last executing test programs:

2m50.109744753s ago: executing program 1 (id=3303):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r7 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r7, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x3, {{0x40}, 0x4}}, 0x10, 0x0}, 0x30c)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000793000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000040)="26260fae49000f1c70080fc7b90000008066baf80cb88cf2a689ef66bafc0cb037ee0f01dfdc7a0067670f01c381fa080000000f2c8423f47f00000f2045", 0x3e}], 0x1, 0x2a, 0x0, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
ioctl$KVM_GET_SREGS(r9, 0x8138ae83, &(0x7f0000000340))
pread64(r9, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
ioctl$KVM_NMI(r8, 0xae9a)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
r10 = socket$inet(0x2, 0x2, 0x1)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r12 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000797000/0x4000)=nil, r11, 0x1000004, 0x4010, r12, 0x0)
sendmsg$inet(r10, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000400)="08001efbb07d586e", 0x8}], 0x1, &(0x7f0000000980)=[@ip_tos_int={{0x14, 0x0, 0x7}}], 0x18}, 0x80)

2m49.30895554s ago: executing program 1 (id=3306):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10)
fdatasync(0xffffffffffffffff)

2m48.961987868s ago: executing program 1 (id=3309):
socket(0x10, 0x3, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000001100), 0x0, 0x0)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000001140)=[0xffffffff, 0x60a5800, 0x3, 0x0, 0xe9d, 0x3])

2m48.702520077s ago: executing program 1 (id=3310):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r2, 0x5452, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000180)=""/253, 0x3e, 0xfd, 0x1, 0x0, 0x0, @void, @value}, 0x28)
readv(r2, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071102400000000009500000700000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000380)={[{@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@fat=@fmask}, {@uni_xlate}, {@uni_xlateno}, {@rodir}, {@shortname_mixed}, {@uni_xlateno}, {@utf8no}, {@utf8}, {@shortname_win95}, {@rodir}, {@fat=@nfs_nostale_ro}, {@rodir}, {@utf8}, {@shortname_winnt}, {}]}, 0x6, 0x2c3, &(0x7f0000000900)="$eJzs3T+LHGUcB/Df7M3OrlrsFlYiOKCFVciltdlDEhCvMmyhFnqYC8jtItzBgX9wTWVrY2HhKxAEX4iN70CwFeyMEHhkZmeyu5dlcxuyJyafT5MnzzzfeX7Ps8PdXHHPffzq9OROGXfvffV79PtZdEYxivtZDKMTrW9ixei7AAD+z+6nFH+luW1yWUT0d1cWALBDl/v+ny+av1xJWQDADt1+/4N3Dw4Pb75Xlv24Nf32fFz9ZF/9O79+cDc+jUkcx/UYxIOI+kWhG/XbQtW8lVKa5WVlGG9MZ+fjKjn96Nfm/gd/RtT5/RjEsO56+LZR5985vLlfzi3lZ1UdLzbzj6r8jRjEyw/DK/kba/IxLuLN15fqvxaD+O2T+CwmcacuYpH/er8s307f//3lh1V5VT6bnY979biFtHfFHw0AAAAAAAAAAAAAAAAAAAAAAM+wa83ZOb2oz++puprzd/YeVP/pRtkarp7PM89n7Y2WzwdKKc1S/Nier3O9LMvUDFzk83glXz5YEAAAAAAAAAAAAAAAAAAAAJ5fZ59/cXI0mRyfPpVGexpAHhH/3I540vuMlnpei82De82cR5NJp2mujsmXe2KvHZNFbCyjWsST7kYeW639hUdqbho//bzt7P3Hj+mun+tpNtqn6+QoW7+HvWh7+s1G/VBELMYUccm5ios9aTC/T9rqIyjWXhpsvfbipbox2zAmsk2FvfXHfOeanuziKop6V9fGu01jKX7h2bjU8xz9efzRrxWZ0zoAAAAAAAAAAAAAAAAAAGCnFr/9u+bivY3RTurtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFKLv/+/RWPWhI9Pz/LHDC7i9Ow/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgX8DAAD//x0KWZ8=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)

2m45.984774176s ago: executing program 1 (id=3318):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100007f0000000000030000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = dup(r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r3}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000bc0)=[{&(0x7f0000000080)="580000001500add427323b472545b4562d117fffffff81000e224e237f000001925aa80020007b0009008000", 0x2c}, {&(0x7f0000000ac0)="da31f93c3bf3da4969f48044cbc032ac78009d74e589bdb72c1c5c2883e04c38d66d0891494f01", 0x27}], 0x2)
sendmmsg$inet(r6, &(0x7f0000005240), 0x4000095, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r5, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x6, 0x1, 0x801, 0x0, 0x0, {0x7}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40)
setsockopt$inet_opts(r6, 0x0, 0x4, 0x0, 0x0)

2m43.757320266s ago: executing program 1 (id=3324):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000003c0)='./file2\x00', 0x1c04b, &(0x7f0000000580), 0x1, 0x751, &(0x7f0000000900)="$eJzs3c1rXFUfB/DfvZNJ0pfnSSqlWhEccFFBnTS19W3VVlGoIqLiukM6LaXTpiQRTOwidelCBAWX6n9RcNONa8FF1a2uFIpUu6koI3demiGZSWKYzEXv5wN3cs49k5zzzSU5984d5gRQWJXsIY04HBFnk4ipzv4kIsqt0ljEyfbz7t25NvfHnWtzSTSbb/2atJ6T7Yue78ns61QmI+Lb00k8UNrY7+LyyqVao1Ff6NRnli5fnVlcXnnq4uXahfqF+pVjx0/MPnviuWeOPz+sqKVDZ558/dAHL976qvnmKy99c2I1yYKNtRt7cwxLJSr3fye9si5fHnZnOSl18vTmTMZyHBD/SNpzDA/FVJRi7eBNxdff5To4AGBXNEsRTQCgYBLzPwAUTPd1gHt3rs11t3xfkRit26eidaNyY/6xONn6OtUsR8Te35O1OyOV9v2u6SH0X4mIG3ffuZVtsUv3ITezej0iHuqXv3V3NKZbd3HX5e/cMzo6hP4r6+r/pvwnh9B/3vkBKKabp9oT2cb5L+3Mb/3nv8k+c9dO5D3/DT7/W8tf6pM/O/97Y5t9fPHRIw8Oaus9/8u2rP/uueAo3L4e8fDY4POfLH8yIP/ZbfZx4+f3a4Pa8s7f/DLiSN/rn7V3tCWbvz9x5vzFRv1o+7FvH5/MnPlwUP9558+O/94B+bc6/le32cdfB388Paht6/zpL+PJ263SeGfPe7WlpYXZiPHktY37j20+lu5zuj8jy//4Y5v//ffLn10Trm4z/+ev/vbZzvPvriz/uR0e/4+32cef8z9NDmrLOz8AAAAAAAAAAAAAAAAAAAAAAAAAjEIaEfsjSav3y2larbbX8D4Ye9PG/OLSE+fn371yLmuLmI5y2v2ky6l2Pcnqs53Pw+/Wj62rPx0RByLi04k9rXp1br5xLu/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCxb936/3cn2uv/AwD/cZN5DwAAGDnzPwAUj/kfAIrH/A8AxWP+B4DiMf8DQPGY/wEAAAAAAAAAAAAAAAAAAAAAYKQOPHrzhyQiVl/Y09oy4522cq4jA3ZbmvcAgNyU8h4AkJuxvAcA5MY1PpBs0T7wI8JXXUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAcRw5b/x+Kyvr/UFxW74Tisv4/FJdrfMD6/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsLX9rS1Jq521wPdHmlarEf+LiOkoJ+cvNupHI+L/EfH9RHkiq8/mPWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGLLF5ZVLtUajvqCgoKBwv5D3fyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYvbVFv/MeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHlaXF65VGs06gu7WMg7IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAw/R0AAP//8lssMw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0xa)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score_adj\x00')
writev(r3, &(0x7f0000000c80)=[{&(0x7f0000000cc0)='0', 0x1}, {0x0, 0x2}], 0x2)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
unshare(0x62040200)

2m42.491982001s ago: executing program 32 (id=3324):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000003c0)='./file2\x00', 0x1c04b, &(0x7f0000000580), 0x1, 0x751, &(0x7f0000000900)="$eJzs3c1rXFUfB/DfvZNJ0pfnSSqlWhEccFFBnTS19W3VVlGoIqLiukM6LaXTpiQRTOwidelCBAWX6n9RcNONa8FF1a2uFIpUu6koI3demiGZSWKYzEXv5wN3cs49k5zzzSU5984d5gRQWJXsIY04HBFnk4ipzv4kIsqt0ljEyfbz7t25NvfHnWtzSTSbb/2atJ6T7Yue78ns61QmI+Lb00k8UNrY7+LyyqVao1Ff6NRnli5fnVlcXnnq4uXahfqF+pVjx0/MPnviuWeOPz+sqKVDZ558/dAHL976qvnmKy99c2I1yYKNtRt7cwxLJSr3fye9si5fHnZnOSl18vTmTMZyHBD/SNpzDA/FVJRi7eBNxdff5To4AGBXNEsRTQCgYBLzPwAUTPd1gHt3rs11t3xfkRit26eidaNyY/6xONn6OtUsR8Te35O1OyOV9v2u6SH0X4mIG3ffuZVtsUv3ITezej0iHuqXv3V3NKZbd3HX5e/cMzo6hP4r6+r/pvwnh9B/3vkBKKabp9oT2cb5L+3Mb/3nv8k+c9dO5D3/DT7/W8tf6pM/O/97Y5t9fPHRIw8Oaus9/8u2rP/uueAo3L4e8fDY4POfLH8yIP/ZbfZx4+f3a4Pa8s7f/DLiSN/rn7V3tCWbvz9x5vzFRv1o+7FvH5/MnPlwUP9558+O/94B+bc6/le32cdfB388Paht6/zpL+PJ263SeGfPe7WlpYXZiPHktY37j20+lu5zuj8jy//4Y5v//ffLn10Trm4z/+ev/vbZzvPvriz/uR0e/4+32cef8z9NDmrLOz8AAAAAAAAAAAAAAAAAAAAAAAAAjEIaEfsjSav3y2larbbX8D4Ye9PG/OLSE+fn371yLmuLmI5y2v2ky6l2Pcnqs53Pw+/Wj62rPx0RByLi04k9rXp1br5xLu/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCxb936/3cn2uv/AwD/cZN5DwAAGDnzPwAUj/kfAIrH/A8AxWP+B4DiMf8DQPGY/wEAAAAAAAAAAAAAAAAAAAAAYKQOPHrzhyQiVl/Y09oy4522cq4jA3ZbmvcAgNyU8h4AkJuxvAcA5MY1PpBs0T7wI8JXXUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAcRw5b/x+Kyvr/UFxW74Tisv4/FJdrfMD6/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsLX9rS1Jq521wPdHmlarEf+LiOkoJ+cvNupHI+L/EfH9RHkiq8/mPWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGLLF5ZVLtUajvqCgoKBwv5D3fyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYvbVFv/MeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHlaXF65VGs06gu7WMg7IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAw/R0AAP//8lssMw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0xa)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score_adj\x00')
writev(r3, &(0x7f0000000c80)=[{&(0x7f0000000cc0)='0', 0x1}, {0x0, 0x2}], 0x2)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
unshare(0x62040200)

2m42.462193251s ago: executing program 3 (id=3327):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe77}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4004)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00')

2m41.404090966s ago: executing program 3 (id=3328):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = dup3(0xffffffffffffffff, r0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000))
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)

2m39.462562268s ago: executing program 3 (id=3329):
epoll_create1(0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
read(r0, &(0x7f0000002e00)=""/4088, 0xff8)

2m39.219360347s ago: executing program 3 (id=3331):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = dup3(r0, r1, 0x80000)
connect$netlink(r2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000340)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@nobarrier}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x64)
getdents(r3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="080004007f0000000a00"], 0x50}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

2m38.313625533s ago: executing program 3 (id=3335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0x70bd2d, 0x100001, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0x3, r5}]}, 0x3c}, 0x1, 0xd, 0x0, 0x480c5}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000280)={@local}, &(0x7f0000000300)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/stat\x00', 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)

2m36.522120855s ago: executing program 3 (id=3340):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000a80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = dup2(r0, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
time(0x0)

2m35.934061453s ago: executing program 33 (id=3340):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000a80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = dup2(r0, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
time(0x0)

1m54.149287875s ago: executing program 4 (id=3399):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prlimit64(0x0, 0x5, &(0x7f0000000000), 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x100)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
creat(&(0x7f0000000280)='./file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCGFIELDINFO(0xffffffffffffffff, 0xc038480a, &(0x7f0000000180)={0x1, 0x100, 0x8, 0x32f, 0x8, 0x2, 0x7, 0x100, 0xb9e9, 0xdb55, 0xe, 0x1000, 0x1000, 0x1})
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)

1m52.96555675s ago: executing program 4 (id=3402):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x208)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x20000000, @loopback, 0xfffffffe}, 0x1c)
shutdown(r0, 0x1)

1m52.139815617s ago: executing program 4 (id=3404):
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a0100000000000000000001000000"], 0xfc}}, 0x0)
r6 = socket(0x10, 0x80003, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000000c0)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x40000000, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2000000000000000}, 0x18)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f0000000140)={0x1d, r8}, 0x10)
close(r7)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2}, &(0x7f0000000180), &(0x7f00000001c0))

