlink: 'syz.3.2009': attribute type 7 has an invalid length.
[  831.488234][T12893] netlink: 'syz.3.2009': attribute type 6 has an invalid length.
[  831.724675][T12899] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  831.730880][T12900] dccp_invalid_packet: P.Data Offset(100) too large
[  831.756690][T12909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  831.778605][   T26] audit: type=1326 audit(1729666403.733:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12896 comm="syz.2.2012" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x0
[  831.813926][T12909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  832.082985][T12911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  833.112519][T12907] loop1: detected capacity change from 0 to 8192
[  833.916076][T12927] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  834.328187][ T3616] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  834.588408][ T3616] usb 3-1: Using ep0 maxpacket: 32
[  835.170687][ T3673] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  835.280480][ T3616] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  835.298948][ T3616] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  835.321752][ T3616] usb 3-1: config 0 descriptor??
[  835.403902][ T3616] rndis_host: probe of 3-1:0.0 failed with error -22
[  836.035091][T12954] loop2: detected capacity change from 0 to 512
[  836.430822][T12959] virtio-fs: tag <(null)> not found
[  836.442660][T12954] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.2015: invalid indirect mapped block 10 (level 1)
[  836.443755][T12954] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.2015: invalid indirect mapped block 8 (level 1)
[  836.450137][T12954] EXT4-fs (loop2): 1 truncate cleaned up
[  836.450166][T12954] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  836.508800][T12980] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option ""
[  836.581278][   T26] audit: type=1800 audit(1729666408.533:1105): pid=12983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2015" name="bus" dev="loop2" ino=18 res=0 errno=0
[  836.990884][T12998] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  837.126788][   T26] audit: type=1326 audit(1729666409.073:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12970 comm="syz.1.2026" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x0
[  837.264231][T13000] loop4: detected capacity change from 0 to 4096
[  837.302413][   T26] audit: type=1326 audit(1729666409.173:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.3.2030" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x0
[  837.437408][T13000] NILFS (loop4): invalid segment: Checksum error in segment payload
[  837.485392][T13000] NILFS (loop4): trying rollback from an earlier position
[  837.567233][T13008] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2031'.
[  837.609443][T13000] NILFS (loop4): recovery complete
[  837.660791][T13017] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  837.675853][T13011] loop1: detected capacity change from 0 to 4096
[  837.888631][T13024] netlink: 'syz.3.2035': attribute type 10 has an invalid length.
[  837.917727][T11763] usb 3-1: USB disconnect, device number 30
[  838.326134][T13028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2036'.
[  838.699051][T13011] NILFS (loop1): invalid segment: Checksum error in segment payload
[  838.748723][T13011] NILFS (loop1): trying rollback from an earlier position
[  838.919756][T13011] NILFS (loop1): recovery complete
[  838.950093][T13037] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  839.027366][T13040] loop4: detected capacity change from 0 to 1024
[  839.182749][ T9592] Bluetooth: hci1: command 0x0409 tx timeout
[  839.507717][T13051] loop2: detected capacity change from 0 to 512
[  840.542990][T13048] fuse: Unknown parameter 'fd50x000000000000000a'
[  840.757835][ T3673] hfsplus: b-tree write err: -5, ino 4
[  840.950013][T13051] loop2: detected capacity change from 0 to 512
[  841.035224][T13063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  841.074937][T13063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  841.133702][T13066] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  841.150122][T13070] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  841.192307][   T26] audit: type=1326 audit(1729666413.143:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.1.2045" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x0
[  841.644355][T13074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  841.665267][T13074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  841.843641][T13074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  842.269457][T13079] loop4: detected capacity change from 0 to 8
[  842.634918][T13088] affs: No valid root block on device nbd3
[  842.647518][   T26] audit: type=1326 audit(1729666414.593:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.4.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  843.152143][   T26] audit: type=1326 audit(1729666415.023:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13078 comm="syz.4.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f8a51d78ff9 code=0x7ffc0000
[  843.520233][ T1242] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  843.532837][T13094] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  843.540115][T13094] IPv6: NLM_F_CREATE should be set when creating new route
[  843.547400][T13094] IPv6: NLM_F_CREATE should be set when creating new route
[  843.591010][T13079] SQUASHFS error: Failed to read block 0x63a: -5
[  843.639091][T13079] SQUASHFS error: Unable to read metadata cache entry [638]
[  843.646561][T13079] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  843.707436][T13095] SQUASHFS error: Unable to read metadata cache entry [638]
[  843.748256][T13095] SQUASHFS error: Unable to read directory block [26067d:ffff]
[  843.846870][T13104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2052'.
