last executing test programs:

11m9.594099671s ago: executing program 4 (id=216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20a0, 0x42004}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x45}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r2, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000005c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900", 0x18, 0x6, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x1001, 0x0, 0x0, {[@nop]}}}}}}}}, 0x0)

11m9.115955788s ago: executing program 4 (id=222):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f0000000000)={0x1})
ioctl$sock_rose_SIOCRSCLRRT(r0, 0x89e4)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
connect$rose(r3, &(0x7f0000000340)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @bcast}, 0x1c)
bind$802154_dgram(r2, &(0x7f0000000040)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0002}}}, 0x14)
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x290, 0x0, 0xb, 0xd0e0011, 0x120, 0xc6, 0x1f8, 0x1d8, 0x190, 0x1f8, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'nr0\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x120, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT0={0x48}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'virt_wifi0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x20000, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0)
connect$802154_dgram(r2, &(0x7f0000000000)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x14)
sendmsg$802154_dgram(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)

11m7.945551256s ago: executing program 4 (id=224):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f00000002c0)='./file0\x00', 0x1000c00, &(0x7f0000000ac0)=ANY=[@ANYBLOB="6769643d666f726765742c6e6f6164696e6963622c696f636861727365743d63703737352c73686f727461642c6c6f6e67616400757466382c646d6f64653d30303030303030303030303030303030303030303031312c6c6f6e6761642c7569643d2f918e9a2545f2770356eaccde88747b77069745c35771bfa8c63914fb6d2b04f1d3885c85f099d7015321d858b8547c", @ANYRES64, @ANYBLOB="2c67720000000000005463174d3a248cc41900aaaa0bcfd0f6a0512f55ca4c3ec7f8cb292f0342f767f8bbe7d262113cc86d30619e5de98e70bda7c10898a7451d66952d8b10e8d1a7152980661e2266a923128e945de1179d012c12ee0879ab24e146c2276e8b868dc377c12aae067ba5e589c50cbfe9f6b9b301"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE")
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa, 0x2}, {}, {0x1c, 0xfff2}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xa}, @TCA_ROUTE4_IIF={0x8}]}}]}, 0x44}}, 0x24004000)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x8000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0)

11m7.647421431s ago: executing program 4 (id=232):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x7}}, {@init_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
read$FUSE(r0, 0x0, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
move_mount(r0, &(0x7f0000000080)='./file0/file0\x00', r0, &(0x7f0000000040)='./file0/../file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})

11m5.461724673s ago: executing program 4 (id=238):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1f, 0x10, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000200)={r2}, 0xc)

11m2.513898208s ago: executing program 4 (id=249):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x1856, 0x0, 0x9, 0xfffffff9, 0x8, "0e80706e6c06a79874342a0e0d13343972d01f"})
write$UHID_INPUT(r1, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
read$FUSE(r1, &(0x7f00000040c0)={0x2020}, 0xf4d)
setitimer(0x1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000000)='./file0\x00', 0x1600008, &(0x7f0000000080)={[{@type={'type', 0x3d, "cb1904ad"}}, {@umask={'umask', 0x3d, 0x1}}, {@barrier}, {@uid}, {@nodecompose}, {@type={'type', 0x3d, "05f2875e"}}, {@barrier}]}, 0x3, 0x632, &(0x7f0000000800)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh7IQLpSHUA4rtFoOnKPWbay6aZW4KK0QCi9x4MKh4lwOuXFC6j1SOcMF9ZpjJVAvPaDcjGY8dpy386qd7e8Xjb/v8zfzzX/+9jzsyJoA3lrzE1HciCTmJz5bTdub6zO1zfWZoby7FhFpvRBRbBaRLEUkz5vdN9KHr6VP5vMnB63nSXXuixevN182W8XWwkkprQ0fvNxRmguu5VOMR8RAXu412O2oO8a7eeB4+/nvn/YPshlous1XW4mDXmvssXacxU+83wL9I2meN/cYjRjJztDN64DIjw6FNxvd2TvWUQ4AAAAuqHe2Ymut0Wj0Og4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4SPL7/yf5VGjVxyNp3f+/1DF7qYehnomNXgcAAAAAAAAAACfSGOhsfWMrtmI1LrV7k+x//h9njbHs8SvxMFaiEstxLVZjIepRj+WYiojRjoFKqwv1+vJUF0tO77vk9LluNAAAAAAAAAB82f025rf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0giRhoFtk01qqPRqEYEcMRUUrnW4v4V6t+kW30OgAAAAB4A97Ziq1YjUutdiPJPvN/kH3uH46HsRT1qEY9alGJW9l3Ac1P/YXN9Zna5vrMvXTaO+5f/tfIdBlGNmI0v3vYf81XsjnKcTuq2TPX4mbcj1q5c5QrrXj2j+s3r9Kxf5DrMrJbeZlu+Z/zsj+MZhkZbGdkMo8tzeO7h2fih69OtaapKLS/+Rk7h5yP5GWyq+y93ZmYjkKW79QHh2ci4pvP/vaLxdrS3cXbKxP9s0kn1MxEo9HMxFDWamXiw7cqE5PZtl9ut+fjp/HzmIjx+DyWoxq/jIWoRyXG4ydZbSF/P6ePo7syVdg59I0drc+PiqSUvy7No+jxYvo4W/ZSVONncT9uRSU+zf6mYyq+G7MxG3Mdr/DlLvb6wvH2+qvfyivpIf2Pedkf0ry+25HXzmPuaNbX+cx2lt47+2Nj8et5JV3H7yLix2e4naezOxPpWeLZV5t97x+eib9m1wkrtaW7y4sLD7pc3yd5me5Hf+irs0T6fnkvfbGy1s53R9r3/r59U1nfWLuvsKfvcrvvqD21lF/D7R1pOuv7cN++mazvSkffnuut9vUQAH1s5NsjpfJ/yv8sPy3/vrxY/mz4R0PfG/qoFIP/GPx+cXLgk8JHyd/jafx6+/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwciuPHt9dqNUqy0dWkuzm/xFdzdxRad3O6fCZk/xGPscZWaVWqwxHX4RxrErt3xEdzyS9jqcfKkP99ubv7XEJOH/X6/ceXF959Pg71XsLdyp3KkuDs7Nzk3Ozn85cv12tDUT6WJnsdZTAedg+6fc6EgAAAAAAAAAAAKBbh/8MYDCf63Q/J+jxJgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX3PxEFDciianJa5Npe3N9ppZOrfr2nMWIKERE8quI5HnEjWhOMdoxXHLQep5U57548Xrz5fZYxdb8hcOW685aPsV4RAzk5VmNd/PU4yXtLUwTdrV0uuDgzPw/AAD//4oVCL4=")
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x541b, 0x0)
getsockopt$bt_BT_SECURITY(r2, 0x10e, 0x5, 0x0, 0x20000000)