1m50.743973951s ago: executing program 4 (id=3410):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r2, 0x5452, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000180)=""/253, 0x3e, 0xfd, 0x1, 0x0, 0x0, @void, @value}, 0x28)
readv(r2, &(0x7f0000000300)=[{0x0}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071102400000000009500000700000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000380)={[{@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@fat=@fmask}, {@uni_xlate}, {@uni_xlateno}, {@rodir}, {@shortname_mixed}, {@uni_xlateno}, {@utf8no}, {@utf8}, {@shortname_win95}, {@rodir}, {@fat=@nfs_nostale_ro}, {@rodir}, {@utf8}, {@shortname_winnt}, {}]}, 0x6, 0x2c3, &(0x7f0000000900)="$eJzs3T+LHGUcB/Df7M3OrlrsFlYiOKCFVciltdlDEhCvMmyhFnqYC8jtItzBgX9wTWVrY2HhKxAEX4iN70CwFeyMEHhkZmeyu5dlcxuyJyafT5MnzzzfeX7Ps8PdXHHPffzq9OROGXfvffV79PtZdEYxivtZDKMTrW9ixei7AAD+z+6nFH+luW1yWUT0d1cWALBDl/v+ny+av1xJWQDADt1+/4N3Dw4Pb75Xlv24Nf32fFz9ZF/9O79+cDc+jUkcx/UYxIOI+kWhG/XbQtW8lVKa5WVlGG9MZ+fjKjn96Nfm/gd/RtT5/RjEsO56+LZR5985vLlfzi3lZ1UdLzbzj6r8jRjEyw/DK/kba/IxLuLN15fqvxaD+O2T+CwmcacuYpH/er8s307f//3lh1V5VT6bnY979biFtHfFHw0AAAAAAAAAAAAAAAAAAAAAAM+wa83ZOb2oz++puprzd/YeVP/pRtkarp7PM89n7Y2WzwdKKc1S/Nier3O9LMvUDFzk83glXz5YEAAAAAAAAAAAAAAAAAAAAJ5fZ59/cXI0mRyfPpVGexpAHhH/3I540vuMlnpei82De82cR5NJp2mujsmXe2KvHZNFbCyjWsST7kYeW639hUdqbho//bzt7P3Hj+mun+tpNtqn6+QoW7+HvWh7+s1G/VBELMYUccm5ios9aTC/T9rqIyjWXhpsvfbipbox2zAmsk2FvfXHfOeanuziKop6V9fGu01jKX7h2bjU8xz9efzRrxWZ0zoAAAAAAAAAAAAAAAAAAGCnFr/9u+bivY3RTurtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFKLv/+/RWPWhI9Pz/LHDC7i9Ow/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgX8DAAD//x0KWZ8=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)

1m48.410313791s ago: executing program 4 (id=3414):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
recvmsg$unix(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x0)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r7, 0x0, 0xc, &(0x7f0000000040)="001ca73e", 0x4)
setsockopt$inet_opts(r7, 0x0, 0xd, &(0x7f0000000000)='S', 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000020000000c"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r9}, 0x18)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r10, 0x4b72, &(0x7f0000000280)={0x1, 0x1, 0xd, 0x12, 0x63, 0x0})

1m46.356539582s ago: executing program 4 (id=3419):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="1b00000000000000000000000080000000", @ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{}, {0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffa}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)

1m45.787908679s ago: executing program 34 (id=3419):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="1b00000000000000000000000080000000", @ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{}, {0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffa}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)

11.058944436s ago: executing program 2 (id=3637):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
execve(0x0, 0x0, 0x0)

10.954664196s ago: executing program 5 (id=3638):
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c00"], 0xfc}}, 0x0)
r6 = socket(0x10, 0x80003, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000000c0)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x40000000, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2000000000000000}, 0x18)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f0000000140)={0x1d, r8}, 0x10)
close(r7)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2}, &(0x7f0000000180), &(0x7f00000001c0))

10.798571725s ago: executing program 2 (id=3639):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000011c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x88, &(0x7f00000002c0)="b9425b446512d23236973599b76c4705397f00466eb0ef01e29655f663ee844da60be22bf21472b1e7f49ad068c4e1c0a9573325f36784ffffce4c6b81fdb183acf730ddbf395346f7fd23f2e176b224e7ea1deb33c697884689393c15d155a710eb972acd778cd33d4d8a9cf9d6707a573da8dd49c0c6d33f0a3898c315943f48ff06761880b65a")

9.771977611s ago: executing program 0 (id=3642):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x208)
bind$inet6(r0, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x20000000, @loopback, 0xfffffffe}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x10020, 0x0, 0x0)
shutdown(r0, 0x1)

9.771225541s ago: executing program 5 (id=3643):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000b80000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x0, 0x27, 0x0, 0x1, 0xa, 0x0, @void, @value}, 0x28)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x15, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x1, '\x00', 0x0, r0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
io_uring_register$IORING_REGISTER_FILES2(r1, 0xd, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_open_dev$vcsa(&(0x7f0000000500), 0x0, 0x80000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r4}, 0xc)
r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, 0x0)
writev(r5, &(0x7f0000000800)=[{0x0}], 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

9.61834348s ago: executing program 7 (id=3644):
r0 = fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000240)='veth0_to_hsr\x00')
mkdirat(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$inet(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x44}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478)

9.473747369s ago: executing program 0 (id=3645):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

8.526514706s ago: executing program 5 (id=3647):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xb, &(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRESDEC], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
mremap(&(0x7f000017e000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f00006ef000/0x2000)=nil)
r1 = io_uring_setup(0x6dc5, &(0x7f0000000080)={0x0, 0x7ffff001, 0x4, 0xfffffffe})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYBLOB="93db564fe8d5b0817b3e1b91b5e6fbcc8e9e689ee6fa4c812527366aad1740c6b950bdab93c4cd620fe8f529ba704b02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = timerfd_create(0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, 0x0, 0x0)
read(r2, &(0x7f0000000400)=""/190, 0xbe)

8.519402105s ago: executing program 7 (id=3648):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000040), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

8.441632865s ago: executing program 0 (id=3649):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'bridge0\x00', <r5=>0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[], 0x6c}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000100003052bbd7000249d020000000000", @ANYRES32=0x0, @ANYBLOB="15010000ad190800140012800b0001006d61637365630000ff00028008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x8, [@typedef={0x3}, @var={0x4, 0x0, 0x0, 0xe, 0x1}]}, {0x0, [0x0, 0x0, 0x61, 0x2e, 0x2e, 0x2e]}}, &(0x7f0000000040)=""/176, 0x3c, 0xb0, 0x1, 0x0, 0x0, @void, @value}, 0x20)

8.178719934s ago: executing program 7 (id=3650):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r0 = gettid()
r1 = eventfd2(0x0, 0x0)
write$eventfd(r1, &(0x7f0000000140)=0xfffffffffffffff8, 0x8)
write$eventfd(r1, &(0x7f0000000040)=0x8, 0x8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000280)={[{@discard}, {@nombcache}, {@journal_checksum}, {@stripe={'stripe', 0x3d, 0x8}}, {@orlov}, {@dioread_nolock}]}, 0x4, 0x45b, &(0x7f0000002580)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=")
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0xa26c2, 0x14)

7.14662148s ago: executing program 2 (id=3651):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

7.022132969s ago: executing program 0 (id=3652):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000000)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/74, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000008c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000002c0)=0x1)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000cc0)={0x0, r2})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f00008e4000/0x3000)=nil, 0x3000, &(0x7f0000000900)='\x9eI\x199NeK\xf19\xdcv\x88!\xb2v\xf9\xb4\x94N\x1a\x9a\xb7\x9d\xb2\x1a\x01\xd3\x8e\x03l\xabU\xba:\xe9\xd7\xf9\x15r\xe2[\xf0\x9e\x84B\xe9\xab\f\xa0\xe2s\xa5$\xd5s[\xf4\xe4\x16\xb0T\x14\x81(D\x8cp\xf9\xa6\xaf\xc0M\x8cx\x0f\x1d4Q\x9d\x1cj\xf4\xcf\xb2\xdc\x83\xa0\xa4\xa3\xa3,w1\xe9t\xe5\xca{V1]E\'\xfeP\xbe\x15\x8c\x97\xfaJ\xcb\xbd\xa4qr\xbdDz\x15\xb6\aVo\xcd\xb1s\x93\xef+`=\xc3\xe5\xf4q\xf2\xea\x81\xee\x1d\xc4)\xcbg$\x85\x8e\xf2EC\x83\xad\xde\xb3v\x87_\x8f\\\x8e\x01\xfdt\x0f\xb0\v\x1c\x90\x851o\x9a\x01\x86\xb9\xfbU\x17\x8f\xa1;\xdb\xcai\xd18\r\x12\xb9\x13\x9a\x01\n\xa9\xd0\x8f\xee\xd3@\xea\x88\x16h?\xe3S\xc6A\x8aHu\x1b\xca\x1a!z\xfa\xe4\x12\xb7\xec#\xeb\t\x85F\x11\xbc\n\x94\x8b:Y+@\xc4\x8d\xb9p\xfd\xe3\x1e\n\xcc`Z\xea<\xba\xf4KX\xe7\x02\xaa\xd2W\x97\xc84?#\xd29\x92\xa5Ln\xdf\xad\xda\xbd\xdb\x01gX\xc3\xf3\x9c\xf7\x00\x00\x00\x00\x00\x007\x00S\x9b\xb3\xf6\xe8\x03\x03\x98\xbaC\xef\']\xb8\xcdG\x01\xaee\xbd\x17H\xde\xb7\xa6\xe5?\xe8K\xe8\xa0\xd8\xe1\x98\xc1\x9c0F\xbc\x05\x00\x00\x00\x1fk\xcbA\xd4\x8dT\x87\xba\xf8\n\xf6\xaa\x995\xb4=\xf8\xea\x99\x8d\xedB\x81o:\x95[t\xd3\xd7~\x92\xea4\f\xbf\xf0\x054T\x06_\x98\xf6\xac,\xfa\xc0@\xc1\x916\xd0\xaf\xd4\x1d>\xa7M\x97\xb6l\xec\xd1\xda\xde\xbb>7r\xfd\x9e\xdet\xa9f\x87/\x918A\xd6\x88\xe8\x1b\x01\x00\x13 Y\'\x8e\xba\xbb-3b\x9fO\xff\x86\x98\xa4T\x00\xc6\xb1\xba\xd0Y\xeb\xb87M\xd2v\xf8\xd1\xbb|]=>C\xb5g`I\xb4\xe5N\x1d<\xe4\xc0\x10\xf1s\x18\xe9v\x80\x91\xd5\xe9\xb5\x82}\x82\xe0y\xe3O\aR~\x98\xb2h\x153\x12\xbbK\xe3\xac\x97\xa1\xd2kU\x8d\xe8\x9eQ)\x0e\xebH)uus\x02\xb8[k\x97\xe0\xd0\xaf\x12\xfb\x1dX\x92\x1e<\xd3l\xf8\xd5VD=M\x10\x97\xb7\x89\"x\xd6\x9cKD\xd5\x8fmp$\xb5\x0f\xb4\xf7\x84uwR\x85\xe5\xb4\xc8f\x90l\x9b\xcf \xfc\xa0z\xd2#\xe1\xb5J\xc4\xf3\xb1;\xb4\x88\xa6Dk\xf4#\x92\x10\xef\x17H\xe8Il\xd1\xa9_\v,\xc1zA\xad\xf1\x91HN:\x8a\x00r\xc7\rj\x92\b(\x1c\xaeU(\xdbq\xcd\x88\xd5\xf9\xaa\x02\xc4n\xde\x16\x05\x1b')
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r3=>0xffffffffffffffff})
recvmsg(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeb2c, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000100), &(0x7f00000001c0)=r4}, 0x20)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)

7.011918849s ago: executing program 6 (id=3653):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getrlimit(0x3, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0))

6.935178909s ago: executing program 5 (id=3654):
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c00"], 0xfc}}, 0x0)
r6 = socket(0x10, 0x80003, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000000c0)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x40000000, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2000000000000000}, 0x18)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f0000000140)={0x1d, r8}, 0x10)
close(r7)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x2}, &(0x7f0000000180), &(0x7f00000001c0))

6.818572749s ago: executing program 7 (id=3655):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x208)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x2200c851, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x10020, 0x0, 0x0)
shutdown(r0, 0x1)

4.275268678s ago: executing program 6 (id=3656):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
recvmsg$unix(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x0)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r7, 0x0, 0xc, &(0x7f0000000040)="001ca73e", 0x4)
setsockopt$inet_opts(r7, 0x0, 0xd, &(0x7f0000000000)='S', 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000020000000c"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r9}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r8}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r10, 0x4b72, &(0x7f0000000280)={0x1, 0x1, 0xd, 0x12, 0x63, 0x0})