[  843.866278][T13108] xt_CT: You must specify a L4 protocol and not use inversions on it
[  843.899357][T13104] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2052'.
[  844.204895][T13118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  844.220612][T13118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  845.224383][T13118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  845.329914][T13123] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2059'.
[  845.437318][T13123] device veth3 entered promiscuous mode
[  845.445218][T13128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2059'.
[  845.448924][T13127] loop4: detected capacity change from 0 to 4096
[  845.718761][T13127] NILFS (loop4): invalid segment: Checksum error in segment payload
[  846.051177][T13127] NILFS (loop4): trying rollback from an earlier position
[  846.541463][T13127] NILFS (loop4): recovery complete
[  846.568976][T13137] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  847.611360][T13140] loop1: detected capacity change from 0 to 256
[  847.695559][T13146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  847.724049][T13146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  847.734069][ T3612] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  847.744469][T13146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  847.777910][ T3612] Bluetooth: hci1: Injecting HCI hardware error event
[  847.800423][ T8582] Bluetooth: hci1: hardware error 0x00
[  847.865382][T13155] xt_bpf: check failed: parse error
[  848.017350][T13161] loop1: detected capacity change from 0 to 16
[  848.078785][T13161] erofs: Unknown parameter 'user_pattr'
[  848.144119][T13167] loop2: detected capacity change from 0 to 128
[  849.790140][T13178] loop1: detected capacity change from 0 to 1024
[  850.153067][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2077'.
[  850.191833][T11764] kernel write not supported for file [eventfd] (pid: 11764 comm: kworker/0:17)
[  850.289512][T13178] attempt to access beyond end of device
[  850.289512][T13178] loop1: rw=2049, want=3608, limit=1024
[  850.374545][T13190] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  850.376723][T13178] hfsplus: can't free extent
[  850.422248][ T3772] hfsplus: b-tree write err: -5, ino 4
[  850.749193][T13191] cgroup2: Unknown parameter 'measure'
[  851.328204][   T26] audit: type=1326 audit(1729666423.243:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13211 comm="syz.4.2086" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8a51d78ff9 code=0x0
[  851.479273][T13225] 9pnet: p9_fd_create_unix (13225): problem connecting socket: ./file1: -111
[  852.224726][   T26] audit: type=1326 audit(1729666424.173:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  852.286423][T13234] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  852.370934][   T26] audit: type=1326 audit(1729666424.203:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  853.371303][T13246] xt_TCPMSS: Only works on TCP SYN packets
[  853.456727][   T26] audit: type=1326 audit(1729666424.203:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  853.580236][   T26] audit: type=1326 audit(1729666424.203:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  853.612175][T13254] loop4: detected capacity change from 0 to 256
[  853.649200][T13238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  853.678370][   T26] audit: type=1326 audit(1729666424.203:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  853.787015][   T26] audit: type=1326 audit(1729666424.203:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  853.832530][T13254] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d)
[  853.856708][T13256] loop1: detected capacity change from 0 to 128
[  853.888353][T13254] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 0)
[  853.905916][T13254] exFAT-fs (loop4): failed to load alloc-bitmap
[  853.922595][T13254] exFAT-fs (loop4): failed to recognize exfat type
[  853.977817][   T26] audit: type=1326 audit(1729666424.203:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  854.109237][   T26] audit: type=1326 audit(1729666424.213:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  854.172289][   T26] audit: type=1326 audit(1729666424.213:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13231 comm="syz.3.2093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54bb71bff9 code=0x7ffc0000
[  854.975118][T13267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  855.048316][T13267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  855.919412][T13283] 9pnet: p9_fd_create_unix (13283): problem connecting socket: ./file1: -111
[  856.464432][T13291] loop4: detected capacity change from 0 to 512
[  856.686401][T13299] overlayfs: failed to resolve './file0': -2
[  857.399493][T13307] netlink: 'syz.3.2114': attribute type 8 has an invalid length.
[  857.470760][T13310] netlink: 'syz.2.2115': attribute type 30 has an invalid length.