11m1.210153257s ago: executing program 32 (id=249):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x1856, 0x0, 0x9, 0xfffffff9, 0x8, "0e80706e6c06a79874342a0e0d13343972d01f"})
write$UHID_INPUT(r1, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
read$FUSE(r1, &(0x7f00000040c0)={0x2020}, 0xf4d)
setitimer(0x1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000000)='./file0\x00', 0x1600008, &(0x7f0000000080)={[{@type={'type', 0x3d, "cb1904ad"}}, {@umask={'umask', 0x3d, 0x1}}, {@barrier}, {@uid}, {@nodecompose}, {@type={'type', 0x3d, "05f2875e"}}, {@barrier}]}, 0x3, 0x632, &(0x7f0000000800)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh7IQLpSHUA4rtFoOnKPWbay6aZW4KK0QCi9x4MKh4lwOuXFC6j1SOcMF9ZpjJVAvPaDcjGY8dpy386qd7e8Xjb/v8zfzzX/+9jzsyJoA3lrzE1HciCTmJz5bTdub6zO1zfWZoby7FhFpvRBRbBaRLEUkz5vdN9KHr6VP5vMnB63nSXXuixevN182W8XWwkkprQ0fvNxRmguu5VOMR8RAXu412O2oO8a7eeB4+/nvn/YPshlous1XW4mDXmvssXacxU+83wL9I2meN/cYjRjJztDN64DIjw6FNxvd2TvWUQ4AAAAuqHe2Ymut0Wj0Og4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4SPL7/yf5VGjVxyNp3f+/1DF7qYehnomNXgcAAAAAAAAAACfSGOhsfWMrtmI1LrV7k+x//h9njbHs8SvxMFaiEstxLVZjIepRj+WYiojRjoFKqwv1+vJUF0tO77vk9LluNAAAAAAAAAB82f025rf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0giRhoFtk01qqPRqEYEcMRUUrnW4v4V6t+kW30OgAAAAB4A97Ziq1YjUutdiPJPvN/kH3uH46HsRT1qEY9alGJW9l3Ac1P/YXN9Zna5vrMvXTaO+5f/tfIdBlGNmI0v3vYf81XsjnKcTuq2TPX4mbcj1q5c5QrrXj2j+s3r9Kxf5DrMrJbeZlu+Z/zsj+MZhkZbGdkMo8tzeO7h2fih69OtaapKLS/+Rk7h5yP5GWyq+y93ZmYjkKW79QHh2ci4pvP/vaLxdrS3cXbKxP9s0kn1MxEo9HMxFDWamXiw7cqE5PZtl9ut+fjp/HzmIjx+DyWoxq/jIWoRyXG4ydZbSF/P6ePo7syVdg59I0drc+PiqSUvy7No+jxYvo4W/ZSVONncT9uRSU+zf6mYyq+G7MxG3Mdr/DlLvb6wvH2+qvfyivpIf2Pedkf0ry+25HXzmPuaNbX+cx2lt47+2Nj8et5JV3H7yLix2e4naezOxPpWeLZV5t97x+eib9m1wkrtaW7y4sLD7pc3yd5me5Hf+irs0T6fnkvfbGy1s53R9r3/r59U1nfWLuvsKfvcrvvqD21lF/D7R1pOuv7cN++mazvSkffnuut9vUQAH1s5NsjpfJ/yv8sPy3/vrxY/mz4R0PfG/qoFIP/GPx+cXLgk8JHyd/jafx6+/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwciuPHt9dqNUqy0dWkuzm/xFdzdxRad3O6fCZk/xGPscZWaVWqwxHX4RxrErt3xEdzyS9jqcfKkP99ubv7XEJOH/X6/ceXF959Pg71XsLdyp3KkuDs7Nzk3Ozn85cv12tDUT6WJnsdZTAedg+6fc6EgAAAAAAAAAAAKBbh/8MYDCf63Q/J+jxJgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX3PxEFDciianJa5Npe3N9ppZOrfr2nMWIKERE8quI5HnEjWhOMdoxXHLQep5U57548Xrz5fZYxdb8hcOW685aPsV4RAzk5VmNd/PU4yXtLUwTdrV0uuDgzPw/AAD//4oVCL4=")
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x541b, 0x0)
getsockopt$bt_BT_SECURITY(r2, 0x10e, 0x5, 0x0, 0x20000000)

7m48.631728352s ago: executing program 0 (id=932):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737908320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005900)=ANY=[@ANYBLOB="1c000000150a0102"], 0x1c}}, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
socket$inet(0x2, 0x1, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

7m47.309912741s ago: executing program 0 (id=940):
socket$inet_dccp(0x2, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3}, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0x0, 0x1, 0x9, 0x3, 0x4, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x989680}, 0x0)

7m45.778530085s ago: executing program 0 (id=947):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x20000400)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x29, 0x5, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)

7m45.381700831s ago: executing program 0 (id=951):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
syz_emit_ethernet(0x82, 0x0, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r1, &(0x7f0000000f00)={0x2020}, 0x2020)

7m45.301839752s ago: executing program 0 (id=952):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r3 = openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0)
write$binfmt_register(r3, &(0x7f0000000740)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x7, 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a\xdd\x05\xdc\xb8\xc7\xb4v\x1f\xe3\xb6)\x1dM\x1e\xf9\x97\xffLW\x82\t\xf7\xb4\xe2fP\b\n\xdd\x03\x9d&\xd2\xce<f\xfb\xed\xdaP\xf0e\xb6\f\x9a\xa7\xe7c\xf3C\x9br\xf0L\xe5\xb3\xfbD\x1b\x88\xb7\b\x1b\xba}\xc9\va_\x9dYC\xffQ\x84 %(;\xac\x95\x90_\xe9\"\"\xf3\xe3#N\x0f\xdf\x7f\x90\x0f\x90S\x8cF\xff\xdb\x80\x9d\xf8A\xa9\x8f7F\x03\xc3T\xd8\xa4\xb9@\xa8\xa7\x94\xd0\x89)C\xfb\x1eV9\xceE', 0x3a, '', 0x3a, './file0'}, 0x1b0)

7m43.355309572s ago: executing program 0 (id=962):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000380)=0x2000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x60)

7m43.291161132s ago: executing program 33 (id=962):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000380)=0x2000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x60)

1m48.814796998s ago: executing program 3 (id=1983):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

1m47.767645574s ago: executing program 3 (id=1989):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0x3)
ioctl$EXT4_IOC_GET_ES_CACHE(r2, 0xc020660b, 0x0)
r4 = syz_open_dev$loop(0x0, 0x8, 0x8080)
ioctl$BLKREPORTZONE(r4, 0xc0101282, 0x0)
r5 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$read(0x2, r5, &(0x7f00000000c0)=""/4096, 0x1000)
keyctl$read(0xb, r5, &(0x7f00000010c0)=""/4096, 0x1000)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000020c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r7, r6, 0x0, 0x23b)
connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)

1m45.790308314s ago: executing program 3 (id=1993):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/mem_sleep', 0x101a02, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_audit(0x10, 0x3, 0x9)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$kcm(0xf, 0x3, 0x2)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x140, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
epoll_create1(0x0)
socket$tipc(0x1e, 0x5, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2b442, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_io_uring_setup(0x42e9, &(0x7f0000000200)={0x0, 0xa567, 0x0, 0x3, 0x20000}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, 0x0, 0x0}, 0x20)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x12, 0x6000, @fd=r0, 0x2, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x3f70, 0x0, 0x0, 0x0, 0x0)

1m44.443686044s ago: executing program 3 (id=1998):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0, r6}}, 0x18)
sendmsg$nl_route(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="58708e06000300000000000000dbdf2502106088a018e31cc414d98b2f7831799a8f668ea45d1c079d9fdd3126a956ed2ccb06d323898c357ca0bb7bc475e2db17"], 0x58}}, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, 0x0, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r7, 0x5423, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x2)

1m42.78052689s ago: executing program 3 (id=2003):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2}, 0x48)

1m41.562028568s ago: executing program 3 (id=2007):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]})

1m26.550404624s ago: executing program 34 (id=2007):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]})

11.761373642s ago: executing program 7 (id=2307):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r0=>0x0}, &(0x7f0000000080)=0xc)
prlimit64(r0, 0xa, &(0x7f0000000140)={0x8, 0x900d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000674000/0x2000)=nil, 0x2000, 0xb635773f04ebbee8, 0x8031, 0xffffffffffffffff, 0xfbffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