4.212404797s ago: executing program 7 (id=3657):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000640)=@abs={0x0, 0x0, 0x8359}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket$unix(0x1, 0x2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg(r4, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000040), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1810714, &(0x7f0000000400)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@init_itable_val}, {@nolazytime}, {@jqfmt_vfsv1}, {@prjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7fff}}, {@grpquota}, {@errors_continue}, {@errors_continue}, {@test_dummy_encryption}]}, 0x1, 0x472, &(0x7f0000000c00)="$eJzs289vVEUcAPDve7sFBGUrIgqCVNGk8UdLCyoHE6PRxIMmJnrAY20LQRZqaE2ENFqNwaMh8W48mvgXePJk1JOJVzyaGBKixAT04pq3+17ZLrullS27YT+fZGFm3+zMfPvevJ2d2Q1gYI1k/yQRd0fExYioNLIrC4w0/rt2ZXH67yuL00nUam/+kdTLXb2yOF3LFa/bltc5mkaknyZ5IzHUXO382XMnp6rV2TN5fnzh1Hvj82fPPX3i1NTx2eOzpyePHDl8aOK5ZyefadPr3y6sN84svqt7Ppzbu/vVty+8Pn30wjs/fpP1d9e+xvEsjvXW2UGtlidGssD/bPxtWgs93qXG+sW/tetxJuVe94a1KkVEOR+cF6MSpbh+8irxyic97RywobJ79ubOh5dqwB0siY0rDfSz4o0++/xbPG7T1KMvXH6x8QEoi/ta/mgcKUealxnawPZHIuLo0j9fZo9oWYeotVk3AAC4Vd9l85+n2s3/0tjVVG57vjc0HBH3RsSOiLgvInZGxP0R9bIPRMSD62x/pCV/4/wzvfS/AlujbP73fL63tXL+V8z+YriU5+6pxz+UHDtRnT2Y/01GY2hzlp9oV3lRxcu/fN6p/eb5X/bI2i/mgnkll8qNBbotxTMzUwtT3ZqUXv44Yk+5XfzJ8k5AEhG7I2LP+qreXiROPPH13k6Fbh7/Krqwz1T7qqhkcSla4i8kq+9Pjm+J6uzB8eKquNFPP59/o1P7txR/F2Tnf+vK67+lROWvpHm/dn75wAvNpVZZQ47zv37W8TNlee3X/7Ls+t+UvFXf092UP/fB1MLCmYmITclr9fyK5yevv7bIF+Wz+EcPtB//O/LXZPE/FBHZRbwvIh6OiP35uXskIh6NiAOrxP/DS4+92+lYP5z/mbb3v+Xrf3jl+V9/onTy+287tb+2+9/hemo0f6Z+/7uJzt0pbqMtVzMAAADcwdL6d+OTdGw5naZjY43v8O+MrWl1bn7hyWNz75+eaXyHfjiG0mKlq9K0HjqRLOU1NvKT+VpxcfxQvm78Remuen5seq460+PYYdBt6zD+M7+Xet07YMP5vRYMrtbxn/aoH8Dt5/0fBpfxD4PL+IfB1W78f9SStxcAd6Japdc9AHrH/B8Gl/EPg8v4h4F0K7/r36hEeZVf70v0SyLSvuhG3yT2txlNaY/GV7kLo7vHNyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu+S8AAP//W5/4VQ==")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
socket$nl_route(0x10, 0x3, 0x0)

4.046515947s ago: executing program 2 (id=3658):
r0 = fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000240)='veth0_to_hsr\x00')
mkdirat(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$inet(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x44}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478)

4.046359497s ago: executing program 5 (id=3659):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)

2.609448651s ago: executing program 6 (id=3660):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

2.49915422s ago: executing program 5 (id=3661):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
remap_file_pages(&(0x7f000053b000/0x4000)=nil, 0x4000, 0x0, 0xc4, 0x20000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

1.955598028s ago: executing program 2 (id=3662):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
symlink(&(0x7f0000000080)='./file0/file0/..\x00', &(0x7f0000000380)='./file0\x00')
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
fsetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', &(0x7f0000000080)='n&$[}\x00', 0x6, 0x3)
write$uinput_user_dev(r0, &(0x7f0000000600)={'syz1\x00', {}, 0x0, [0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb3b, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000, 0x4, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x200, 0x0, 0xea, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xd6bd, 0x0, 0x0, 0x68, 0xb3, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa5a6597, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6efa6a35], [0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x45c)
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0xa18c14, &(0x7f0000000840)=ANY=[@ANYBLOB="756e695f786c6174653d312c696f636861727365743d69a17707e859d35af809cabc3e7b83736f383835392d392c73686f72746e616d653d77696e6e742c636f6465706167653d313235352c757466383d302c636f6465706167653d3836332c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c726f6469722c726f6469722c696f636861727365743d6b6f69382d72752c00", @ANYRES32=0x0, @ANYRES64=0x0, @ANYBLOB="d42184e7536f8334664d8a1366979a4ce592af94824b33891dbfb3f9b7dd812db7ee53466615968608a745682c1af481a043a10e87e9e6dee379613d787f8f64047c6fec292c6d107491a8227b1fc329e86bba5b205a0fd9a0cc9d0fd01b107fc6ef7355fe0e081b3adbc1627a4a073234508028c58a82fa5b82a55c8cec57366a104379954f29bf3643d6800db34c27ec0398c0046d3f454f9e3b2537f4d16d1735288e68b6956a0236369cde68cc87427385ac43f035f94c8a34ea32b0d7f5e6850c71bafde794f197ea2460402a5efdf08044726d919f2cb2c39c9703d095f8289347ca8f6084b8f03c59b86f7c1cd809b99b7bd3f08bff", @ANYRESHEX], 0x81, 0x2b9, &(0x7f0000000580)="$eJzs3c2KI1UUAOBT6fyqkCxciWCBLlyFmXmCCdLCYFZKFrrRwcmAJmEggYA/GGflXnDlO/gOPoAb38CFS8GdsxBLkqrqJJPEnkibke7v2+TUvefUvXVz0w0Nuf3Rq5PRg0ezh4+//CWazSQqd+NuPEmiE5UofR0AwHXyJMvi9yx3WW416hGRtYurygmmBwD8B475/Q8AXA/vvf/BO71+//zdNG1GTL6ZD5LIX/P+3sP4JMYxjFvRjj8jsgt5/NK9/nlU07T8Y8C8FYOIyYc/Fde93yJW9bejHZ2n6+tFVroSb0wW88Fy5OVrLV5IInpZkqfciXa8HJHVorhJ/vL2vf75nXS3Pgb1ePP174v5/zWMbrTj54/jUYzjweoW6/qvbqfpW9l3f3yRP8EgIlnMB41V3lp2dpI3BAAAAAAAAAAAAAAAAAAAAACAG6GbXuhsnp9TngbY7e7vP3g+UHHCz2LjfJ1baZqWx/jMB7XI66vxSjWqz+/JAQAAAAAAAAAAAAAAAAAA4P9j9tnno/vj8XC6FfyYLYPWds7ycl9yEVQ3Wsqv9R9MPhx8ugxGP0QcVfXMQZwVUxsnO0MkZdcVjNU4Jrm1b9CoHFrD6jjyyX97/MRe237A5JKqcpscuQhl2eh+EpckN/dvko2dWW7D6Sz5x027HWR7lu7sYFV9s6XyjEPsu8+L/3bbtHYXqvgU1S4Wc7uquXwnN1pqV/xJeUpyZT9zAAAAAAAAAAAAAAAAAACA/dZf+o1fdzofP5cpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDJlf//v7weTmfRWbVMy67KuqtoWWy2VLaSd4LGdLbKbWwN2zndEwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAT/B0AAP//8DpGFQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)

1.713765527s ago: executing program 6 (id=3663):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2007, &(0x7f0000000200)=<r1=>0x0)
r2 = eventfd2(0x0, 0x1)
io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x2000000, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}])
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
pipe(&(0x7f0000000000)={<r4=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(r4, 0x5421, 0x110e22fff7)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$UHID_INPUT(r6, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f363b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
gettid()

1.330574385s ago: executing program 0 (id=3664):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xb, &(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRESDEC], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
mremap(&(0x7f000017e000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f00006ef000/0x2000)=nil)
r1 = io_uring_setup(0x6dc5, &(0x7f0000000080)={0x0, 0x7ffff001, 0x4, 0xfffffffe})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYBLOB="93db564fe8d5b0817b3e1b91b5e6fbcc8e9e689ee6fa4c812527366aad1740c6b950bdab93c4cd620fe8f529ba704b02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x0, 0x11a}, 0x20)
r2 = timerfd_create(0x0, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, 0x0, 0x0)
read(r2, &(0x7f0000000400)=""/190, 0xbe)

414.480341ms ago: executing program 7 (id=3665):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f0000000780), &(0x7f00000007c0)=0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000f20b00000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000007f160085000000820000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")

218.4456ms ago: executing program 6 (id=3666):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000f0400000000005f"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0c00000004000000040000000700000000000000", @ANYRES32=r1], 0x50)

4.865279ms ago: executing program 2 (id=3667):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x208)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x2200c851, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x10020, 0x0, 0x0)
shutdown(r0, 0x1)

4.33483ms ago: executing program 0 (id=3668):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)

0s ago: executing program 6 (id=3669):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x200c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000006040)=[{{&(0x7f0000000300)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000001cc0)=[{&(0x7f00000038c0)=""/139, 0x8b}, {&(0x7f0000000940)=""/225, 0xe1}, {0x0}, {&(0x7f0000001bc0)=""/143, 0x8f}], 0x4}}, {{&(0x7f0000001e40)=@ax25={{0x3, @null}, [@rose, @netrom, @bcast, @rose, @netrom, @netrom, @netrom, @bcast]}, 0x80, &(0x7f0000002140)=[{0x0}, {&(0x7f0000001f80)=""/114, 0x72}, {&(0x7f0000002000)=""/149, 0x95}, {&(0x7f00000020c0)=""/110, 0x6e}], 0x4, &(0x7f00000021c0)=""/184, 0xb8}, 0xc}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/135, 0x87}, 0x9}, {{&(0x7f0000003680)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000003800), 0x0, &(0x7f0000003840)=""/74, 0x4a}, 0x800}, {{0x0, 0x0, &(0x7f0000004a80), 0x0, &(0x7f0000004b00)=""/252, 0xfc}, 0xfffffff7}, {{&(0x7f0000004c00)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000005f40)=[{&(0x7f0000004c80)=""/85, 0x55}, {&(0x7f0000004d00)=""/4096, 0x1000}, {&(0x7f0000005d00)=""/112, 0x70}, {&(0x7f0000005d80)=""/113, 0x71}, {&(0x7f0000005e00)=""/173, 0xad}, {&(0x7f0000005ec0)=""/123, 0x7b}], 0x6}, 0x9}], 0x6, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000010000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB='\a\x00'/12, @ANYRES32, @ANYBLOB="3b72f02a20e244cae0f5d81b71a66c4dc23802", @ANYRES64=0x0], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r6, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r4}, 0x20)
splice(r2, 0x0, r3, 0x0, 0x4ffe6, 0x0)

kernel console output (not intermixed with test programs):