[  857.574925][T13310] device veth0_macvtap left promiscuous mode
[  858.060867][T13321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.166441][T13325] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  858.185483][T13321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.052432][   T26] kauditd_printk_skb: 118 callbacks suppressed
[  859.052452][   T26] audit: type=1326 audit(1729666430.083:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.274532][   T26] audit: type=1326 audit(1729666430.083:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.313607][T13332] netlink: 192 bytes leftover after parsing attributes in process `syz.2.2120'.
[  859.329326][   T26] audit: type=1326 audit(1729666430.083:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.395888][T13332] netlink: 192 bytes leftover after parsing attributes in process `syz.2.2120'.
[  859.405481][   T26] audit: type=1326 audit(1729666430.093:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.443406][   T26] audit: type=1326 audit(1729666430.093:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.491445][   T26] audit: type=1326 audit(1729666430.093:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff55147b990 code=0x7ffc0000
[  859.524742][   T26] audit: type=1326 audit(1729666430.093:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff55147b990 code=0x7ffc0000
[  859.625243][   T26] audit: type=1326 audit(1729666430.093:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.717579][   T26] audit: type=1326 audit(1729666430.093:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.740009][    C0] vkms_vblank_simulate: vblank timer overrun
[  859.866780][   T26] audit: type=1326 audit(1729666430.103:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz.1.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff55147cff9 code=0x7ffc0000
[  859.889397][    C0] vkms_vblank_simulate: vblank timer overrun
[  860.050709][T13343] ip6t_rpfilter: unknown options
[  862.935274][T13360] netlink: 'syz.4.2129': attribute type 10 has an invalid length.
[  862.987060][T13360] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  863.009564][T13367] Invalid ELF header magic: != ELF
[  864.222985][   T26] kauditd_printk_skb: 18 callbacks suppressed
[  864.223002][   T26] audit: type=1326 audit(1729666436.173:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.281837][   T26] audit: type=1326 audit(1729666436.203:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.359332][T13385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  864.381112][T13385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  864.729690][   T26] audit: type=1326 audit(1729666436.663:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.836336][   T26] audit: type=1326 audit(1729666436.663:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.887309][   T26] audit: type=1326 audit(1729666436.663:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.927035][   T26] audit: type=1326 audit(1729666436.663:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.960232][   T26] audit: type=1326 audit(1729666436.663:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  864.988836][ T8582] Bluetooth: hci3: Received unexpected HCI Event 00000000
[  865.003811][   T26] audit: type=1326 audit(1729666436.663:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  865.047177][   T26] audit: type=1326 audit(1729666436.663:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  865.083610][   T26] audit: type=1326 audit(1729666436.663:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13373 comm="syz.2.2133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ac9d88ff9 code=0x7fc00000
[  865.427740][T13407] overlayfs: './bus' not a directory
[  865.479216][T13411] 9pnet: Insufficient options for proto=fd
[  865.486633][T13411] sch_fq: defrate 0 ignored.
[  865.543172][ T1076] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  866.388114][ T1076] usb 4-1: Using ep0 maxpacket: 32
[  866.401376][T13419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  866.491066][T13426] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  866.508509][ T1076] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  866.534112][ T1076] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  866.578129][ T1076] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  866.587202][ T1076] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.647742][ T1076] usb 4-1: config 0 descriptor??
[  866.668388][T13388] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  866.681805][T13430] loop4: detected capacity change from 0 to 4096
[  866.689408][ T1076] hub 4-1:0.0: USB hub found
[  866.767668][T13430] NILFS (loop4): invalid segment: Checksum error in segment payload
[  866.788076][T13430] NILFS (loop4): trying rollback from an earlier position
[  866.822172][T13430] NILFS (loop4): recovery complete
[  866.849551][T13434] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  867.045681][ T1076] hub 4-1:0.0: 2 ports detected
[  867.185406][ T1242] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  867.939611][T13447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  868.040938][T13447] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  868.055238][ T1076] usb 4-1: USB disconnect, device number 34
[  868.070747][T13452] netlink: 'syz.1.2154': attribute type 10 has an invalid length.