11.422928787s ago: executing program 7 (id=2310):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000140)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@dioread_nolock}, {@bsdgroups}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000140), 0xfc, 0x560, &(0x7f00000008c0)="$eJzs3d9rW1UcAPDvTdut+6HtYAz1QQp7cDKXrq0/JvgwH0WHA33XkGRlNF1Gk461Dtwe3IsvMgQRB6Lvvvs4/Af8KwY6GDKKPuwlctObLluTNu3StVs+H7jtOffe9Jxv7v2enpubkAAG1kT6IxfxakR8l0SMtW0bjmzjxOp+Kw+uFdMliUbjs3+SSLJ1rf2T7PehrPJKRPzxTcTJ3Pp2a0vLc4VKpbyQ1Sfr85cna0vLpy7OF2bLs+VL0zMzZ96ZmX7/vXf7Fuub5//78dM7H5359vjKD7/dO3IribNxONvWHsdTuN5emYiJ7DkZibNP7DjVh8b2kmS3O8C2DGV5PhLpGDAWQ1nWd9QYe5ZdA3bY12laAwMqkf8woFrzgNa1fZ+ug58b9z9cvQBaH//w6msjMdq8Njq4kjx2ZZRe7473of20jd//vn0rXaJ/r0MAbOr6jYg4PTy8fvxLsvFv+073sM+TbRj/4Nm5k85/3uo0/8mtzX+iw/znUIfc3Y7N8z93rw/NdJXO/z7oOP9du2k1PpTVXmrO+UaSCxcr5XRsezkiTsTI/rS+wf2cL3MrdxvdNrbP/9Ilbb81F8z6cW94/+OPKRXqhacKus39GxGvdZz/JmvHP+lw/NPn43yPbRwr336927bN499ZjV8i3uh4/B/d0Uo2vj852TwfJltnxXr/3jz2Z7f2dzv+9Pgf3Dj+8aT9fm1t6238PPqw3G3bds//fcnnzfK+bN3VQr2+MBWxL/lk/frpR49t1Vv7p/GfOL7x+Nfp/D+QJnaP8d88erN919Gtxb+z0vhLWzr+Wy/c/firn7q139vxf7tZOpGt6WX867WDT/PcAQAAAAAAwF6Ti4jDkeTya+VcLp9ffX/H0TiYq1Rr9ZMXqouXStH8rOx4jORad7rH2t4PMZW9H7ZVn36iPhMRRyLi+6EDzXq+WK2Udjt4AAAAAAAAAAAAAAAAAAAA2CMORYx2+vx/6q+h3e4dsOM2+Mpv4AXXPf+zLf34pidgT/L/HwaX/IfBJf9hcMl/GFzyHwaX/IfBJf9hcG0l/389t4MdAQAAAAAAAAAAAAAAAAAAAAAAAAAAgBfD+XPn0qWx8uBaMa2XriwtzlWvnCqVa3P5+cVivlhduJyfrVZnK+V8sTq/2d+rVKuXp6Zj8epkvVyrT9aWlr+Yry5eethYVR55JlEBAAAAAAAAAAAAAAAAAADA86W2tDxXqFTKCwoK2yoM741uKPS5sNsjEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA88n8AAAD//75iP7A=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000e40)=ANY=[@ANYBLOB="000000004c90020003000000030001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d23945fdd45d3ec1c0a4edb30600"/95])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)

8.962007734s ago: executing program 1 (id=2319):
openat$ppp(0xffffffffffffff9c, 0x0, 0x40082, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r0}})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x235, &(0x7f0000000300)="$eJzs3T9oFFkcB/Df7J/LJVmO3F1zcHAniIgGQuwEm9goBCSIiKBCRMRKEiUmbWJlY6G1SiqbaGu0FJtgExGsgqaIjaBBxGChxcrsJBLNiuLGHXE+H5jdmd335veGme/bbYYJoLB6ImIgIsoR0RsR1YhI1jfYki09q5vTnXPDEfX6oVdJo122nVnr1x0RUxGx+2Y9U4mYmD229HZh//ZL49VtN2aPdrb1IFctLy0eWLk+dPH24K6Jh49fDCUxELVPjmvzJU0+qyQRf/2IYj+JpJL3CPgW5+aHXqe5/zsitjbyX41SZCfv8thv96ux89qX+l55+ejfdo4V2Hz1ejX9DZyqA4VTiohaJKW+iMjWS6W+vuw//JNyV+nM6Nj53tOj4yOn8p6pgM1Si1jcd7fjTvdn+X9ezvIP/LrS/B8+OPM0XV8p5z0aoJ3S/PeemNwR8g+FI/9QXPIPxSX/UFzyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzr8w8AFEu9I+87kIG85D3/AAAAAAAAAAAAAAAAAAAAG013zg2vLe2q+eBqxPLeiKg0q19uPI844vfGa9ebJG32UZJ1a8nx/1vcQYtu5Xz39R/P8q0//1++9SdHIqYuRER/pbLx+ktWr7/v9+dXvq+ebLFAi/Ycybf++5l86w8uRNxL55/+ZvNPKf5pvDeff2rp+Wux/tl3Le4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtvkQAAD//4XCc8o=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2000479a, 0x0, 0x0, 0x0, 0x0)

7.89655834s ago: executing program 1 (id=2321):
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty, 0x53}, 0x1c)
setsockopt$inet6_tcp_int(r2, 0x6, 0x9, &(0x7f0000000040)=0x3, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)

5.042429303s ago: executing program 2 (id=2329):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
listen(0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, 0x0, 0x0)

4.961575664s ago: executing program 2 (id=2331):
openat$ppp(0xffffffffffffff9c, 0x0, 0x40082, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r0}})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x235, &(0x7f0000000300)="$eJzs3T9oFFkcB/Df7J/LJVmO3F1zcHAniIgGQuwEm9goBCSIiKBCRMRKEiUmbWJlY6G1SiqbaGu0FJtgExGsgqaIjaBBxGChxcrsJBLNiuLGHXE+H5jdmd335veGme/bbYYJoLB6ImIgIsoR0RsR1YhI1jfYki09q5vTnXPDEfX6oVdJo122nVnr1x0RUxGx+2Y9U4mYmD229HZh//ZL49VtN2aPdrb1IFctLy0eWLk+dPH24K6Jh49fDCUxELVPjmvzJU0+qyQRf/2IYj+JpJL3CPgW5+aHXqe5/zsitjbyX41SZCfv8thv96ux89qX+l55+ejfdo4V2Hz1ejX9DZyqA4VTiohaJKW+iMjWS6W+vuw//JNyV+nM6Nj53tOj4yOn8p6pgM1Si1jcd7fjTvdn+X9ezvIP/LrS/B8+OPM0XV8p5z0aoJ3S/PeemNwR8g+FI/9QXPIPxSX/UFzyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzr8w8AFEu9I+87kIG85D3/AAAAAAAAAAAAAAAAAAAAG013zg2vLe2q+eBqxPLeiKg0q19uPI844vfGa9ebJG32UZJ1a8nx/1vcQYtu5Xz39R/P8q0//1++9SdHIqYuRER/pbLx+ktWr7/v9+dXvq+ebLFAi/Ycybf++5l86w8uRNxL55/+ZvNPKf5pvDeff2rp+Wux/tl3Le4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtvkQAAD//4XCc8o=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2000479a, 0x0, 0x0, 0x0, 0x0)

4.010422169s ago: executing program 2 (id=2332):
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x40, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fc000000080011000700000008000e00800000000800"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3.771322352s ago: executing program 2 (id=2335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)

3.322848379s ago: executing program 6 (id=2341):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
listen(0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, 0x0, 0x0)

3.2032247s ago: executing program 2 (id=2342):
r0 = socket$netlink(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(0x0, r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x20008005}, 0x0)