=0x7ffc0000
[  489.351526][   T27] audit: type=1326 audit(1734621599.570:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12044 comm="syz.0.2833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  489.365360][T12068] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2838'.
[  489.475488][   T27] audit: type=1326 audit(1734621599.570:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12044 comm="syz.0.2833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  489.568247][   T27] audit: type=1326 audit(1734621599.570:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12044 comm="syz.0.2833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  489.602621][   T27] audit: type=1326 audit(1734621599.570:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12044 comm="syz.0.2833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  490.255037][T12083] netlink: 'syz.3.2844': attribute type 4 has an invalid length.
[  490.322985][T12083] netlink: 'syz.3.2844': attribute type 4 has an invalid length.
[  490.829142][T12110] netlink: 252 bytes leftover after parsing attributes in process `syz.0.2852'.
[  493.365612][ T4264] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  493.376498][ T4264] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  493.385327][ T4264] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  493.494842][ T4264] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  493.502798][ T4264] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  493.512376][ T4264] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  494.534483][   T27] kauditd_printk_skb: 47 callbacks suppressed
[  494.534499][   T27] audit: type=1326 audit(1734621605.270:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.600872][   T27] audit: type=1326 audit(1734621605.310:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.631014][T12172] chnl_net:caif_netlink_parms(): no params data found
[  494.667572][   T27] audit: type=1326 audit(1734621605.320:3115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.783889][   T27] audit: type=1326 audit(1734621605.320:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.858763][   T27] audit: type=1326 audit(1734621605.320:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.881578][   T27] audit: type=1326 audit(1734621605.320:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.905583][   T27] audit: type=1326 audit(1734621605.320:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.928593][   T27] audit: type=1326 audit(1734621605.320:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  494.967643][   T27] audit: type=1326 audit(1734621605.320:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  495.040740][   T27] audit: type=1326 audit(1734621605.320:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12210 comm="syz.1.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  495.165655][T12172] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.396103][T12172] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.692285][T12172] device bridge_slave_0 entered promiscuous mode
[  495.699056][ T4264] Bluetooth: hci0: command 0x0409 tx timeout
[  495.764277][T12172] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.806697][T12172] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.847278][T12172] device bridge_slave_1 entered promiscuous mode
[  496.001789][T12172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  496.076932][T12172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  496.155003][T12172] team0: Port device team_slave_0 added
[  496.180510][T12172] team0: Port device team_slave_1 added
[  496.375080][T12172] batman_adv: batadv0: Adding interface: batadv_slave_0
[  496.383785][T12172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.397540][T12246] loop2: detected capacity change from 0 to 8192
[  496.454144][T12172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  496.529644][T12172] batman_adv: batadv0: Adding interface: batadv_slave_1
[  496.551890][T12172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.626274][T12172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  496.829489][ T4578] tipc: Disabling bearer <eth:team0>
[  496.846710][ T4578] tipc: Left network mode
[  497.557857][T12172] device hsr_slave_0 entered promiscuous mode
[  497.601774][T12172] device hsr_slave_1 entered promiscuous mode
[  497.662786][T12172] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  497.675405][T12172] Cannot create hsr debugfs directory
[  497.777590][ T4255] Bluetooth: hci0: command 0x041b tx timeout
[  499.224611][T12172] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  499.275819][T12172] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  499.458545][T12172] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  499.484180][T12172] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  499.554350][   T27] kauditd_printk_skb: 47 callbacks suppressed
[  499.554366][   T27] audit: type=1326 audit(1734621610.290:3170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  499.689562][   T27] audit: type=1326 audit(1734621610.330:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  499.808056][   T27] audit: type=1326 audit(1734621610.360:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  499.857957][ T4255] Bluetooth: hci0: command 0x040f tx timeout
[  499.864877][T12172] 8021q: adding VLAN 0 to HW filter on device bond0
[  499.886592][ T4578] device hsr_slave_0 left promiscuous mode
[  499.902759][   T27] audit: type=1326 audit(1734621610.360:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  499.927004][ T4578] device hsr_slave_1 left promiscuous mode
[  499.934147][   T27] audit: type=1326 audit(1734621610.360:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  500.003626][   T27] audit: type=1326 audit(1734621610.360:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  500.096547][   T27] audit: type=1326 audit(1734621610.360:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  500.141015][   T27] audit: type=1326 audit(1734621610.360:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  500.231259][   T27] audit: type=1326 audit(1734621610.360:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  500.337551][   T27] audit: type=1326 audit(1734621610.380:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12345 comm="syz.1.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  501.300985][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  501.307442][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  501.938559][ T4255] Bluetooth: hci0: command 0x0419 tx timeout
[  503.625150][ T4578] team0 (unregistering): Port device wg2 removed
[  504.062676][ T4578] bond0 (unregistering): Released all slaves
[  504.180457][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  504.191029][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  504.381804][T12172] 8021q: adding VLAN 0 to HW filter on device team0
[  504.610822][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  504.624962][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  504.633756][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state
[  504.640963][ T5077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  504.650252][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  504.659512][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  504.668636][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.675808][ T5077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  504.686087][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  504.707090][   T27] kauditd_printk_skb: 24 callbacks suppressed
[  504.707115][   T27] audit: type=1326 audit(1734621615.440:3204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  504.708708][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  504.721129][   T27] audit: type=1326 audit(1734621615.460:3205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  504.755391][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  504.837521][   T27] audit: type=1326 audit(1734621615.510:3206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  504.870049][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  504.897564][   T27] audit: type=1326 audit(1734621615.510:3207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  504.898280][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  504.987774][   T27] audit: type=1326 audit(1734621615.510:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  504.995791][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  505.054477][   T27] audit: type=1326 audit(1734621615.510:3209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  505.083179][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  505.103659][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  505.139713][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  505.146656][   T27] audit: type=1326 audit(1734621615.510:3210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  505.170921][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  505.192624][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  505.217467][   T27] audit: type=1326 audit(1734621615.510:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  505.234905][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  505.308526][   T27] audit: type=1326 audit(1734621615.510:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  505.402685][   T27] audit: type=1326 audit(1734621615.510:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12449 comm="syz.1.2978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ef85d29 code=0x7ffc0000
[  505.655379][T12474] device bridge0 left promiscuous mode
[  505.796371][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  505.815385][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  505.847187][T12172] 8021q: adding VLAN 0 to HW filter on device batadv0
[  505.952412][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  505.991795][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  506.043065][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  506.066489][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  506.081373][T12172] device veth0_vlan entered promiscuous mode
[  506.092132][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  506.102040][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  506.146230][T12172] device veth1_vlan entered promiscuous mode
[  506.209238][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  506.312415][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  506.332436][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  506.401663][T12172] device veth0_macvtap entered promiscuous mode
[  506.452843][T12172] device veth1_macvtap entered promiscuous mode
[  506.576123][T12172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  506.629475][T12172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.666844][T12172] batman_adv: batadv0: Interface activated: batadv_slave_0
[  506.689347][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  506.708145][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  506.737996][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  506.776603][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  506.804213][T12172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.830952][T12172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.848856][T12172] batman_adv: batadv0: Interface activated: batadv_slave_1
[  506.970446][T12514] netlink: 'syz.0.3007': attribute type 4 has an invalid length.
[  507.008819][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  507.032244][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  507.049576][T12172] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  507.073660][T12172] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  507.138334][T12172] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  507.178460][T12172] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  507.226619][T12514] netlink: 'syz.0.3007': attribute type 4 has an invalid length.
[  508.169507][ T5065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.197472][ T5065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.251948][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  508.283568][ T5077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.319669][ T5077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.340971][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  508.580544][T12546] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2866'.
[  509.392420][T12553] loop3: detected capacity change from 0 to 128
[  509.449747][T12555] netlink: 'syz.4.3023': attribute type 4 has an invalid length.
[  509.611354][T12558] netlink: 'syz.4.3023': attribute type 4 has an invalid length.
[  510.436389][T12575] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3031'.
[  510.523025][ T5077] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.643723][ T5077] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.655610][T12582] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3033'.
[  510.666584][ T4264] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  510.677923][ T4264] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  510.686010][ T4264] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  510.695516][ T4264] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  510.703215][ T4264] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  510.711246][ T4264] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  510.752157][   T27] kauditd_printk_skb: 45 callbacks suppressed
[  510.752175][   T27] audit: type=1326 audit(1734621621.490:3259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  510.814658][ T5077] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.827452][   T27] audit: type=1326 audit(1734621621.490:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  510.850194][   T27] audit: type=1326 audit(1734621621.520:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  510.872727][   T27] audit: type=1326 audit(1734621621.540:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  510.895955][   T27] audit: type=1326 audit(1734621621.540:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  510.958620][   T27] audit: type=1326 audit(1734621621.540:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  510.999339][ T5077] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.034352][   T27] audit: type=1326 audit(1734621621.540:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  511.101910][T12590] device pim6reg1 entered promiscuous mode
[  511.123746][   T27] audit: type=1326 audit(1734621621.540:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  511.189888][   T27] audit: type=1326 audit(1734621621.540:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  511.305469][   T27] audit: type=1326 audit(1734621621.570:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.3034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff34785d29 code=0x7ffc0000
[  511.970915][T12610] loop3: detected capacity change from 0 to 128
[  512.423083][T12615] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3044'.
[  512.738680][ T4264] Bluetooth: hci4: command 0x0409 tx timeout
[  512.876271][T12621] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3045'.
[  514.371417][T12580] chnl_net:caif_netlink_parms(): no params data found
[  514.817758][ T4264] Bluetooth: hci4: command 0x041b tx timeout
[  514.862778][T12661] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3055'.
[  515.018145][T12580] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.037568][T12580] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.045879][T12580] device bridge_slave_0 entered promiscuous mode
[  515.125694][T12672] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3058'.
[  515.160642][T12675] loop2: detected capacity change from 0 to 128
[  515.167523][T12580] bridge0: port 2(bridge_slave_1) entered blocking state
[  515.174689][T12580] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.191468][T12580] device bridge_slave_1 entered promiscuous mode
[  516.526722][T12580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  516.639560][T12580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  516.700340][T12701] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3069'.
[  516.908539][ T4264] Bluetooth: hci4: command 0x040f tx timeout
[  517.025927][T12714] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3073'.
[  518.155110][T12580] team0: Port device team_slave_0 added
[  518.244241][T12725] loop3: detected capacity change from 0 to 128
[  518.253187][T12580] team0: Port device team_slave_1 added
[  519.018873][T12580] batman_adv: batadv0: Adding interface: batadv_slave_0
[  519.168110][T12580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  519.325756][ T4264] Bluetooth: hci4: command 0x0419 tx timeout
[  519.333105][T12580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  519.350329][ T5077] device hsr_slave_0 left promiscuous mode
[  519.363715][T12746] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3082'.
[  519.377638][ T5077] device hsr_slave_1 left promiscuous mode
[  519.514607][ T5077] device veth1_vlan left promiscuous mode
[  519.540193][ T5077] device veth0_vlan left promiscuous mode
[  520.271929][T12755] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3083'.
[  520.328226][ T5077] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  520.912773][T12780] loop2: detected capacity change from 0 to 128
[  522.045918][   T37] smc: removing ib device syz1
[  522.081934][ T5077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  522.168167][ T5077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  522.667953][ T5077] bond0 (unregistering): Released all slaves
[  522.703344][T12580] batman_adv: batadv0: Adding interface: batadv_slave_1
[  522.710461][T12580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  522.736900][T12580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  522.967982][T12788] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3094'.
[  523.088431][T12580] device hsr_slave_0 entered promiscuous mode
[  523.122760][T12580] device hsr_slave_1 entered promiscuous mode
[  523.129900][T12794] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3097'.
[  523.139374][T12580] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  523.155669][T12580] Cannot create hsr debugfs directory
[  524.214373][T12828] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3107'.
[  524.282199][   T27] kauditd_printk_skb: 15 callbacks suppressed
[  524.282213][   T27] audit: type=1326 audit(1734621635.020:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.371328][   T27] audit: type=1326 audit(1734621635.060:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.471161][   T27] audit: type=1326 audit(1734621635.060:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.579736][   T27] audit: type=1326 audit(1734621635.060:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.625473][   T27] audit: type=1326 audit(1734621635.070:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.648720][   T27] audit: type=1326 audit(1734621635.070:3289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.738438][   T27] audit: type=1326 audit(1734621635.070:3290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.804065][   T27] audit: type=1326 audit(1734621635.070:3291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.892767][   T27] audit: type=1326 audit(1734621635.070:3292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  524.928999][T12580] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  524.973632][T12580] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  525.014250][   T27] audit: type=1326 audit(1734621635.070:3293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12829 comm="syz.4.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92d2b85d29 code=0x7ffc0000
[  525.448489][T12580] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  525.505245][T12580] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  526.122374][T12580] 8021q: adding VLAN 0 to HW filter on device bond0
[  526.359667][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  526.382414][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  526.426020][T12580] 8021q: adding VLAN 0 to HW filter on device team0
[  526.487671][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  526.496514][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  526.523810][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.531040][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  526.558016][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  526.582371][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  526.616674][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  526.638422][ T5088] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.645625][ T5088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  527.093077][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  527.115654][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  527.140221][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  527.154710][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  527.215081][T12580] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  527.271819][T12580] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  527.315969][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  527.332930][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  527.358679][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  527.386448][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  527.410189][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  527.440400][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  527.460608][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  527.494136][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  527.759833][T12931] device pim6reg1 entered promiscuous mode