[  868.706475][T13467] loop2: detected capacity change from 0 to 2048
[  868.806165][T13467] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  868.819353][T13452] bridge0: port 2(bridge_slave_1) entered disabled state
[  868.827035][T13452] bridge0: port 1(bridge_slave_0) entered disabled state
[  868.978887][T13467] overlayfs: './file1' not a directory
[  868.979921][T13452] device bond0 left promiscuous mode
[  869.001953][T13452] device bond_slave_0 left promiscuous mode
[  869.008261][T13452] device bond_slave_1 left promiscuous mode
[  869.279589][T13452] device bridge_slave_0 left promiscuous mode
[  869.285820][T13452] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.328232][ T3612] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  869.336500][T13452] device bridge_slave_1 left promiscuous mode
[  869.342994][T13452] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.384681][T13452] bond0: (slave bond_slave_0): Releasing backup interface
[  869.407636][T13452] bond0: (slave bond_slave_1): Releasing backup interface
[  869.435932][T13452] team0: Port device team_slave_0 removed
[  869.477742][T13452] team0: Port device team_slave_1 removed
[  869.498615][T13452] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  869.513126][T13452] batman_adv: batadv0: Removing interface: batadv_slave_0
[  869.532473][T13452] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  869.543470][T13452] batman_adv: batadv0: Removing interface: batadv_slave_1
[  869.602469][ T3612] usb 3-1: Using ep0 maxpacket: 16
[  869.690356][T13452] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  869.700078][T13452] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  869.709415][T13452] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  869.719651][T13452] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  869.753551][ T3612] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  869.948655][ T3612] usb 3-1: New USB device found, idVendor=2040, idProduct=d864, bcdDevice=37.62
[  869.956081][ T3919] ------------[ cut here ]------------
[  869.963970][ T3919] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
[  869.974674][ T3919] WARNING: CPU: 0 PID: 3919 at net/mac80211/rate.c:376 __rate_control_send_low+0x653/0x890
[  869.982191][ T3612] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.984714][ T3919] Modules linked in:
[  869.996646][ T3919] CPU: 0 PID: 3919 Comm: kworker/u4:11 Not tainted 5.15.169-syzkaller #0
[  870.005113][ T3919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  870.015235][ T3919] Workqueue: phy48 ieee80211_scan_work
[  870.020770][ T3919] RIP: 0010:__rate_control_send_low+0x653/0x890
[  870.027025][ T3919] Code: 84 c0 48 8b 14 24 0f 85 d9 01 00 00 8b 0a 48 c7 c7 e0 94 97 8b 4c 89 f6 44 89 fa 44 8b 44 24 0c 44 8b 4c 24 08 e8 7d 61 88 f7 <0f> 0b e9 75 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c e3 f9 ff
[  870.041374][ T3612] usb 3-1: Product: syz
[  870.046694][ T3919] RSP: 0018:ffffc900032f7408 EFLAGS: 00010246
[  870.056870][ T3919] RAX: 580315dcc1cefc00 RBX: 000000000000000c RCX: ffff888025849dc0
[  870.064885][ T3919] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[  870.072965][ T3919] RBP: ffff888018587a28 R08: ffffffff81669a2c R09: fffff5200065edc1
[  870.080978][ T3919] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  870.081531][ T3612] usb 3-1: Manufacturer: syz
[  870.088986][ T3919] R13: 000000000000000c R14: 0000000000000000 R15: 00000000ffffffff
[  870.089005][ T3919] FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  870.089024][ T3919] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  870.089039][ T3919] CR2: 0000555577e22808 CR3: 0000000064dd2000 CR4: 00000000003506f0
[  870.089058][ T3919] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  870.089071][ T3919] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  870.124757][ T3612] usb 3-1: SerialNumber: syz
[  870.125202][ T3919] Call Trace:
[  870.149027][ T3919]  <TASK>
[  870.151971][ T3919]  ? __warn+0x15b/0x300
[  870.156150][ T3919]  ? __rate_control_send_low+0x653/0x890
[  870.161836][ T3919]  ? report_bug+0x1b7/0x2e0
[  870.166373][ T3919]  ? handle_bug+0x3d/0x70
[  870.170753][ T3919]  ? exc_invalid_op+0x16/0x40
[  870.175452][ T3919]  ? asm_exc_invalid_op+0x16/0x20
[  870.180526][ T3919]  ? __wake_up_klogd+0xcc/0x100
[  870.183176][ T3612] usb 3-1: config 0 descriptor??