3.196207781s ago: executing program 6 (id=2343):
openat$ppp(0xffffffffffffff9c, 0x0, 0x40082, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r0}})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x235, &(0x7f0000000300)="$eJzs3T9oFFkcB/Df7J/LJVmO3F1zcHAniIgGQuwEm9goBCSIiKBCRMRKEiUmbWJlY6G1SiqbaGu0FJtgExGsgqaIjaBBxGChxcrsJBLNiuLGHXE+H5jdmd335veGme/bbYYJoLB6ImIgIsoR0RsR1YhI1jfYki09q5vTnXPDEfX6oVdJo122nVnr1x0RUxGx+2Y9U4mYmD229HZh//ZL49VtN2aPdrb1IFctLy0eWLk+dPH24K6Jh49fDCUxELVPjmvzJU0+qyQRf/2IYj+JpJL3CPgW5+aHXqe5/zsitjbyX41SZCfv8thv96ux89qX+l55+ejfdo4V2Hz1ejX9DZyqA4VTiohaJKW+iMjWS6W+vuw//JNyV+nM6Nj53tOj4yOn8p6pgM1Si1jcd7fjTvdn+X9ezvIP/LrS/B8+OPM0XV8p5z0aoJ3S/PeemNwR8g+FI/9QXPIPxSX/UFzyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzr8w8AFEu9I+87kIG85D3/AAAAAAAAAAAAAAAAAAAAG013zg2vLe2q+eBqxPLeiKg0q19uPI844vfGa9ebJG32UZJ1a8nx/1vcQYtu5Xz39R/P8q0//1++9SdHIqYuRER/pbLx+ktWr7/v9+dXvq+ebLFAi/Ycybf++5l86w8uRNxL55/+ZvNPKf5pvDeff2rp+Wux/tl3Le4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtvkQAAD//4XCc8o=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2000479a, 0x0, 0x0, 0x0, 0x0)

3.085394143s ago: executing program 2 (id=2344):
syz_open_dev$ndb(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000840)=ANY=[], 0x2, 0x69f, &(0x7f00000015c0)="$eJzs3V1v2+b5x/EfZdmW3T+C4r8hCII83ElWwMEyhZIbB0YGrBpF2dwkUSDlwQYGFFljF0HkdEsyYPFJ55M9AN0b2NlOdrAXMWDHfRc7GTag2M4G7EQDb1KyFD3FjeK0y/cjtKJuXuR9kVR4gZZ4SwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQI5Xdd2So3rQ3Nk1k3nVKGxMmZ+ubVE304mbM/uVnOQ/FQq6kDZd+ObJ7PPJ/67rUvrqkgrJU0FH75x/99438rne8lMS+jJ02hU+fX706H6ns//kJWIXdOrVv0nK9aZWsmMyJmjLbwZxGDQqW74J4tBsbmy4t7drsakFdT/ei9t+w3iRn2uHkVnzbprS5ua68Yt74U5zq1qp+73Gu98pu+6G+cFyeqAlFWNvO6jXg+aWjUlmJzF3zWc/TgP8SsOYg4ed/fVZW5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu5vWnzNzOfEDcxBLqn/f3Wkugpqake7MmMfnqqKFKoxYX6mV//fu+1P7Xew/veq/AXpe9nsi7L1/0r66sqk+j8hFyNjFxg3x5nQfrrHos3I6Kme60iPdF8ddbSvJ3NYt5G5OqH93lzWPsfHlnw1FShWqEANVWyLyVqMNrWhDbn6UNuqKZZRTYHq8hVrT7Ha8u07ylMkXxW1FSqS0Zo83ZRRSZva1LqMfBW1p1A7ampLVVX07263e6CHdr+vT8lRvaDShIDlwaDylDVNqv8/+TR9n2b136X+v63S98Fy+vT5tBjgK6CbXf8Pys1e7OrrywgAAAAAAMybY//67tjP7i9L6qoW1H33TacFAAAAAADmyFF3WZfkJNf/ki7L4fofAAAAAID/NY69x86RtGq/1O+c3An1Mn8EWDiDFAEAAAAAwCuyd/5fWZK6dtCKq3JOdf0PAAAAAAC+Bn4zMMZ+vjfGbrf3sX5OUtxadv78z2VFi85xa/dbzmElmVM5zGJGvgHQrl10zmUD9dqnJUn2ledfcrLeskEw++MOfnEwa6x/J3ohgaWFwRVMSMBJet7IZ6/0ma6li1zLxpl/cJSTnZP2sloL6n7RC+v3SqpUzuXa/m77548f/kKK+tt58LCzX/zok84Dm8tx0nR8mKz006F0cuN3xkkuz+x4C/aei3FbvKJar8vfNhurju3X7W3/giqHucGOph2Akz5/pevpMbu+msauHvVH3E+2v5Bsf6loD9nQ1keLzkkWpRe3fNyBmJBFwWZxI425sXZD5b+l0/2jkHMK316QysXRYzCURXkwi9n7wvnXyL4YyMI+9eYM7Iv1JIu/JCuakMX66bIYOSIA8KYc6LLsWeiy7CDm/SpUyOpurzz0Tmpfqu7Mru4fDFf3Z7/vdu0CC1I++2xiai8FJWf0NcfWoaV0k/IXx5zR3ayuFDThjO6+QnVL+vrTyW8gZWmPZPGfbrd7r2T7/d0LVfUPQ92N9BvXywvJLrz97PCndgD8xMf7H+8/LpfXN9z3XfdOWYt2M7KnBVF7AAAjZv/GzswI531dSyOuPfjHe+nUUMX7//5XCor6SJ+oowe61fsJgavj17o68DWEW+lVqwauWs35d+/Z36Ubji3p1sSrOltLB2LL/dhF9RYZrtQnseuv+SgAAHC2rs+ow+Prf2Go/t/SWhqxdnHsdfdwLc+ujvuX9JNiS7OT/2DeewMAgLeDH33hrLZ/7URR0PqwtLlZqrS3fROF3g9NFFS3fBM0237kbVeaW75pRWE79MK6aUVaDqp+bOKdViuM2qYWRqYVxsGu/eV3k/30e+w3Ks124MWtul+JfeOFzXbFa5tqEHumtfP9ehBv+5FdOG75XlALvEo7CJsmDncizy8aE/v+QGBQ9ZvtoBYkk03TioJGJdozPwrrOw3fVP3Yi4JWO0xX2OsraNbCqGFXW8x3x31fAACAt87T50eP7nc6+09enFhJLs3TlmNNiBmdWNLT58lVedKSz2YxRhAAAF8xJwX8FAvZzwFWXl9SAAAAAAAAAAAAAAAAAAAAAABgyOxb+k45sTjuZkGp3/Kzc1mLfqmTWwxH1uNo3omdZiJ32qV6o+gfPfp8SvBKv6W3+wdjjs9sA//+f9I7tkVpS37+fa1MObivY+K7B+kenRiTzBw7a7l/LPLz/+eQTDz+44RZ3W63O33x5eF9uDRtA4cn8pKeLL3CITj7cxGAs/XfAAAA//8xcjPe")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x584b1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(r0, 0xffffffffffffffff, 0x2)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)

2.792946507s ago: executing program 6 (id=2345):
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x40, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fc000000080011000700000008000e00800000000800"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.700820669s ago: executing program 7 (id=2346):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r5}, 0x48)

2.660790839s ago: executing program 6 (id=2347):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
read(r0, 0x0, 0x0)

2.393856893s ago: executing program 5 (id=2349):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r0=>0x0}, &(0x7f0000000080)=0xc)
prlimit64(r0, 0xa, &(0x7f0000000140)={0x8, 0x900d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000674000/0x2000)=nil, 0x2000, 0xb635773f04ebbee8, 0x8031, 0xffffffffffffffff, 0xfbffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

2.308418904s ago: executing program 5 (id=2350):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xe, 0x4, 0x8, 0x7}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x36, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000340)={0x0, <r9=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={r9, 0x9}, 0xc)