[  528.172315][T12951] loop3: detected capacity change from 0 to 128
[  530.271644][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  530.287669][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  530.315903][T12580] 8021q: adding VLAN 0 to HW filter on device batadv0
[  530.360798][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  530.382643][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  530.419937][T12580] device veth0_vlan entered promiscuous mode
[  530.433152][T12580] device veth1_vlan entered promiscuous mode
[  530.460823][T12580] device veth0_macvtap entered promiscuous mode
[  530.471764][T12580] device veth1_macvtap entered promiscuous mode
[  530.494911][T12580] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  530.509205][T12580] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.566057][T12580] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  530.589878][T12580] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.615838][T12580] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.627143][T12580] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.640515][T12580] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.697630][T12580] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.714746][T12580] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.746126][T12580] batman_adv: batadv0: Interface activated: batadv_slave_1
[  530.787694][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  530.804317][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  530.829794][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  530.864249][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  530.884554][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  530.908582][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  530.947831][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  530.969545][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  530.989238][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  531.020279][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  531.042027][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  531.096362][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  531.128373][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  531.142991][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  531.190371][T12580] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  531.212693][T12580] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  531.242132][T12580] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  531.255717][T12580] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  531.544031][T13004] loop3: detected capacity change from 0 to 128
[  531.576628][ T5088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  531.579986][T13008] loop2: detected capacity change from 0 to 128
[  531.617435][ T5088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  533.978576][ T5088] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  534.159657][ T5072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  534.189241][ T5072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  534.204614][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  535.433221][T13063] loop3: detected capacity change from 0 to 128
[  537.376813][T13064] loop1: detected capacity change from 0 to 8192
[  537.611470][   T27] kauditd_printk_skb: 35 callbacks suppressed
[  537.611488][   T27] audit: type=1804 audit(1734621648.350:3329): pid=13064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3176" name="/newroot/2/bus/bus" dev="loop1" ino=1048623 res=1 errno=0
[  537.725792][ T4255] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  537.736261][ T4255] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  537.745876][ T4255] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  537.755042][ T4255] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  537.762760][ T4255] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  537.771683][   T27] audit: type=1804 audit(1734621648.410:3330): pid=13082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3176" name="/newroot/2/bus/bus" dev="loop1" ino=1048623 res=1 errno=0
[  537.793956][ T4255] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  537.945989][ T5086] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 37845 - 0
[  537.967455][ T5086] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  538.064937][ T5086] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 37845 - 0
[  538.102590][ T5086] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  538.297313][ T5086] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 37845 - 0
[  538.355164][ T5086] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  538.520932][ T5086] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 37845 - 0
[  538.530024][T13114] loop2: detected capacity change from 0 to 128
[  538.543225][T13112] loop1: detected capacity change from 0 to 128
[  538.551128][ T5086] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  539.969124][ T4255] Bluetooth: hci3: command 0x0409 tx timeout
[  540.832348][T13083] chnl_net:caif_netlink_parms(): no params data found
[  542.017688][ T4255] Bluetooth: hci3: command 0x041b tx timeout
[  544.097515][ T4255] Bluetooth: hci3: command 0x040f tx timeout
[  545.523703][T13145] device syzkaller0 entered promiscuous mode
[  545.774673][   T27] audit: type=1326 audit(1734621656.510:3331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.816485][   T27] audit: type=1326 audit(1734621656.510:3332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.848813][   T27] audit: type=1326 audit(1734621656.540:3333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.873210][   T27] audit: type=1326 audit(1734621656.540:3334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.917490][   T27] audit: type=1326 audit(1734621656.540:3335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.944139][   T27] audit: type=1326 audit(1734621656.540:3336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.968842][   T27] audit: type=1326 audit(1734621656.540:3337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  545.991507][   T27] audit: type=1326 audit(1734621656.540:3338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  546.014741][   T27] audit: type=1326 audit(1734621656.540:3339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  546.072881][   T27] audit: type=1326 audit(1734621656.540:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13190 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faacef85d29 code=0x7ffc0000
[  546.177777][ T4255] Bluetooth: hci3: command 0x0419 tx timeout
[  547.979774][T13186] device wg2 entered promiscuous mode
[  548.251569][ T5086] device ip6gretap0 left promiscuous mode
[  548.378825][T13083] bridge0: port 1(bridge_slave_0) entered blocking state
[  548.387147][T13083] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.423511][T13083] device bridge_slave_0 entered promiscuous mode
[  548.499884][T13083] bridge0: port 2(bridge_slave_1) entered blocking state
[  548.518100][T13083] bridge0: port 2(bridge_slave_1) entered disabled state
[  548.526253][T13083] device bridge_slave_1 entered promiscuous mode
[  548.693533][T13083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  548.765086][T13083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  549.035707][T13083] team0: Port device team_slave_0 added
[  549.060301][T13083] team0: Port device team_slave_1 added
[  549.202986][T13083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.247895][T13083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.297775][T13083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  549.354616][T13083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  549.367446][T13083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.423515][T13083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  550.184500][T13083] device hsr_slave_0 entered promiscuous mode
[  550.204693][T13083] device hsr_slave_1 entered promiscuous mode
[  550.221260][T13083] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  550.230762][T13083] Cannot create hsr debugfs directory
[  550.502581][T13243] device pim6reg1 entered promiscuous mode
[  551.432804][T13270] loop1: detected capacity change from 0 to 8192
[  551.466608][ T5086] device veth1_vlan left promiscuous mode
[  551.473871][ T5086] device veth0_vlan left promiscuous mode
[  551.512717][   T27] kauditd_printk_skb: 19 callbacks suppressed
[  551.512735][   T27] audit: type=1804 audit(1734621662.250:3360): pid=13270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3233" name="/newroot/11/bus/bus" dev="loop1" ino=1048624 res=1 errno=0
[  551.569938][   T27] audit: type=1804 audit(1734621662.280:3361): pid=13270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3233" name="/newroot/11/bus/bus" dev="loop1" ino=1048624 res=1 errno=0
[  552.776163][ T5086] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  553.064143][ T5086] bond0 (unregistering): Released all slaves
[  554.342289][T13317] loop3: detected capacity change from 0 to 8192
[  555.071453][   T27] audit: type=1804 audit(1734621665.810:3362): pid=13317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3247" name="/newroot/61/bus/bus" dev="loop3" ino=1048625 res=1 errno=0
[  555.201327][   T27] audit: type=1804 audit(1734621665.840:3363): pid=13317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.3247" name="/newroot/61/bus/bus" dev="loop3" ino=1048625 res=1 errno=0
[  559.032579][T13354] device pim6reg1 entered promiscuous mode
[  559.394378][T13083] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  559.456765][T13083] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  559.511440][T13083] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  559.542056][T13083] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  559.932752][T13083] 8021q: adding VLAN 0 to HW filter on device bond0
[  559.995728][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  560.038202][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  560.062377][T13083] 8021q: adding VLAN 0 to HW filter on device team0
[  560.112935][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  560.133328][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  560.153005][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state
[  560.160251][ T5077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  560.224187][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  560.233394][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  560.296529][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  560.319364][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[  560.326571][ T5077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  560.365930][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  560.391323][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  560.426815][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  560.463339][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  560.524386][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  560.544357][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  560.556703][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  560.707163][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  560.729168][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  560.784710][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  560.915107][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  561.560416][T13083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  562.021172][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  562.037808][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  562.075958][T13083] 8021q: adding VLAN 0 to HW filter on device batadv0
[  562.176452][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  562.209645][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  562.281658][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  562.291100][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  562.331292][T13083] device veth0_vlan entered promiscuous mode
[  562.343022][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  562.374205][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  562.405560][T13083] device veth1_vlan entered promiscuous mode
[  562.523823][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  562.549157][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  562.594293][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  562.641884][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  562.675282][T13083] device veth0_macvtap entered promiscuous mode
[  562.723366][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  562.741695][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  562.748094][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  562.763199][T13083] device veth1_macvtap entered promiscuous mode
[  562.830788][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  562.892189][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.918611][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  562.939271][T13487] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  562.960271][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.971593][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.001439][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.045000][T13083] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.073377][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  563.102783][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  563.127060][T13482] loop2: detected capacity change from 0 to 8192
[  563.140790][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  563.159711][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.182230][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  563.235188][   T27] audit: type=1804 audit(1734621673.970:3364): pid=13482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3300" name="/newroot/116/bus/bus" dev="loop2" ino=1048626 res=1 errno=0
[  563.277438][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.302305][T13083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  563.314049][   T27] audit: type=1804 audit(1734621673.980:3365): pid=13482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3300" name="/newroot/116/bus/bus" dev="loop2" ino=1048626 res=1 errno=0
[  563.347151][T13083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.376229][T13083] batman_adv: batadv0: Interface activated: batadv_slave_1
[  563.422560][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  563.445934][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  563.506407][T13083] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  563.531340][T13083] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  563.582095][T13083] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  563.650648][T13083] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  563.929657][ T5065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.967826][ T5065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.012338][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  564.036303][ T5065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.079452][ T5065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.124401][T13514] loop2: detected capacity change from 0 to 1024
[  564.126013][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  564.158894][T13514] EXT4-fs: Ignoring removed orlov option
[  564.188503][T13514] EXT4-fs: Ignoring removed nomblk_io_submit option
[  564.323239][T13514] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  564.434803][T13514] EXT4-fs (loop2): Online resizing not supported with bigalloc
[  565.274262][T13521] loop1: detected capacity change from 0 to 256
[  565.304467][T13521] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  565.315195][T13521] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  565.325436][T13521] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  565.337630][   T27] audit: type=1800 audit(1734621676.080:3366): pid=13521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3310" name="file1" dev="loop1" ino=1048630 res=0 errno=0
[  565.400002][T11657] EXT4-fs (loop2): unmounting filesystem.
[  565.908839][T13538] overlayfs: failed to clone upperpath
[  566.927258][T12580] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  567.098319][T12580] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  568.801251][ T4264] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  568.812177][ T4264] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  568.821007][ T4264] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  568.832602][ T4264] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  568.840619][ T4264] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  568.848687][ T4264] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  569.111506][ T5088] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.302228][T13552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3321'.
[  569.316433][T13552] device bridge0 entered promiscuous mode
[  569.322556][T13552] device macsec1 entered promiscuous mode
[  569.330727][T13552] device bridge0 left promiscuous mode
[  569.475432][T13565] loop3: detected capacity change from 0 to 16
[  569.691545][T13565] erofs: (device loop3): mounted with root inode @ nid 36.
[  569.769643][T13565] syz.3.3323: attempt to access beyond end of device
[  569.769643][T13565] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  570.263468][ T5088] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.443633][ T5088] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.639935][ T5088] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.680512][T13572] loop2: detected capacity change from 0 to 2048
[  570.919064][ T4264] Bluetooth: hci1: command 0x0409 tx timeout
[  571.061019][T13572] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  571.507959][T13558] chnl_net:caif_netlink_parms(): no params data found
[  571.717875][ T4393] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  571.878492][T13558] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.890075][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.912080][ T4264] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  571.923022][ T4265] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  571.931581][ T4264] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  571.940213][ T4265] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  571.951208][ T4264] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  571.972886][ T4264] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  571.986752][ T4393] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.998155][ T4393] usb 3-1: config 0 has no interfaces?
[  572.004662][ T4393] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  572.005333][T13558] device bridge_slave_0 entered promiscuous mode
[  572.016072][ T4393] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.044270][ T4393] usb 3-1: config 0 descriptor??
[  572.199705][T13558] bridge0: port 2(bridge_slave_1) entered blocking state
[  572.206867][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.241007][T13558] device bridge_slave_1 entered promiscuous mode
[  573.008388][ T4264] Bluetooth: hci1: command 0x041b tx timeout
[  573.343541][T13558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  573.443675][T13558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  573.740407][T13558] team0: Port device team_slave_0 added
[  573.850633][T13605] loop3: detected capacity change from 0 to 512
[  573.861889][T13558] team0: Port device team_slave_1 added
[  573.938397][T13605] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.3331: inode #1: comm syz.3.3331: iget: illegal inode #
[  574.045819][T13605] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.3331: error while reading EA inode 1 err=-117
[  574.096135][T13605] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.3331: inode #1: comm syz.3.3331: iget: illegal inode #
[  574.117751][ T4255] Bluetooth: hci4: command 0x0409 tx timeout
[  574.135542][T13605] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.3331: error while reading EA inode 1 err=-117
[  574.157072][T13558] batman_adv: batadv0: Adding interface: batadv_slave_0
[  574.165846][T13558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  574.185737][T13605] EXT4-fs (loop3): 1 orphan inode deleted
[  574.192337][T13558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  574.246696][T13605] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  574.350121][T11653] usb 3-1: USB disconnect, device number 2
[  574.374417][T13558] batman_adv: batadv0: Adding interface: batadv_slave_1
[  574.397578][T13558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  574.412274][T11657] EXT4-fs (loop2): unmounting filesystem.
[  574.486823][T13558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  574.587029][T12172] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  574.658497][T12172] EXT4-fs error (device loop3): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 15