[  870.185420][ T3919]  ? __rate_control_send_low+0x653/0x890
[  870.196102][ T3919]  ? __rate_control_send_low+0x653/0x890
[  870.201801][ T3919]  rate_control_send_low+0x1a8/0x770
[  870.207215][ T3919]  rate_control_get_rate+0x20a/0x5d0
[  870.212557][ T3919]  ieee80211_tx_h_rate_ctrl+0xc6e/0x1990
[  870.218254][ T3919]  ? ieee80211_ie_len_he_cap+0x620/0x620
[  870.223937][ T3919]  ? ieee80211_tx_h_select_key+0x16a0/0x16a0
[  870.229993][ T3919]  invoke_tx_handlers_late+0xb2/0x17f0
[  870.235482][ T3919]  ? invoke_tx_handlers_early+0xa0d/0x1d00
[  870.241348][ T3919]  ieee80211_tx+0x2df/0x460
[  870.245865][ T3919]  ? ieee80211_skb_resize+0x640/0x640
[  870.251292][ T3919]  ? ieee80211_set_qos_hdr+0x1ca/0x520
[  870.252467][ T3612] usb 3-1: dvb_usb_v2: found a 'Hauppauge 138xxx DVBT' in warm state
[  870.256773][ T3919]  ? ieee80211_xmit+0x355/0x470
[  870.256804][ T3919]  __ieee80211_tx_skb_tid_band+0x164/0x200
[  870.275550][ T3919]  ieee80211_scan_state_send_probe+0x557/0x8f0
[  870.281796][ T3919]  ieee80211_scan_work+0x62b/0x1d00
[  870.283039][ T3612] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  870.287040][ T3919]  ? print_irqtrace_events+0x210/0x210
[  870.287070][ T3919]  ? ieee80211_can_scan+0x200/0x200
[  870.287095][ T3919]  ? do_raw_spin_unlock+0x137/0x8b0
[  870.304249][ T3612] dvbdev: DVB: registering new adapter (Hauppauge 138xxx DVBT)
[  870.307933][ T3919]  process_one_work+0x8a1/0x10c0
[  870.307983][ T3919]  ? worker_detach_from_pool+0x260/0x260
[  870.308048][ T3919]  ? _raw_spin_lock_irqsave+0x120/0x120
[  870.308076][ T3919]  ? kthread_data+0x4e/0xc0
[  870.308101][ T3919]  ? wq_worker_running+0x97/0x170
[  870.308128][ T3919]  worker_thread+0xaca/0x1280
[  870.308178][ T3919]  kthread+0x3f6/0x4f0
[  870.317791][ T3612] usb 3-1: media controller created
[  870.320915][ T3919]  ? rcu_lock_release+0x20/0x20
[  870.343955][ T3612] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  870.346565][ T3919]  ? kthread_blkcg+0xd0/0xd0
[  870.346601][ T3919]  ret_from_fork+0x1f/0x30
[  870.346644][ T3919]  </TASK>
[  870.346668][ T3919] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  870.367913][ T3612] usb 3-1: selecting invalid altsetting 2
[  870.373756][ T3919] CPU: 0 PID: 3919 Comm: kworker/u4:11 Not tainted 5.15.169-syzkaller #0
[  870.373781][ T3919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  870.373796][ T3919] Workqueue: phy48 ieee80211_scan_work
[  870.373824][ T3919] Call Trace:
[  870.373834][ T3919]  <TASK>
[  870.373843][ T3919]  dump_stack_lvl+0x1e3/0x2d0
[  870.378658][ T3612] set interface failed
[  870.382838][ T3919]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  870.386933][ T3612] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  870.393126][ T3919]  ? panic+0x860/0x860
[  870.393159][ T3919]  ? __rate_control_send_low+0x560/0x890
[  870.393183][ T3919]  ? __rate_control_send_low+0x560/0x890
[  870.393205][ T3919]  panic+0x318/0x860
[  870.393231][ T3919]  ? __warn+0x16a/0x300
[  870.393253][ T3919]  ? fb_is_primary_device+0xd0/0xd0
[  870.393285][ T3919]  ? ret_from_fork+0x1f/0x30