2.255700645s ago: executing program 5 (id=2351):
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
sendmsg$NFC_CMD_LLC_SDREQ(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={0x0, 0x180}, 0x1, 0x0, 0x0, 0x8c1}, 0x4096)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x34611000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sysinfo(0x0)

2.071670028s ago: executing program 1 (id=2352):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)

1.973615719s ago: executing program 5 (id=2353):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
listen(0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, 0x0, 0x0)

1.756291743s ago: executing program 6 (id=2354):
r0 = socket$netlink(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(0x0, r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fcfc0000080011000000000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x20008005}, 0x0)

1.754598613s ago: executing program 5 (id=2355):
r0 = syz_io_uring_setup(0xf3d, &(0x7f0000000000)={0x0, 0x0, 0x400, 0x3, 0xffffffff}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000540)=<r2=>0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, {0x0, r3}})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x235, &(0x7f0000000300)="$eJzs3T9oFFkcB/Df7J/LJVmO3F1zcHAniIgGQuwEm9goBCSIiKBCRMRKEiUmbWJlY6G1SiqbaGu0FJtgExGsgqaIjaBBxGChxcrsJBLNiuLGHXE+H5jdmd335veGme/bbYYJoLB6ImIgIsoR0RsR1YhI1jfYki09q5vTnXPDEfX6oVdJo122nVnr1x0RUxGx+2Y9U4mYmD229HZh//ZL49VtN2aPdrb1IFctLy0eWLk+dPH24K6Jh49fDCUxELVPjmvzJU0+qyQRf/2IYj+JpJL3CPgW5+aHXqe5/zsitjbyX41SZCfv8thv96ux89qX+l55+ejfdo4V2Hz1ejX9DZyqA4VTiohaJKW+iMjWS6W+vuw//JNyV+nM6Nj53tOj4yOn8p6pgM1Si1jcd7fjTvdn+X9ezvIP/LrS/B8+OPM0XV8p5z0aoJ3S/PeemNwR8g+FI/9QXPIPxSX/UFzyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzr8w8AFEu9I+87kIG85D3/AAAAAAAAAAAAAAAAAAAAG013zg2vLe2q+eBqxPLeiKg0q19uPI844vfGa9ebJG32UZJ1a8nx/1vcQYtu5Xz39R/P8q0//1++9SdHIqYuRER/pbLx+ktWr7/v9+dXvq+ebLFAi/Ycybf++5l86w8uRNxL55/+ZvNPKf5pvDeff2rp+Wux/tl3Le4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtvkQAAD//4XCc8o=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
io_uring_enter(r0, 0x2000479a, 0x0, 0x0, 0x0, 0x0)

1.632342445s ago: executing program 7 (id=2356):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@multicast, @random="68d4e408348b", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x28, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @dev}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @local, @local}}}}}}, 0x0)
r1 = getpid()
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xbc)
keyctl$set_timeout(0xf, r2, 0x100)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x402)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)
timerfd_create(0x0, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
fallocate(r0, 0x0, 0x0, 0x8000c62)
mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000001c0)='hugetlbfs\x00', 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

1.545885356s ago: executing program 6 (id=2357):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000140)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@dioread_nolock}, {@bsdgroups}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000140), 0xfc, 0x560, &(0x7f00000008c0)="$eJzs3d9rW1UcAPDvTdut+6HtYAz1QQp7cDKXrq0/JvgwH0WHA33XkGRlNF1Gk461Dtwe3IsvMgQRB6Lvvvs4/Af8KwY6GDKKPuwlctObLluTNu3StVs+H7jtOffe9Jxv7v2enpubkAAG1kT6IxfxakR8l0SMtW0bjmzjxOp+Kw+uFdMliUbjs3+SSLJ1rf2T7PehrPJKRPzxTcTJ3Pp2a0vLc4VKpbyQ1Sfr85cna0vLpy7OF2bLs+VL0zMzZ96ZmX7/vXf7Fuub5//78dM7H5359vjKD7/dO3IribNxONvWHsdTuN5emYiJ7DkZibNP7DjVh8b2kmS3O8C2DGV5PhLpGDAWQ1nWd9QYe5ZdA3bY12laAwMqkf8woFrzgNa1fZ+ug58b9z9cvQBaH//w6msjMdq8Njq4kjx2ZZRe7473of20jd//vn0rXaJ/r0MAbOr6jYg4PTy8fvxLsvFv+073sM+TbRj/4Nm5k85/3uo0/8mtzX+iw/znUIfc3Y7N8z93rw/NdJXO/z7oOP9du2k1PpTVXmrO+UaSCxcr5XRsezkiTsTI/rS+wf2cL3MrdxvdNrbP/9Ilbb81F8z6cW94/+OPKRXqhacKus39GxGvdZz/JmvHP+lw/NPn43yPbRwr336927bN499ZjV8i3uh4/B/d0Uo2vj852TwfJltnxXr/3jz2Z7f2dzv+9Pgf3Dj+8aT9fm1t6238PPqw3G3bds//fcnnzfK+bN3VQr2+MBWxL/lk/frpR49t1Vv7p/GfOL7x+Nfp/D+QJnaP8d88erN919Gtxb+z0vhLWzr+Wy/c/firn7q139vxf7tZOpGt6WX867WDT/PcAQAAAAAAwF6Ti4jDkeTya+VcLp9ffX/H0TiYq1Rr9ZMXqouXStH8rOx4jORad7rH2t4PMZW9H7ZVn36iPhMRRyLi+6EDzXq+WK2Udjt4AAAAAAAAAAAAAAAAAAAA2CMORYx2+vx/6q+h3e4dsOM2+Mpv4AXXPf+zLf34pidgT/L/HwaX/IfBJf9hcMl/GFzyHwaX/IfBJf9hcG0l/389t4MdAQAAAAAAAAAAAAAAAAAAAAAAAAAAgBfD+XPn0qWx8uBaMa2XriwtzlWvnCqVa3P5+cVivlhduJyfrVZnK+V8sTq/2d+rVKuXp6Zj8epkvVyrT9aWlr+Yry5eethYVR55JlEBAAAAAAAAAAAAAAAAAADA86W2tDxXqFTKCwoK2yoM741uKPS5sNsjEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA88n8AAAD//75iP7A=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000e40)=ANY=[@ANYBLOB="000000004c90020003000000030001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d23945fdd45d3ec1c0a4edb30600"/95])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)

1.489733237s ago: executing program 5 (id=2358):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x30, r3, 0x1, 0xffffffff, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x9}}}}, 0x30}}, 0x0)

1.30555986s ago: executing program 1 (id=2359):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000140), 0x0)

1.109304303s ago: executing program 1 (id=2360):
r0 = syz_open_dev$usbmon(&(0x7f0000001980), 0x1, 0x10280)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRESOCT=r0], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5400000002060500000000000000000000001e0010000300686173683a69702c6d61630005000400000000000900020073797a30000000000c00078005001500fc00000005000500020000000500010006000000"], 0x54}}, 0x0)

354.010384ms ago: executing program 7 (id=2361):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xe, 0x4, 0x8, 0x7}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x36, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000340)={0x0, <r9=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={r9, 0x9}, 0xc)

33.179479ms ago: executing program 1 (id=2362):
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty, 0x53}, 0x1c)
setsockopt$inet6_tcp_int(r2, 0x6, 0x9, &(0x7f0000000040)=0x3, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)

0s ago: executing program 7 (id=2363):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r0=>0x0}, &(0x7f0000000080)=0xc)
prlimit64(r0, 0xa, &(0x7f0000000140)={0x8, 0x900d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000674000/0x2000)=nil, 0x2000, 0xb635773f04ebbee8, 0x8031, 0xffffffffffffffff, 0xfbffd000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

kernel console output (not intermixed with test programs):