[  574.711490][T13587] chnl_net:caif_netlink_parms(): no params data found
[  574.785003][T12172] EXT4-fs error (device loop3): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 15
[  575.190597][ T4255] Bluetooth: hci1: command 0x040f tx timeout
[  576.204293][T13558] device hsr_slave_0 entered promiscuous mode
[  576.235974][T13558] device hsr_slave_1 entered promiscuous mode
[  576.251623][ T4255] Bluetooth: hci4: command 0x041b tx timeout
[  576.259641][T13558] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  576.267247][T13558] Cannot create hsr debugfs directory
[  576.323374][T12172] EXT4-fs (loop3): unmounting filesystem.
[  576.753760][T13587] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.780317][T13587] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.794692][T13587] device bridge_slave_0 entered promiscuous mode
[  576.847704][T13587] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.854866][T13587] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.888685][T13587] device bridge_slave_1 entered promiscuous mode
[  576.982753][ T5088] device hsr_slave_0 left promiscuous mode
[  576.991956][ T5088] device hsr_slave_1 left promiscuous mode
[  576.999116][ T5088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  577.027620][ T5088] batman_adv: batadv0: Removing interface: batadv_slave_0
[  577.044630][ T5088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  577.071022][ T5088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  577.096180][ T5088] device bridge_slave_1 left promiscuous mode
[  577.108256][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.147948][ T5088] device bridge_slave_0 left promiscuous mode
[  577.154498][ T5088] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.217465][ T4255] Bluetooth: hci1: command 0x0419 tx timeout
[  577.318614][ T5088] device veth1_macvtap left promiscuous mode
[  577.324722][ T5088] device veth0_macvtap left promiscuous mode
[  577.353678][ T5088] device veth1_vlan left promiscuous mode
[  577.362374][ T5088] device veth0_vlan left promiscuous mode
[  577.658991][ T4264] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  577.673098][ T4264] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  577.681876][ T4264] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  577.690777][ T4264] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  577.700251][ T4264] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  577.715377][ T4264] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  578.374170][ T4255] Bluetooth: hci4: command 0x040f tx timeout
[  578.570241][T13666] overlayfs: failed to resolve './file1': -2
[  579.818882][ T4264] Bluetooth: hci0: command 0x0409 tx timeout
[  580.417527][ T4255] Bluetooth: hci4: command 0x0419 tx timeout
[  580.618602][ T5088] team0 (unregistering): Port device team_slave_1 removed
[  581.587590][ T5088] team0 (unregistering): Port device team_slave_0 removed
[  581.704324][ T5088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  581.807109][ T5088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  581.857643][ T4264] Bluetooth: hci0: command 0x041b tx timeout
[  582.819534][ T5088] bond0 (unregistering): Released all slaves
[  583.020260][T13587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  583.088828][T13587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  583.253667][T13587] team0: Port device team_slave_0 added
[  583.293072][T13587] team0: Port device team_slave_1 added
[  583.389466][T13558] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.602229][T13587] batman_adv: batadv0: Adding interface: batadv_slave_0
[  583.641434][T13587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  583.870718][T13587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  583.937520][ T4264] Bluetooth: hci0: command 0x040f tx timeout
[  584.085676][T13558] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.413797][T13587] batman_adv: batadv0: Adding interface: batadv_slave_1
[  584.440825][T13587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  584.512653][T13587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  584.637980][T13558] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.928200][T13558] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.303120][T13587] device hsr_slave_0 entered promiscuous mode
[  585.697836][T13587] device hsr_slave_1 entered promiscuous mode
[  585.730009][T13587] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  585.787484][T13587] Cannot create hsr debugfs directory
[  586.018113][ T4255] Bluetooth: hci0: command 0x0419 tx timeout
[  586.258329][T13558] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  586.302656][T13558] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  586.338990][T13663] chnl_net:caif_netlink_parms(): no params data found
[  586.448668][ T5088] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.476983][T13558] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  586.498323][T13558] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  586.590587][ T5088] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.808701][ T5088] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.026101][ T5088] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.189043][T13663] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.196268][T13663] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.229212][T13663] device bridge_slave_0 entered promiscuous mode
[  587.276094][T13663] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.287741][T13663] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.307745][T13663] device bridge_slave_1 entered promiscuous mode
[  587.421847][T13663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  587.434248][T13663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  587.459414][T13587] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  587.498746][T13587] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  587.725133][T13663] team0: Port device team_slave_0 added
[  587.735173][T13587] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  587.752643][T13587] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  588.536303][T13558] 8021q: adding VLAN 0 to HW filter on device bond0
[  588.563460][T13663] team0: Port device team_slave_1 added
[  588.679978][T13663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  588.694616][T13663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.768196][T13663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.041202][ T5088] device ip6gretap0 left promiscuous mode
[  589.123931][T13558] 8021q: adding VLAN 0 to HW filter on device team0
[  589.166327][T13663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  589.174786][T13663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.221799][T13663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  589.249234][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  589.264927][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  589.425340][T13754] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  589.476234][T13754] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  589.496913][T13754] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  589.609890][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  589.629086][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  589.649322][ T4306] bridge0: port 1(bridge_slave_0) entered blocking state
[  589.656477][ T4306] bridge0: port 1(bridge_slave_0) entered forwarding state
[  589.700349][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  589.728293][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  589.765179][ T4306] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.772371][ T4306] bridge0: port 2(bridge_slave_1) entered forwarding state
[  589.813455][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  589.977904][T13663] device hsr_slave_0 entered promiscuous mode
[  590.028368][T13663] device hsr_slave_1 entered promiscuous mode
[  590.054374][T13663] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  590.066763][T13663] Cannot create hsr debugfs directory
[  590.207082][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  590.247218][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  590.376331][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  590.389686][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  590.408370][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  590.417809][ T4264] Bluetooth: hci2: command 0x0406 tx timeout
[  590.434786][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  590.453590][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  590.471122][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  590.509730][T13558] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  590.522153][T13558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  590.615097][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  590.638503][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  590.652315][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  590.798569][T13587] 8021q: adding VLAN 0 to HW filter on device bond0
[  591.121578][T13587] 8021q: adding VLAN 0 to HW filter on device team0
[  591.144432][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  591.154898][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  591.295106][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  591.314867][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  591.343585][ T4306] bridge0: port 1(bridge_slave_0) entered blocking state
[  591.350821][ T4306] bridge0: port 1(bridge_slave_0) entered forwarding state
[  591.385484][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  591.406984][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  591.417042][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  591.577277][T13558] 8021q: adding VLAN 0 to HW filter on device batadv0
[  591.763463][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  591.786918][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  591.805704][ T5084] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.812986][ T5084] bridge0: port 2(bridge_slave_1) entered forwarding state
[  591.855318][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  592.036926][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  592.073628][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  592.151416][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  592.187971][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  592.215786][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  592.242704][T13663] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  592.261954][T13663] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  592.442816][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  592.458280][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  592.490159][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  592.508743][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  592.534499][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  592.552925][T13663] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  592.628839][T13663] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  592.654476][T13587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  592.908913][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  592.938676][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  593.101074][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  593.118375][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  593.138680][T13558] device veth0_vlan entered promiscuous mode
[  593.163869][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  593.187882][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  593.228567][T13558] device veth1_vlan entered promiscuous mode
[  593.249565][ T5088] device hsr_slave_0 left promiscuous mode
[  593.270999][ T5088] device hsr_slave_1 left promiscuous mode
[  593.291705][ T5088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  593.314696][ T5088] batman_adv: batadv0: Removing interface: batadv_slave_0
[  593.334284][ T5088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  593.357600][ T5088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  593.376795][ T5088] device bridge_slave_1 left promiscuous mode
[  593.383428][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.402645][ T5088] device bridge_slave_0 left promiscuous mode
[  593.413765][ T5088] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.426160][ T5088] device batadv_slave_1 left promiscuous mode
[  593.443058][ T5088] device hsr_slave_0 left promiscuous mode
[  593.454047][ T5088] device hsr_slave_1 left promiscuous mode
[  593.465973][ T5088] device bridge_slave_1 left promiscuous mode
[  593.476708][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.495063][ T5088] device bridge_slave_0 left promiscuous mode
[  593.501558][ T5088] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.583562][ T5088] device veth1_macvtap left promiscuous mode
[  593.596714][ T5088] device veth0_macvtap left promiscuous mode
[  593.603114][ T5088] device veth1_vlan left promiscuous mode
[  593.617437][ T5088] device veth0_vlan left promiscuous mode
[  593.651763][ T5088] device veth1_vlan left promiscuous mode
[  593.667500][ T5088] device veth0_vlan left promiscuous mode
[  595.226106][ T5088] team0 (unregistering): Port device team_slave_1 removed
[  595.275722][ T5088] team0 (unregistering): Port device team_slave_0 removed
[  595.319705][ T5088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.365720][ T5088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  595.829170][ T5088] bond0 (unregistering): Released all slaves
[  596.322598][ T5088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  596.660953][ T5088] bond0 (unregistering): Released all slaves
[  596.774813][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  596.784052][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  596.791875][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  596.845197][T13558] device veth0_macvtap entered promiscuous mode
[  596.883121][T13587] 8021q: adding VLAN 0 to HW filter on device batadv0
[  596.936141][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  596.964584][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  597.034631][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  597.080276][T13558] device veth1_macvtap entered promiscuous mode
[  597.134999][T13663] 8021q: adding VLAN 0 to HW filter on device bond0
[  597.160167][T13558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  597.182316][T13558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.196536][T13558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  597.217730][T13558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.238899][T13558] batman_adv: batadv0: Interface activated: batadv_slave_0
[  597.309004][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  597.320952][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  597.330074][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  597.343743][T13558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  597.363115][T13558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.375178][T13558] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  597.391467][T13558] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.405448][T13558] batman_adv: batadv0: Interface activated: batadv_slave_1
[  597.424299][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  597.450531][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  597.470594][T13558] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  597.492649][T13558] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  597.501978][T13558] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  597.511091][T13558] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  597.536770][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  597.569294][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  597.599141][T13663] 8021q: adding VLAN 0 to HW filter on device team0
[  597.610553][T13840] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  597.630210][T13840] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  597.637843][T13840] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  597.659401][T13840] device bridge_slave_0 left promiscuous mode
[  597.665699][T13840] bridge0: port 1(bridge_slave_0) entered disabled state
[  597.716298][T13840] device bridge_slave_1 left promiscuous mode
[  597.725904][T13840] bridge0: port 2(bridge_slave_1) entered disabled state
[  597.743013][T13840] bond0: (slave bond_slave_0): Releasing backup interface
[  597.781573][T13840] bond0: (slave bond_slave_1): Releasing backup interface
[  597.862407][T13840] team0: Port device team_slave_0 removed
[  597.891368][T13840] team0: Port device team_slave_1 removed
[  597.906356][T13840] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  597.914431][T13840] batman_adv: batadv0: Removing interface: batadv_slave_0
[  597.923610][T13840] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  597.945441][T13840] batman_adv: batadv0: Removing interface: batadv_slave_1
[  598.113536][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  598.149219][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  598.172535][ T5084] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.179732][ T5084] bridge0: port 1(bridge_slave_0) entered forwarding state
[  598.194969][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  598.217971][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  598.226774][ T5084] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.234043][ T5084] bridge0: port 2(bridge_slave_1) entered forwarding state
[  598.279110][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  598.342073][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  598.754494][ T5065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  599.268702][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  599.282050][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  599.291339][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  599.300981][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  599.309897][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  599.320966][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  599.336193][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  599.352590][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  599.371569][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  599.440040][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  599.454748][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  599.485887][T13587] device veth0_vlan entered promiscuous mode
[  599.511676][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  599.532678][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  599.558756][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  599.576847][ T5077] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  599.588567][T13663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  599.609544][T13587] device veth1_vlan entered promiscuous mode
[  599.667675][ T5068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  599.675990][ T5068] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  599.721657][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  599.730845][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  599.742024][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  599.766196][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  599.783149][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  599.812180][T13587] device veth0_macvtap entered promiscuous mode
[  599.830454][ T5086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  599.853350][T13587] device veth1_macvtap entered promiscuous mode
[  599.870322][ T5086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  599.938791][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  599.954809][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  599.963864][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  599.999546][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  600.041573][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  600.062352][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  600.080018][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  600.159101][T13587] batman_adv: batadv0: Interface activated: batadv_slave_0
[  600.227869][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  600.250090][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  600.526400][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  600.675623][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  600.884845][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  600.959780][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.041833][T13587] batman_adv: batadv0: Interface activated: batadv_slave_1
[  601.067277][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  601.092753][   T27] audit: type=1326 audit(1734621711.830:3367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13874 comm="syz.4.3319" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbd1af85d29 code=0x0