[  870.393305][ T3919]  ? __rate_control_send_low+0x653/0x890
[  870.409394][ T3612] error writing reg: 0xff, val: 0x00
[  870.417754][ T3919]  __warn+0x2b2/0x300
[  870.417790][ T3919]  ? __rate_control_send_low+0x653/0x890
[  870.417815][ T3919]  report_bug+0x1b7/0x2e0
[  870.417848][ T3919]  handle_bug+0x3d/0x70
[  870.445297][ T3612] dvb_usb_mxl111sf: probe of 3-1:0.0 failed with error -22
[  870.450163][ T3919]  exc_invalid_op+0x16/0x40
[  870.450192][ T3919]  asm_exc_invalid_op+0x16/0x20
[  870.450215][ T3919] RIP: 0010:__rate_control_send_low+0x653/0x890
[  870.450238][ T3919] Code: 84 c0 48 8b 14 24 0f 85 d9 01 00 00 8b 0a 48 c7 c7 e0 94 97 8b 4c 89 f6 44 89 fa 44 8b 44 24 0c 44 8b 4c 24 08 e8 7d 61 88 f7 <0f> 0b e9 75 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c e3 f9 ff
[  870.450255][ T3919] RSP: 0018:ffffc900032f7408 EFLAGS: 00010246
[  870.450299][ T3919] RAX: 580315dcc1cefc00 RBX: 000000000000000c RCX: ffff888025849dc0
[  870.450316][ T3919] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[  870.450330][ T3919] RBP: ffff888018587a28 R08: ffffffff81669a2c R09: fffff5200065edc1
[  870.450345][ T3919] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  870.450360][ T3919] R13: 000000000000000c R14: 0000000000000000 R15: 00000000ffffffff
[  870.450382][ T3919]  ? __wake_up_klogd+0xcc/0x100
[  870.489797][ T3612] usb 3-1: USB disconnect, device number 31
[  870.494401][ T3919]  ? __rate_control_send_low+0x653/0x890
[  870.617023][ T3919]  rate_control_send_low+0x1a8/0x770
[  870.622339][ T3919]  rate_control_get_rate+0x20a/0x5d0
[  870.627648][ T3919]  ieee80211_tx_h_rate_ctrl+0xc6e/0x1990
[  870.633293][ T3919]  ? ieee80211_ie_len_he_cap+0x620/0x620
[  870.638957][ T3919]  ? ieee80211_tx_h_select_key+0x16a0/0x16a0
[  870.644969][ T3919]  invoke_tx_handlers_late+0xb2/0x17f0
[  870.650451][ T3919]  ? invoke_tx_handlers_early+0xa0d/0x1d00
[  870.656292][ T3919]  ieee80211_tx+0x2df/0x460
[  870.660807][ T3919]  ? ieee80211_skb_resize+0x640/0x640
[  870.666201][ T3919]  ? ieee80211_set_qos_hdr+0x1ca/0x520
[  870.671699][ T3919]  ? ieee80211_xmit+0x355/0x470
[  870.676570][ T3919]  __ieee80211_tx_skb_tid_band+0x164/0x200
[  870.682394][ T3919]  ieee80211_scan_state_send_probe+0x557/0x8f0
[  870.688582][ T3919]  ieee80211_scan_work+0x62b/0x1d00
[  870.693810][ T3919]  ? print_irqtrace_events+0x210/0x210
[  870.699281][ T3919]  ? ieee80211_can_scan+0x200/0x200
[  870.704506][ T3919]  ? do_raw_spin_unlock+0x137/0x8b0
[  870.709728][ T3919]  process_one_work+0x8a1/0x10c0
[  870.714690][ T3919]  ? worker_detach_from_pool+0x260/0x260
[  870.720347][ T3919]  ? _raw_spin_lock_irqsave+0x120/0x120
[  870.725906][ T3919]  ? kthread_data+0x4e/0xc0
[  870.730450][ T3919]  ? wq_worker_running+0x97/0x170
[  870.735493][ T3919]  worker_thread+0xaca/0x1280
[  870.740217][ T3919]  kthread+0x3f6/0x4f0
[  870.744299][ T3919]  ? rcu_lock_release+0x20/0x20
[  870.749162][ T3919]  ? kthread_blkcg+0xd0/0xd0
[  870.753767][ T3919]  ret_from_fork+0x1f/0x30
[  870.758223][ T3919]  </TASK>
[  870.761561][ T3919] Kernel Offset: disabled
[  870.766384][ T3919] Rebooting in 86400 seconds..