T4955] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.174777][ T4955] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.177584][ T4955] device bridge_slave_1 entered promiscuous mode
[  117.259835][ T4088] Bluetooth: hci3: command 0x041b tx timeout
[  117.295096][ T4955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.328676][ T4955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  117.414481][ T4955] team0: Port device team_slave_0 added
[  117.461878][ T4955] team0: Port device team_slave_1 added
[  117.545643][ T4955] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.547937][ T4955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.563231][ T4955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.567712][ T4955] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.897722][ T4955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  118.231132][ T4955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  118.540865][ T4955] device hsr_slave_0 entered promiscuous mode
[  119.158688][ T4955] device hsr_slave_1 entered promiscuous mode
[  119.271663][ T4955] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  119.273809][ T4955] Cannot create hsr debugfs directory
[  119.342552][ T4198] tipc: Left network mode
[  119.378680][ T4088] Bluetooth: hci3: command 0x040f tx timeout
[  119.555316][ T5026] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  119.557492][ T5026] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  119.658002][ T5026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  119.660252][ T5026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  119.662526][ T5026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  119.664606][ T5026] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  121.429937][ T4088] Bluetooth: hci3: command 0x0419 tx timeout
[  121.529554][ T5055] capability: warning: `syz.3.273' uses deprecated v2 capabilities in a way that may be insecure
[  121.587106][ T4955] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  121.672339][ T4955] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  121.714796][ T4955] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  121.753955][ T5059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'.
[  121.797423][ T4955] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  122.076878][ T4955] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.117932][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  122.121407][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  122.134632][ T4955] 8021q: adding VLAN 0 to HW filter on device team0
[  122.327867][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  122.331247][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  122.346230][ T4353] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.348325][ T4353] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.809010][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  122.974539][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.002437][ T4353] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.004430][ T4353] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.074826][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.139402][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.249968][ T5089] sch_tbf: burst 1023 is lower than device lo mtu (65550) !
[  123.252793][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.255863][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.265170][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.272350][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.281408][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.293170][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.306005][ T5095] netlink: 12 bytes leftover after parsing attributes in process `syz.1.280'.
[  123.346909][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.353203][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.365006][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.370700][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.381141][ T4955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  123.487403][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  123.490781][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  123.547609][ T5112] loop0: detected capacity change from 0 to 16
[  123.591091][ T4955] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.595502][ T5112] erofs: (device loop0): mounted with root inode @ nid 36.
[  126.995800][ T4198] device hsr_slave_0 left promiscuous mode
[  127.096504][ T4198] device hsr_slave_1 left promiscuous mode
[  127.301603][ T4198] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  127.305311][ T4198] batman_adv: batadv0: Removing interface: batadv_slave_0
[  127.703133][ T4198] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  127.872989][ T4198] batman_adv: batadv0: Removing interface: batadv_slave_1
[  127.907348][ T4198] device vxlan0 left promiscuous mode
[  127.928788][ T4198] bridge0: port 3(vxlan0) entered disabled state
[  128.022685][ T4198] device bridge_slave_1 left promiscuous mode
[  128.024516][ T4198] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.071448][ T4198] device bridge_slave_0 left promiscuous mode
[  128.073331][ T4198] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.219513][ T4198] device veth1_macvtap left promiscuous mode
[  128.221846][ T4198] device veth0_macvtap left promiscuous mode
[  128.223941][ T4198] device veth1_vlan left promiscuous mode
[  128.225924][ T4198] device veth0_vlan left promiscuous mode
[  128.722762][ T4198] team0 (unregistering): Port device team_slave_1 removed
[  128.737072][ T4198] team0 (unregistering): Port device team_slave_0 removed
[  128.747530][ T4198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  128.822570][ T4198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  129.085647][ T4198] bond0 (unregistering): Released all slaves
[  129.183463][ T5146] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  129.234006][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  129.250048][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  129.329867][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  129.332945][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  129.336080][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  129.341467][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  129.350373][ T4955] device veth0_vlan entered promiscuous mode
[  129.374610][ T4955] device veth1_vlan entered promiscuous mode
[  129.627135][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  129.630330][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  129.633207][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  129.645283][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  129.812440][ T4955] device veth0_macvtap entered promiscuous mode
[  129.831073][ T4955] device veth1_macvtap entered promiscuous mode
[  130.229983][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  130.262708][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  130.558891][ T4955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.561995][ T4955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.594976][ T4955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.597935][ T4955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.600838][ T4955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.604020][ T4955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.670685][ T4955] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.682647][ T4955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.685407][ T4955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.688175][ T4955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.739226][ T4955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.757417][ T4955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.769037][ T4955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.785137][ T4955] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.793856][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  130.797115][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  130.802251][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  130.805252][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  130.808827][ T5216] netlink: 'syz.2.307': attribute type 13 has an invalid length.
[  130.817271][ T4955] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.828567][ T4955] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.831231][ T4955] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.839305][ T4955] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.931003][ T5222] netlink: 'syz.0.308': attribute type 5 has an invalid length.
[  130.996260][ T5229] net_ratelimit: 12 callbacks suppressed
[  130.996274][ T5229] Set syz0 is full, maxelem 0 reached
[  131.009946][ T4197] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.012386][ T4197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.016526][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  131.090599][  T309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.097952][  T309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.101317][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  131.101387][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  131.201480][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  131.250893][    C1] vcan0: j1939_tp_rxtimer: 0x0000000058e58617: rx timeout, send abort
[  131.750985][    C1] vcan0: j1939_tp_rxtimer: 0x000000003a6c0b40: rx timeout, send abort
[  131.754002][    C1] vcan0: j1939_tp_rxtimer: 0x0000000058e58617: abort rx timeout. Force session deactivation
[  132.253596][    C1] vcan0: j1939_tp_rxtimer: 0x000000003a6c0b40: abort rx timeout. Force session deactivation
[  138.714168][ T5303] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  138.817114][ T5309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.331'.