[  601.121644][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  601.162882][T13587] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  601.202901][T13587] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  601.249579][T13587] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  601.288958][T13587] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  601.394469][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  601.426767][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  601.468173][T13663] 8021q: adding VLAN 0 to HW filter on device batadv0
[  602.626636][ T5074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  602.645977][ T5082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  602.675791][ T5074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  602.695890][ T5082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  602.755509][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  602.823876][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  603.451646][T13906] loop4: detected capacity change from 0 to 128
[  604.676631][T13914] loop4: detected capacity change from 0 to 512
[  604.718548][T13914] EXT4-fs: Ignoring removed mblk_io_submit option
[  604.747502][T13914] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  604.814247][T13914] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.3375: corrupted in-inode xattr
[  604.838154][T13914] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.3375: couldn't read orphan inode 15 (err -117)
[  604.935045][T13914] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  605.033796][   T27] audit: type=1800 audit(1734621715.770:3368): pid=13914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3375" name="bus" dev="loop4" ino=18 res=0 errno=0
[  605.117956][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  605.130116][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  605.175395][   T27] audit: type=1800 audit(1734621715.860:3369): pid=13926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3375" name="bus" dev="loop4" ino=18 res=0 errno=0
[  605.183315][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  605.239510][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  605.326619][T13663] device veth0_vlan entered promiscuous mode
[  605.350966][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  605.391047][ T4577] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  605.398498][   T27] audit: type=1326 audit(1734621715.900:3370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13923 comm="syz.0.3376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x7fc00000
[  605.433769][T13663] device veth1_vlan entered promiscuous mode
[  606.052298][ T4578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  606.065633][ T4578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  606.146925][ T4578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  606.222086][ T4578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  606.248214][T13663] device veth0_macvtap entered promiscuous mode
[  606.311737][T13663] device veth1_macvtap entered promiscuous mode
[  608.846631][T13558] EXT4-fs (loop4): unmounting filesystem.
[  608.874120][T13663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  608.976358][T13663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  609.036622][T13663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  609.083514][T13663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  609.141530][T13663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  609.194270][T13663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  609.287837][T13663] batman_adv: batadv0: Interface activated: batadv_slave_0
[  609.329590][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  609.361934][ T5074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  609.415210][T13663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  609.469479][T13663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  609.515980][T13663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  609.593889][T13663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  609.629754][T13663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  609.676185][T13663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  609.741839][T13663] batman_adv: batadv0: Interface activated: batadv_slave_1
[  609.873785][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  609.890245][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  610.103587][T13968] loop4: detected capacity change from 0 to 256
[  610.290352][T13663] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  610.340370][T13663] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  610.404072][T13663] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  610.507467][T13663] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  611.156862][T13976] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  611.167118][T13976] FAT-fs (loop4): Filesystem has been set read-only
[  611.177736][   T27] audit: type=1800 audit(1734621721.870:3371): pid=13976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3382" name="file1" dev="loop4" ino=1048642 res=0 errno=0
[  611.250623][T13976] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  611.263999][T13976] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  613.045941][T13986] loop2: detected capacity change from 0 to 512
[  613.059054][ T4297] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  613.288095][T13986] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  613.299944][T13986] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  613.438862][ T4297] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  613.614864][ T4297] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  613.665771][ T4297] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.719267][ T4297] usb 6-1: config 0 descriptor??
[  614.069682][ T4300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  614.139584][   T27] audit: type=1326 audit(1734621724.880:3372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  614.412431][ T4300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.763972][T13997] loop5: detected capacity change from 0 to 256
[  614.798316][T13997] exfat: Deprecated parameter 'utf8'
[  615.274703][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  615.291485][T11657] EXT4-fs (loop2): unmounting filesystem.
[  615.337402][   T27] audit: type=1326 audit(1734621724.880:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  615.376962][T13991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.388644][T13997] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  615.414379][T13991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.445827][   T27] audit: type=1326 audit(1734621724.880:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  615.471053][ T5086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  615.612782][   T27] audit: type=1326 audit(1734621724.880:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  615.724652][ T4297] usbhid 6-1:0.0: can't add hid device: -71
[  615.737627][ T4297] usbhid: probe of 6-1:0.0 failed with error -71
[  615.745610][   T27] audit: type=1326 audit(1734621724.880:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  615.804577][ T4297] usb 6-1: USB disconnect, device number 2
[  615.867364][   T27] audit: type=1326 audit(1734621724.900:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  615.964050][   T27] audit: type=1326 audit(1734621724.900:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  616.087030][   T27] audit: type=1326 audit(1734621724.900:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  616.117545][T14019] xt_hashlimit: size too large, truncated to 1048576
[  616.154177][T14015] xt_hashlimit: size too large, truncated to 1048576
[  616.259648][   T27] audit: type=1326 audit(1734621724.900:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  617.847575][   T27] audit: type=1326 audit(1734621724.900:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  618.037570][   T27] audit: type=1326 audit(1734621724.900:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  618.208554][   T27] audit: type=1326 audit(1734621724.900:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  618.437099][   T27] audit: type=1326 audit(1734621724.900:3384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  618.616171][   T27] audit: type=1326 audit(1734621725.530:3385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  618.682544][   T27] audit: type=1326 audit(1734621725.530:3386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13980 comm="syz.5.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff858b85d29 code=0x7ffc0000
[  621.054181][T14065] loop4: detected capacity change from 0 to 128
[  621.476823][T14073] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3404'.
[  623.050574][T14088] loop2: detected capacity change from 0 to 256
[  623.058231][T14088] FAT-fs (loop2): Unrecognized mount option "uni_xtate=1" or missing value
[  623.129532][T14086] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  623.148776][T13684] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  623.226236][T14094] xt_TPROXY: Can be used only with -p tcp or -p udp
[  623.362159][T14086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  624.149049][T14086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  624.184595][T14095] loop4: detected capacity change from 0 to 256
[  624.204099][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  624.210506][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  624.248598][T14095] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  624.259084][T14095] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  624.270706][T14095] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  624.281847][   T27] audit: type=1800 audit(1734621735.020:3387): pid=14095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3410" name="file1" dev="loop4" ino=1048646 res=0 errno=0
[  624.442552][T13558] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  624.678290][T13558] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  626.592445][   T37] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.920974][   T37] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.071515][   T37] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.321733][   T37] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.753642][ T4265] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  628.764428][ T4265] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  628.785465][ T4265] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  628.795973][ T4265] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  628.804792][T14154] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  628.812986][T14154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  629.707366][ T4264] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  630.755453][   T27] audit: type=1326 audit(1734621741.300:3388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14173 comm="syz.0.3430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x0
[  630.977509][ T4264] Bluetooth: hci5: command 0x0409 tx timeout
[  631.072740][T14150] chnl_net:caif_netlink_parms(): no params data found
[  632.878752][T14150] bridge0: port 1(bridge_slave_0) entered blocking state
[  633.205407][ T4264] Bluetooth: hci5: command 0x041b tx timeout
[  633.785826][T14150] bridge0: port 1(bridge_slave_0) entered disabled state
[  633.794605][T14150] device bridge_slave_0 entered promiscuous mode
[  634.048088][T14150] bridge0: port 2(bridge_slave_1) entered blocking state
[  634.055258][T14150] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.103257][T14150] device bridge_slave_1 entered promiscuous mode
[  634.479605][T14150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  634.522079][T14150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  634.956732][T14210] loop2: detected capacity change from 0 to 40427
[  635.218622][ T4264] Bluetooth: hci5: command 0x040f tx timeout
[  635.398626][T14210] F2FS-fs (loop2): extra_attr or flexible_inline_xattr feature is off
[  636.105821][T14150] team0: Port device team_slave_0 added
[  636.166908][T14150] team0: Port device team_slave_1 added
[  636.172734][ T4979] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  636.382133][ T4979] usb 6-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  636.402132][ T4979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.448457][ T4979] usb 6-1: config 0 descriptor??
[  636.478649][ T4979] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  636.499611][ T4979] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  636.690285][ T4979] usb 6-1: USB disconnect, device number 3
[  636.722513][ T4979] ftdi_sio 6-1:0.0: device disconnected
[  636.763665][   T37] device hsr_slave_0 left promiscuous mode
[  636.787994][   T37] device hsr_slave_1 left promiscuous mode
[  636.801806][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  636.830827][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[  636.861063][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  636.879674][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[  636.908086][   T37] device bridge_slave_1 left promiscuous mode
[  636.924759][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.946335][   T37] device bridge_slave_0 left promiscuous mode
[  636.963651][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.043239][   T37] device veth1_macvtap left promiscuous mode
[  637.057753][   T37] device veth0_macvtap left promiscuous mode
[  637.067944][   T37] device veth1_vlan left promiscuous mode
[  637.073837][   T37] device veth0_vlan left promiscuous mode
[  637.307580][ T4264] Bluetooth: hci5: command 0x0419 tx timeout
[  638.557952][T14287] loop5: detected capacity change from 0 to 512
[  638.805302][T14287] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  638.815446][T14287] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  640.322685][   T37] team0 (unregistering): Port device team_slave_1 removed
[  640.454604][T13587] EXT4-fs (loop5): unmounting filesystem.
[  640.495262][   T37] team0 (unregistering): Port device team_slave_0 removed
[  640.583413][T14292] loop5: detected capacity change from 0 to 512
[  640.591010][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  640.615908][T14292] EXT4-fs: Ignoring removed mblk_io_submit option
[  640.686647][T14292] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.3456: inode #1: comm syz.5.3456: iget: illegal inode #
[  640.722527][T14292] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.3456: error while reading EA inode 1 err=-117
[  640.754587][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  640.790265][T14292] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.3456: inode #1: comm syz.5.3456: iget: illegal inode #
[  640.829991][T14292] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.3456: error while reading EA inode 1 err=-117
[  640.852439][T14292] EXT4-fs (loop5): 1 orphan inode deleted
[  640.883592][T14292] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  640.959459][T13587] EXT4-fs (loop5): unmounting filesystem.
[  641.123657][T14295] loop5: detected capacity change from 0 to 2048
[  641.229093][T14295] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  641.639765][ T4261] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  641.910613][ T4261] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  641.931839][ T4261] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  641.941520][ T4261] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  641.951266][ T4261] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.984377][ T4261] usb 6-1: config 0 descriptor??
[  642.033562][   T37] bond0 (unregistering): Released all slaves
[  642.142967][T14150] batman_adv: batadv0: Adding interface: batadv_slave_0
[  642.150091][T14150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  642.176687][T14150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  643.439154][T14308] xt_hashlimit: size too large, truncated to 1048576
[  644.468309][ T4979] usb 6-1: USB disconnect, device number 4
[  645.009660][T13587] EXT4-fs (loop5): unmounting filesystem.
[  646.379477][T14316] loop5: detected capacity change from 0 to 512
[  646.471548][T14316] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  646.492298][T14316] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  648.578184][T14150] batman_adv: batadv0: Adding interface: batadv_slave_1
[  648.585195][T14150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  648.623800][T14150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  648.773147][T13587] EXT4-fs (loop5): unmounting filesystem.
[  648.910500][T14150] device hsr_slave_0 entered promiscuous mode
[  648.935987][T14150] device hsr_slave_1 entered promiscuous mode
[  648.948345][T14150] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  648.956630][T14150] Cannot create hsr debugfs directory
[  649.578182][T14341] xt_TPROXY: Can be used only with -p tcp or -p udp
[  653.591799][T14150] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  653.722446][T14150] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  653.793964][T14150] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  653.850881][T14150] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  654.409540][T14150] 8021q: adding VLAN 0 to HW filter on device bond0
[  654.417613][T13989] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  654.475191][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  654.494291][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  654.522716][T14150] 8021q: adding VLAN 0 to HW filter on device team0
[  654.590709][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  654.601063][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  654.617567][T13989] usb 3-1: Using ep0 maxpacket: 16
[  654.624917][T13989] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.659970][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state
[  654.667163][ T5093] bridge0: port 1(bridge_slave_0) entered forwarding state
[  654.720943][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  654.734326][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  654.761533][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  654.831632][T13989] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  654.841653][T13989] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  654.855143][T13989] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  654.855759][ T5093] bridge0: port 2(bridge_slave_1) entered blocking state
[  654.864784][T13989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.871428][ T5093] bridge0: port 2(bridge_slave_1) entered forwarding state
[  654.881800][T13989] usb 3-1: config 0 descriptor??
[  655.064669][T14394] xt_TPROXY: Can be used only with -p tcp or -p udp
[  655.576558][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.597604][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.606050][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.622356][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.636921][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.638059][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  655.655297][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.673229][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.693328][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.757253][T14150] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  655.803133][T14150] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  655.814449][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.823156][T13989] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[  655.885199][T13989] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input5
[  655.906617][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  655.941866][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  655.975975][T13989] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  655.997490][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  656.007521][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  656.030850][T13989] usb 3-1: USB disconnect, device number 3
[  656.038336][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  656.077989][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  656.086627][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  656.128959][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  656.149536][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  656.241828][T14398] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3481'.
[  656.277155][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  656.308950][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  656.440804][T14385] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  661.095433][T14180] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  661.115343][T14180] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  661.222754][T14429] loop6: detected capacity change from 0 to 512
[  662.541735][T14150] 8021q: adding VLAN 0 to HW filter on device batadv0
[  663.124898][ T4264] Bluetooth: hci3: command 0x0406 tx timeout
[  663.168102][T14429] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  663.177165][T14429] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  663.475653][T13663] EXT4-fs (loop6): unmounting filesystem.
[  663.961150][T14466] xt_TPROXY: Can be used only with -p tcp or -p udp