[  139.026379][ T5314] loop0: detected capacity change from 0 to 4096
[  139.113853][ T5314] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[  140.140824][ T5331] loop5: detected capacity change from 0 to 8
[  140.323064][ T5331] SQUASHFS error: Unknown LZ4 version
[  140.337881][ T5331] squashfs image failed sanity check
[  141.203163][ T5341] tipc: Started in network mode
[  141.204822][ T5341] tipc: Node identity 7f000001, cluster identity 4711
[  141.213771][ T5341] tipc: Enabled bearer <udp:syz1>, priority 10
[  141.239184][ T5341] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  141.356610][ T5343] loop1: detected capacity change from 0 to 4096
[  141.400436][ T5343] EXT4-fs (loop1): Test dummy encryption mode enabled
[  141.418035][ T5343] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  141.420783][ T5343] System zones: 0-5
[  141.613281][ T5343] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption=v1,nodiscard,data_err=ignore,acl,journal_ioprio=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  142.477906][ T4231] tipc: Node number set to 2130706433
[  142.786382][ T5365] netlink: 'syz.2.346': attribute type 2 has an invalid length.
[  143.167131][ T5366] loop0: detected capacity change from 0 to 512
[  144.071743][ T5343] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-ce"
[  144.094525][ T5366] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback.
[  146.461177][ T5409] syz.2.355 sent an empty control message without MSG_MORE.
[  147.657785][ T5419] binder: 5418:5419 tried to acquire reference to desc 0, got 1 instead
[  147.718950][ T5419] binder: 5418:5419 BC_FREE_BUFFER u0000000020ffd000 no match
[  147.762633][ T4231] binder: release 5418:5419 transaction 50 out, still active
[  147.765047][ T4231] binder: undelivered TRANSACTION_COMPLETE
[  147.820834][ T5421] netlink: 28 bytes leftover after parsing attributes in process `syz.2.357'.
[  147.851175][ T4231] binder: send failed reply for transaction 50, target dead
[  147.853738][ T5426] netlink: 28 bytes leftover after parsing attributes in process `syz.2.357'.
[  149.087678][ T5443] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  149.926509][ T5451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.364'.
[  150.024083][ T5451] netlink: 12 bytes leftover after parsing attributes in process `syz.1.364'.
[  151.708263][ T5451] netlink: 156 bytes leftover after parsing attributes in process `syz.1.364'.
[  154.393309][ T5502] xt_TCPMSS: Only works on TCP SYN packets
[  154.492821][ T5507] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  155.352480][ T5512] netlink: 60 bytes leftover after parsing attributes in process `syz.5.382'.
[  160.975356][ T5574] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  161.219322][ T5578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.392'.
[  161.252730][ T5576] fuse: root generation should be zero
[  162.863754][ T5608] netlink: 'syz.5.402': attribute type 4 has an invalid length.
[  163.580210][ T5613] netlink: 'syz.5.402': attribute type 4 has an invalid length.
[  164.928301][ T5640] netlink: 12 bytes leftover after parsing attributes in process `syz.0.408'.
[  164.966812][ T5642] netlink: 4 bytes leftover after parsing attributes in process `syz.2.409'.
[  165.042822][ T5642] netlink: 12 bytes leftover after parsing attributes in process `syz.2.409'.
[  166.116597][ T5662] netlink: 'syz.0.414': attribute type 10 has an invalid length.
[  166.214501][ T5662] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  167.033625][ T5671] device syz_tun entered promiscuous mode
[  167.042217][ T5671] device vlan2 entered promiscuous mode
[  167.115464][ T5677] loop1: detected capacity change from 0 to 512
[  168.235166][ T5677] Quota error (device loop1): v2_read_file_info: Can't read info structure
[  168.238071][ T5677] EXT4-fs warning (device loop1): ext4_enable_quotas:6459: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[  168.277665][ T5677] EXT4-fs (loop1): mount failed
[  168.470832][ T5703] netlink: 60 bytes leftover after parsing attributes in process `syz.3.422'.
[  169.358719][ T4518] Bluetooth: hci1: command 0x0406 tx timeout
[  169.362618][ T4518] Bluetooth: hci2: command 0x0406 tx timeout
[  169.367429][ T4518] Bluetooth: hci0: command 0x0406 tx timeout
[  169.501600][ T5710] binder: 5709:5710 tried to acquire reference to desc 0, got 1 instead
[  169.562528][ T5721] binder: 5709:5721 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  169.566296][ T5721] binder: 5721 RLIMIT_NICE not set
[  169.567763][ T5721] binder: 5721 RLIMIT_NICE not set
[  169.580340][ T5721] binder: release 5709:5721 transaction 55 in, still active
[  169.582833][ T5721] binder: send failed reply for transaction 55 to 5709:5710
[  169.740181][ T5595] binder: undelivered TRANSACTION_COMPLETE
[  169.741946][ T5595] binder: undelivered TRANSACTION_ERROR: 29189
[  171.390696][ T5742] loop0: detected capacity change from 0 to 47
[  171.398263][ T5738] device veth0 entered promiscuous mode
[  171.451904][ T5740] tipc: New replicast peer: 0.0.0.0
[  171.454135][ T5740] tipc: Enabled bearer <udp:syz2>, priority 10
[  171.469307][ T5737] device veth0 left promiscuous mode
[  171.527717][ T5742] attempt to access beyond end of device
[  171.527717][ T5742] loop0: rw=2049, want=50, limit=47
[  171.537153][ T5742] Buffer I/O error on dev loop0, logical block 24, lost async page write
[  171.547260][ T5742] attempt to access beyond end of device
[  171.547260][ T5742] loop0: rw=2049, want=52, limit=47
[  171.561594][ T5742] Buffer I/O error on dev loop0, logical block 25, lost async page write
[  171.625019][ T5754] loop1: detected capacity change from 0 to 8
[  171.665209][ T1869] attempt to access beyond end of device
[  171.665209][ T1869] loop0: rw=1, want=50, limit=47
[  171.668328][ T1869] Buffer I/O error on dev loop0, logical block 24, lost async page write
[  171.702967][ T1869] attempt to access beyond end of device
[  171.702967][ T1869] loop0: rw=1, want=52, limit=47
[  171.706214][ T1869] Buffer I/O error on dev loop0, logical block 25, lost async page write
[  171.774833][ T5751] loop5: detected capacity change from 0 to 8192
[  171.810333][ T4277] Dev loop5: unable to read partition block 838860800
[  171.833399][ T4277]  loop5: RDSK (419430400) unable to read partition table
[  171.849635][ T4277] loop5: partition table beyond EOD, truncated
[  171.871652][ T5764] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  171.877312][ T5751] Dev loop5: unable to read partition block 838860800
[  171.887506][ T5751]  loop5: RDSK (419430400) unable to read partition table
[  171.890914][ T5751] loop5: partition table beyond EOD, truncated
[  171.892928][ T5751] loop_reread_partitions: partition scan of loop5 () failed (rc=-5)
[  172.004638][ T5772] loop1: detected capacity change from 0 to 512
[  172.017295][ T5772] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  172.024999][ T5772] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  172.032645][ T5772] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  172.045594][ T5772] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  172.049713][ T5772] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=e040e01c, mo2=0000]
[  173.128705][ T5772] EXT4-fs (loop1): failed to initialize system zone (-117)
[  173.130927][ T5772] EXT4-fs (loop1): mount failed
[  173.245385][ T5787] netlink: 16 bytes leftover after parsing attributes in process `syz.3.444'.
[  174.342594][ T5799] binder: 5798:5799 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  174.381468][ T5799] binder: 5799 RLIMIT_NICE not set
[  174.488750][ T5804] binder: 5798:5804 tried to acquire reference to desc 0, got 1 instead
[  174.507087][ T5799] binder: 5799 RLIMIT_NICE not set
[  174.509134][ T5799] binder: send failed reply for transaction 60 to 5798:5804
[  174.515692][ T5799] binder: 5798:5799 ioctl c0306201 20000280 returned -14
[  174.519582][ T4034] binder: undelivered TRANSACTION_COMPLETE
[  174.521239][ T4034] binder: undelivered TRANSACTION_ERROR: 29201
[  175.402921][ T5813] fuse: Bad value for 'fd'
[  176.416825][ T5829] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  176.419441][ T5829] IPv6: NLM_F_CREATE should be set when creating new route
[  177.815845][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.818162][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.372883][ T5862] dccp_close: ABORT with 32 bytes unread
[  180.769252][    C0] vcan0: j1939_tp_rxtimer: 0x00000000223b71d3: rx timeout, send abort
[  181.269341][    C0] vcan0: j1939_tp_rxtimer: 0x00000000d93bc27a: rx timeout, send abort
[  181.271859][    C0] vcan0: j1939_tp_rxtimer: 0x00000000223b71d3: abort rx timeout. Force session deactivation
[  181.771838][    C0] vcan0: j1939_tp_rxtimer: 0x00000000d93bc27a: abort rx timeout. Force session deactivation
[  182.494883][ T5829] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  182.530825][ T5829] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  183.443480][ T5887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.473'.
[  183.952054][ T5829] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  183.954574][ T5829] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  183.957060][ T5829] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  183.964925][ T5829] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  184.719842][ T5841] netlink: 4 bytes leftover after parsing attributes in process `syz.5.461'.
[  184.796404][ T5845] netlink: 12 bytes leftover after parsing attributes in process `syz.5.461'.
[  184.826559][ T5875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.470'.
[  187.624860][ T5944] netlink: 'syz.1.483': attribute type 10 has an invalid length.
[  187.684573][ T5944] bond0: (slave bridge0): Enslaving as an active interface with a down link
[  187.825574][ T5961] netlink: 'syz.3.489': attribute type 4 has an invalid length.