[  668.541079][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  668.849410][ T5084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  668.921317][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  668.950655][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  668.993175][T14150] device veth0_vlan entered promiscuous mode
[  669.035291][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  669.054654][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  669.081044][T14150] device veth1_vlan entered promiscuous mode
[  669.151931][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  669.182377][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  669.221510][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  669.244734][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  669.298766][T14150] device veth0_macvtap entered promiscuous mode
[  669.371831][T14150] device veth1_macvtap entered promiscuous mode
[  669.444273][T14150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.477406][T14150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.510717][T14150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.550966][T14150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.583458][T14150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.619468][T14150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.653725][T14150] batman_adv: batadv0: Interface activated: batadv_slave_0
[  669.682953][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  669.708549][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  669.773099][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  669.901238][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  669.930738][T14150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  669.981592][T14150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.167989][T14150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.197409][T14150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.208843][T14150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.219691][T14150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.256099][T14150] batman_adv: batadv0: Interface activated: batadv_slave_1
[  670.284503][T14520] device pim6reg1 entered promiscuous mode
[  670.301430][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  670.326376][T14050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  671.189852][T14150] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  671.207523][T14150] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  671.226668][T14150] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  671.246053][T14150] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  671.548353][ T5082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.556734][ T5082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.633783][ T5082] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  671.664343][ T5082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.689375][ T5082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.726857][T14481] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  672.154870][T14545] device veth1_macvtap left promiscuous mode
[  672.161194][T14545] device macsec0 entered promiscuous mode
[  672.972604][T14550] loop7: detected capacity change from 0 to 512
[  673.104366][T14550] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  673.162754][T14550] EXT4-fs (loop7): orphan cleanup on readonly fs
[  673.169848][T14558] loop6: detected capacity change from 0 to 128
[  673.187902][T14550] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.3421: bg 0: block 248: padding at end of block bitmap is not set
[  673.233440][T14550] Quota error (device loop7): write_blk: dquota write failed
[  673.257679][T14550] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  673.303988][T14550] EXT4-fs error (device loop7): ext4_acquire_dquot:6794: comm syz.7.3421: Failed to acquire dquot type 1
[  673.359688][T14550] EXT4-fs (loop7): 1 truncate cleaned up
[  673.393371][T14550] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  673.723215][T14150] EXT4-fs (loop7): unmounting filesystem.
[  673.774279][T14575] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3516'.
[  674.149304][T14558] EXT4-fs (loop6): Test dummy encryption mode enabled
[  674.551675][T14575] device wireguard0 entered promiscuous mode
[  674.638636][T14558] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  674.690526][T14558] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  675.158626][T14558] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  675.782289][T14610] loop7: detected capacity change from 0 to 1024
[  675.847654][T14610] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  675.898393][T14610] EXT4-fs error (device loop7): ext4_get_journal_inode:5722: inode #32: comm syz.7.3524: iget: special inode unallocated
[  676.083963][T14610] EXT4-fs (loop7): no journal found
[  676.109620][T14610] EXT4-fs (loop7): can't get journal size
[  676.180455][T14558] fscrypt (loop6): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  676.217899][T14558] overlayfs: upper fs does not support tmpfile.
[  676.236390][T14610] EXT4-fs error (device loop7): ext4_protect_reserved_inode:160: inode #32: comm syz.7.3524: iget: special inode unallocated
[  676.263405][T14558] fscrypt (loop6): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  676.378345][T14610] EXT4-fs (loop7): failed to initialize system zone (-117)
[  676.468542][T14610] EXT4-fs (loop7): mount failed
[  676.804538][T14610] loop7: detected capacity change from 0 to 512
[  676.894666][T13663] EXT4-fs (loop6): unmounting filesystem.
[  677.111402][T14610] EXT4-fs error (device loop7): ext4_do_update_inode:5224: inode #3: comm syz.7.3524: corrupted inode contents
[  677.153022][T14610] EXT4-fs error (device loop7): ext4_dirty_inode:6089: inode #3: comm syz.7.3524: mark_inode_dirty error
[  677.245659][T14610] EXT4-fs error (device loop7): ext4_do_update_inode:5224: inode #3: comm syz.7.3524: corrupted inode contents
[  677.462313][T14610] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #3: comm syz.7.3524: mark_inode_dirty error
[  677.682071][T14610] Quota error (device loop7): write_blk: dquota write failed
[  677.948764][T14610] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  678.490433][T14610] EXT4-fs error (device loop7): ext4_acquire_dquot:6794: comm syz.7.3524: Failed to acquire dquot type 0
[  678.599675][T14610] EXT4-fs (loop7): 1 orphan inode deleted
[  678.605576][T14610] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  678.643807][T14610] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  678.652353][ T5093] Quota error (device loop7): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  678.686078][ T5093] EXT4-fs error (device loop7): ext4_release_dquot:6817: comm kworker/u4:27: Failed to release dquot type 1
[  679.804134][T14666] loop6: detected capacity change from 0 to 512
[  679.913702][T14150] EXT4-fs (loop7): unmounting filesystem.
[  679.949068][T14666] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  680.016383][T14666] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  680.450985][T14687] loop7: detected capacity change from 0 to 512
[  680.458217][T14687] EXT4-fs: Ignoring removed mblk_io_submit option
[  680.600296][T14687] EXT4-fs error (device loop7): ext4_xattr_inode_iget:404: comm syz.7.3534: inode #1: comm syz.7.3534: iget: illegal inode #
[  680.615126][T14687] EXT4-fs error (device loop7): ext4_xattr_inode_iget:409: comm syz.7.3534: error while reading EA inode 1 err=-117
[  680.632248][T14687] EXT4-fs error (device loop7): ext4_xattr_inode_iget:404: comm syz.7.3534: inode #1: comm syz.7.3534: iget: illegal inode #
[  681.229169][T14687] EXT4-fs error (device loop7): ext4_xattr_inode_iget:409: comm syz.7.3534: error while reading EA inode 1 err=-117
[  681.235069][T13663] EXT4-fs (loop6): unmounting filesystem.
[  681.250594][T14687] EXT4-fs (loop7): 1 orphan inode deleted
[  681.256397][T14687] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  681.390029][T14150] EXT4-fs (loop7): unmounting filesystem.
[  681.894377][T14707] usb usb8: usbfs: process 14707 (syz.5.3538) did not claim interface 0 before use
[  682.631010][T14709] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3539'.
[  684.278934][   T27] audit: type=1326 audit(1734622050.944:3389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  684.393524][   T27] audit: type=1326 audit(1734622050.974:3390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  684.512228][   T27] audit: type=1326 audit(1734622050.974:3391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  684.535671][   T27] audit: type=1326 audit(1734622050.974:3392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  684.681465][   T27] audit: type=1326 audit(1734622050.974:3393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  684.807659][   T27] audit: type=1326 audit(1734622050.994:3394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  684.904074][   T27] audit: type=1326 audit(1734622050.994:3395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.0.3542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1568d85d29 code=0x7ffc0000
[  685.626586][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  685.633097][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  687.093859][T14765] loop7: detected capacity change from 0 to 40427
[  687.138754][T14765] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  687.176271][T14765] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  687.261268][T14765] F2FS-fs (loop7): Found nat_bits in checkpoint
[  687.490403][T14765] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  687.508973][T14765] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  687.807037][T14761] x_tables: ip_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT
[  688.419932][T14797] xt_TPROXY: Can be used only with -p tcp or -p udp
[  690.298331][T14811] loop6: detected capacity change from 0 to 128
[  690.317840][T14811] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  690.449703][T14811] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  692.418799][T14815] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  695.691206][T14857] xt_TPROXY: Can be used only with -p tcp or -p udp
[  698.456959][ T4264] Bluetooth: hci4: command 0x0406 tx timeout
[  702.714090][T14915] xt_TPROXY: Can be used only with -p tcp or -p udp
[  703.371989][T14154] Bluetooth: hci0: command 0x0406 tx timeout
[  704.866988][T14931] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3590'.
[  712.519550][T15022] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3611'.
[  713.319722][T15022] bridge0: port 2(bridge_slave_1) entered disabled state
[  713.327297][T15022] bridge0: port 1(bridge_slave_0) entered disabled state
[  716.526063][T15049] usb usb8: usbfs: process 15049 (syz.2.3620) did not claim interface 0 before use
[  717.219979][T15047] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  718.963596][T15075] tipc: Started in network mode
[  719.143911][T15075] tipc: Node identity 7f000001, cluster identity 4711
[  719.189378][T15075] tipc: Enabled bearer <udp:syz2>, priority 10
[  719.348062][T15075] tipc: Enabled bearer <eth:team0>, priority 0
[  720.619648][T13989] tipc: Node number set to 2130706433
[  720.758472][T15105] xt_TPROXY: Can be used only with -p tcp or -p udp
[  722.168834][T15092] loop6: detected capacity change from 0 to 40427
[  722.207898][T15092] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  722.249576][T15092] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  722.276886][T15092] F2FS-fs (loop6): invalid crc value
[  722.309491][T15092] F2FS-fs (loop6): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  723.177368][T13989] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  723.544651][T13989] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  723.557966][T13989] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  723.568561][T13989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.605881][T13989] usb 3-1: config 0 descriptor??
[  723.649452][T15154] xt_TPROXY: Can be used only with -p tcp or -p udp
[  724.436303][T13989] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor
[  724.477501][T13989] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0002/input/input6
[  724.969478][T15170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3649'.
[  724.983002][T15170] device bridge0 entered promiscuous mode
[  724.989702][T15170] device macsec1 entered promiscuous mode
[  725.004536][T15170] device bridge0 left promiscuous mode
[  725.038447][T15175] loop7: detected capacity change from 0 to 512
[  725.064291][T15175] EXT4-fs: Ignoring removed orlov option
[  725.080383][T15175] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  725.607552][T15175] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  725.668084][T15175] EXT4-fs (loop7): can't mount with journal_checksum, fs mounted w/o journal
[  725.717373][T13989] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  725.909074][T13989] usb 3-1: USB disconnect, device number 4
[  729.857507][T15222] xt_TPROXY: Can be used only with -p tcp or -p udp
[  730.448270][T15226] loop7: detected capacity change from 0 to 512
[  730.495739][T15226] EXT4-fs (loop7): Test dummy encryption mode enabled
[  730.809974][T15226] EXT4-fs error (device loop7): ext4_find_inline_data_nolock:164: inode #12: comm syz.7.3657: inline data xattr refers to an external xattr inode
[  730.868828][T15226] EXT4-fs error (device loop7): ext4_orphan_get:1405: comm syz.7.3657: couldn't read orphan inode 12 (err -117)
[  730.882786][T15226] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  732.513263][T14150] EXT4-fs (loop7): unmounting filesystem.
[  732.857941][T15262] loop7: detected capacity change from 0 to 512
[  732.916968][T15262] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  732.923673][T15234] 
[  732.927780][T15234] ======================================================
[  732.934818][T15234] WARNING: possible circular locking dependency detected
[  732.941863][T15234] 6.1.120-syzkaller-00773-g52f863f820fd #0 Tainted: G        W         
[  732.950198][T15234] ------------------------------------------------------
[  732.957233][T15234] syz.5.3661/15234 is trying to acquire lock:
[  732.963315][T15234] ffff88807a469580 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x446/0x21b0
[  732.974115][T15234] 
[  732.974115][T15234] but task is already holding lock:
[  732.981488][T15234] ffff88807bbe08d8 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x207/0x8b0
[  732.991511][T15234] 
[  732.991511][T15234] which lock already depends on the new lock.
[  732.991511][T15234] 
[  733.001916][T15234] 
[  733.001916][T15234] the existing dependency chain (in reverse order) is:
[  733.010940][T15234] 
[  733.010940][T15234] -> #1 (&mm->mmap_lock){++++}-{3:3}:
[  733.018522][T15234]        lock_acquire+0x1f8/0x5a0
[  733.023574][T15234]        down_read_killable+0xc6/0xd10
[  733.029054][T15234]        mmap_read_lock_killable+0x1d/0x60
[  733.034878][T15234]        lock_mm_and_find_vma+0x2a7/0x2e0
[  733.040643][T15234]        exc_page_fault+0x169/0x620
[  733.045865][T15234]        asm_exc_page_fault+0x22/0x30
[  733.051263][T15234]        fault_in_readable+0x1c8/0x340
[  733.056733][T15234]        fault_in_iov_iter_readable+0xdb/0x270
[  733.062897][T15234]        generic_perform_write+0x207/0x5e0
[  733.068711][T15234]        __generic_file_write_iter+0x176/0x400
[  733.074875][T15234]        generic_file_write_iter+0xab/0x310
[  733.080782][T15234]        vfs_write+0x857/0xbc0
[  733.085552][T15234]        ksys_write+0x19c/0x2c0
[  733.090421][T15234]        do_syscall_64+0x3b/0xb0
[  733.095378][T15234]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  733.101815][T15234] 
[  733.101815][T15234] -> #0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}:
[  733.110529][T15234]        validate_chain+0x1661/0x5950
[  733.115915][T15234]        __lock_acquire+0x125b/0x1f80
[  733.121304][T15234]        lock_acquire+0x1f8/0x5a0
[  733.126357][T15234]        down_write+0x36/0x60
[  733.131052][T15234]        process_measurement+0x446/0x21b0
[  733.136789][T15234]        ima_file_mmap+0x121/0x1c0
[  733.141913][T15234]        __se_sys_remap_file_pages+0x67a/0x8b0
[  733.148071][T15234]        do_syscall_64+0x3b/0xb0
[  733.153020][T15234]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  733.159456][T15234] 
[  733.159456][T15234] other info that might help us debug this:
[  733.159456][T15234] 
[  733.169784][T15234]  Possible unsafe locking scenario:
[  733.169784][T15234] 
[  733.177257][T15234]        CPU0                    CPU1
[  733.182631][T15234]        ----                    ----
[  733.187999][T15234]   lock(&mm->mmap_lock);
[  733.192346][T15234]                                lock(&sb->s_type->i_mutex_key#12);
[  733.200394][T15234]                                lock(&mm->mmap_lock);
[  733.207255][T15234]   lock(&sb->s_type->i_mutex_key#12);
[  733.212731][T15234] 
[  733.212731][T15234]  *** DEADLOCK ***
[  733.212731][T15234] 
[  733.220878][T15234] 1 lock held by syz.5.3661/15234:
[  733.225997][T15234]  #0: ffff88807bbe08d8 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x207/0x8b0
[  733.236556][T15234] 
[  733.236556][T15234] stack backtrace:
[  733.242459][T15234] CPU: 1 PID: 15234 Comm: syz.5.3661 Tainted: G        W          6.1.120-syzkaller-00773-g52f863f820fd #0
[  733.253836][T15234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  733.263903][T15234] Call Trace:
[  733.267192][T15234]  <TASK>
[  733.270132][T15234]  dump_stack_lvl+0x1e3/0x2cb
[  733.274834][T15234]  ? nf_tcp_handle_invalid+0x642/0x642
[  733.280316][T15234]  ? print_circular_bug+0x12b/0x1a0
[  733.285527][T15234]  check_noncircular+0x2fa/0x3b0
[  733.290478][T15234]  ? add_chain_block+0x850/0x850
[  733.295424][T15234]  ? lockdep_lock+0x11f/0x2a0
[  733.300129][T15234]  ? _find_first_zero_bit+0xd0/0x100
[  733.305435][T15234]  validate_chain+0x1661/0x5950
[  733.310298][T15234]  ? reacquire_held_locks+0x660/0x660
[  733.315688][T15234]  ? reacquire_held_locks+0x660/0x660
[  733.321077][T15234]  ? look_up_lock_class+0x77/0x140
[  733.326204][T15234]  ? register_lock_class+0x100/0x990
[  733.331512][T15234]  ? ima_match_policy+0x104/0x2330
[  733.336641][T15234]  ? __lock_acquire+0x1f80/0x1f80
[  733.341682][T15234]  ? is_dynamic_key+0x260/0x260
[  733.346551][T15234]  ? mark_lock+0x9a/0x340
[  733.350987][T15234]  __lock_acquire+0x125b/0x1f80
[  733.355863][T15234]  lock_acquire+0x1f8/0x5a0
[  733.360383][T15234]  ? process_measurement+0x446/0x21b0
[  733.365769][T15234]  ? read_lock_is_recursive+0x10/0x10
[  733.371156][T15234]  ? ima_lsm_policy_change+0x620/0x620
[  733.376626][T15234]  ? __might_sleep+0xb0/0xb0
[  733.381229][T15234]  ? ima_get_action+0x71/0xa0
[  733.385945][T15234]  down_write+0x36/0x60
[  733.390128][T15234]  ? process_measurement+0x446/0x21b0
[  733.395531][T15234]  process_measurement+0x446/0x21b0
[  733.400758][T15234]  ? ima_file_mmap+0x1c0/0x1c0
[  733.405536][T15234]  ? __lock_acquire+0x1f80/0x1f80
[  733.410595][T15234]  ? aa_path_link+0xea0/0xea0
[  733.415292][T15234]  ? mtree_load+0xc45/0xdf0
[  733.419821][T15234]  ? aa_get_current_label+0x111/0x1d0
[  733.425213][T15234]  ? apparmor_current_getsecid_subj+0xac/0x110
[  733.431389][T15234]  ima_file_mmap+0x121/0x1c0
[  733.436002][T15234]  ? ima_file_free+0x3c0/0x3c0
[  733.440778][T15234]  ? bpf_lsm_mmap_file+0x5/0x10
[  733.445637][T15234]  ? security_mmap_file+0x11a/0x170
[  733.450848][T15234]  __se_sys_remap_file_pages+0x67a/0x8b0
[  733.456512][T15234]  ? __x64_sys_remap_file_pages+0xc0/0xc0
[  733.462252][T15234]  ? print_irqtrace_events+0x210/0x210
[  733.467738][T15234]  ? print_irqtrace_events+0x210/0x210
[  733.473220][T15234]  ? syscall_enter_from_user_mode+0x2e/0x230
[  733.479225][T15234]  ? lockdep_hardirqs_on+0x94/0x130
[  733.484441][T15234]  ? __x64_sys_remap_file_pages+0x1c/0xc0
[  733.490176][T15234]  do_syscall_64+0x3b/0xb0
[  733.494613][T15234]  ? clear_bhb_loop+0x45/0xa0
[  733.499326][T15234]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  733.505253][T15234] RIP: 0033:0x7ff858b85d29
[  733.509689][T15234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  733.529309][T15234] RSP: 002b:00007ff85999f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[  733.537737][T15234] RAX: ffffffffffffffda RBX: 00007ff858d75fa0 RCX: 00007ff858b85d29
[  733.545720][T15234] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 000000002053b000
[  733.553702][T15234] RBP: 00007ff858c01a20 R08: 0000000000020000 R09: 0000000000000000
[  733.561684][T15234] R10: 00000000000000c4 R11: 0000000000000246 R12: 0000000000000000
[  733.569664][T15234] R13: 0000000000000000 R14: 00007ff858d75fa0 R15: 00007ffea1480668
[  733.577659][T15234]  </TASK>
[  733.605581][T15262] EXT4-fs (loop7): orphan cleanup on readonly fs
[  733.613517][T15262] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.3665: bg 0: block 248: padding at end of block bitmap is not set
[  733.632163][T15262] Quota error (device loop7): write_blk: dquota write failed
[  733.644669][T15262] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  733.676352][T15262] EXT4-fs error (device loop7): ext4_acquire_dquot:6794: comm syz.7.3665: Failed to acquire dquot type 1
[  733.709284][T15262] EXT4-fs (loop7): 1 truncate cleaned up
[  733.722062][T15262] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  733.832329][T14150] EXT4-fs (loop7): unmounting filesystem.