[  187.832491][ T5962] 9pnet: Unknown protocol version 9p20\++}
[  187.870914][ T5961] netlink: 'syz.3.489': attribute type 4 has an invalid length.
[  187.883325][ T5954] netlink: 4 bytes leftover after parsing attributes in process `syz.5.485'.
[  188.059583][ T5970] netlink: 24 bytes leftover after parsing attributes in process `syz.2.492'.
[  190.557327][ T6006] netlink: 4 bytes leftover after parsing attributes in process `syz.5.500'.
[  192.573108][ T4353] bond0: (slave wlan1): link status definitely down, disabling slave
[  192.592665][ T6024] netlink: 'syz.0.505': attribute type 10 has an invalid length.
[  192.605958][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  192.608138][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  192.628990][ T6024] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.631241][ T6024] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.547279][ T6024] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.549422][ T6024] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.551689][ T6024] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.553696][ T6024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.559107][ T6024] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  193.587741][ T6036] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  193.856915][ T6051] device veth0_vlan left promiscuous mode
[  193.980532][ T6051] device veth0_vlan entered promiscuous mode
[  193.985718][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.5.514'.
[  195.125360][ T6066] binder: 6065:6066 tried to acquire reference to desc 0, got 1 instead
[  195.148976][ T6066] binder: 6065:6066 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  195.157775][ T6066] binder: 6066 RLIMIT_NICE not set
[  195.165629][ T6066] binder: 6066 RLIMIT_NICE not set
[  195.202818][ T6066] binder: 6066 RLIMIT_NICE not set
[  195.204560][ T6066] binder: 6065:6066 got transaction with invalid parent offset or type
[  195.215017][ T6076] device batadv_slave_1 entered promiscuous mode
[  195.232279][ T6076] device veth1_virt_wifi entered promiscuous mode
[  195.236884][ T6066] binder: 6065:6066 transaction failed 29201/-22, size 88-24 line 3381
[  195.240556][ T6066] binder: send failed reply for transaction 65 to 6065:6066
[  195.273217][    T7] binder: undelivered TRANSACTION_ERROR: 29190
[  195.275217][    T7] binder: undelivered TRANSACTION_COMPLETE
[  195.276858][    T7] binder: undelivered TRANSACTION_ERROR: 29201
[  195.280645][ T6075] device veth1_virt_wifi left promiscuous mode
[  195.290672][ T6075] device batadv_slave_1 left promiscuous mode
[  195.343949][ T6084] loop0: detected capacity change from 0 to 512
[  195.401684][ T6084] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  195.458605][ T6084] EXT4-fs (loop0): 1 truncate cleaned up
[  195.460312][ T6084] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,dioread_lock,noauto_da_alloc,lazytime,nombcache,max_batch_time=0x000000000000000a,,errors=continue. Quota mode: none.
[  195.501089][ T6084] tipc: Started in network mode
[  195.512454][ T6084] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  195.520478][ T6084] tipc: Enabled bearer <eth:team0>, priority 0
[  195.527184][ T6101] netlink: 'syz.3.524': attribute type 10 has an invalid length.
[  195.534528][ T6101] bond0: (slave bridge0): Enslaving as an active interface with a down link
[  195.553692][ T6102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.525'.
[  195.572426][ T6102] team1 (uninitialized): Failed to send options change via netlink (err -105)
[  195.623175][ T6102] 8021q: adding VLAN 0 to HW filter on device team1
[  196.608060][ T6120] netlink: 168 bytes leftover after parsing attributes in process `syz.1.526'.
[  197.040455][   T21] tipc: Node number set to 11578026
[  197.243686][ T6127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.533'.
[  199.556253][ T6153] "syz.2.536" (6153) uses obsolete ecb(arc4) skcipher
[  199.681426][ T6155] xt_nat: multiple ranges no longer supported
[  199.703388][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'.
[  199.705972][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'.
[  199.708955][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'.
[  199.711377][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'.
[  202.222922][ T6171] netlink: 'syz.1.541': attribute type 4 has an invalid length.
[  202.367900][ T6182] netlink: 20 bytes leftover after parsing attributes in process `syz.1.545'.
[  202.376285][ T6180] loop0: detected capacity change from 0 to 8
[  202.382031][ T6182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.545'.
[  202.470870][ T6180] SQUASHFS error: xz decompression failed, data probably corrupt
[  202.473106][ T6180] SQUASHFS error: Failed to read block 0x108: -5
[  202.474883][ T6180] SQUASHFS error: Unable to read metadata cache entry [106]
[  202.483994][ T6180] SQUASHFS error: Unable to read inode 0x11f
[  202.516466][ T6188] netlink: 'syz.2.542': attribute type 10 has an invalid length.
[  202.526432][ T6188] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.528948][ T6188] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.418469][ T6188] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.420645][ T6188] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.422846][ T6188] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.424827][ T6188] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.453213][ T6188] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  204.140099][ T6220] loop0: detected capacity change from 0 to 2048
[  204.174943][ T6220] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  204.178182][ T6220] NILFS (loop0): mounting unchecked fs
[  204.199262][ T6091] udevd[6091]: incorrect nilfs2 checksum on /dev/loop0
[  204.312571][ T6220] NILFS (loop0): recovery required for readonly filesystem
[  204.320072][ T6220] NILFS (loop0): write access will be enabled during recovery
[  204.366051][ T6220] NILFS (loop0): norecovery option specified, skipping roll-forward recovery
[  204.433011][ T6220] NILFS (loop0): couldn't remount because the filesystem is in an incomplete recovery state
[  204.619288][ T6091] udevd[6091]: incorrect nilfs2 checksum on /dev/loop0
[  206.927490][ T6263] netlink: 'syz.5.561': attribute type 10 has an invalid length.
[  206.947288][ T6263] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.949708][ T6263] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.967621][ T6263] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.969790][ T6263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.972874][ T6263] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.975021][ T6263] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.998191][ T6263] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  207.012418][ T6267] netlink: 'syz.0.566': attribute type 1 has an invalid length.
[  207.058618][ T6267] device bond1 entered promiscuous mode
[  207.083929][ T6271] bond1: (slave ip6gretap1): making interface the new active one
[  207.098955][ T6271] device ip6gretap1 entered promiscuous mode
[  207.118685][ T6271] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  207.140037][ T6267] netlink: 28 bytes leftover after parsing attributes in process `syz.0.566'.
[  207.153499][ T6267] device bond1 left promiscuous mode
[  207.155058][ T6267] device ip6gretap1 left promiscuous mode
[  207.175469][ T6267] 8021q: adding VLAN 0 to HW filter on device bond1
[  207.394118][ T6283] tipc: Enabled bearer <eth:vlan0>, priority 18
[  207.488080][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.491113][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.493967][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.496725][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.499288][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.501946][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.504541][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.507187][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.510047][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  207.513020][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.574'.
[  208.323171][ T6295] loop0: detected capacity change from 0 to 256
[  208.358719][ T6295] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  208.385171][ T6295] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512
[  208.392471][ T6295] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[  208.393321][ T6293] device vlan4 entered promiscuous mode
[  208.397750][ T6295] UDF-fs: Scanning with blocksize 512 failed
[  208.423359][ T6295] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  208.447824][ T6295] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  214.195452][ T6342] __nla_validate_parse: 43 callbacks suppressed
[  214.195468][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.199775][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.202140][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.204573][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.207129][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.209521][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.211997][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.214356][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.216909][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.219239][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.587'.
[  214.396330][ T6343] netlink: 'syz.1.589': attribute type 10 has an invalid length.
[  216.306513][ T6363] loop0: detected capacity change from 0 to 1024
[  217.257960][ T4037] Bluetooth: hci3: link tx timeout
[  217.260238][ T4037] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  217.950915][ T6375] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  218.001322][ T6375] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  218.050232][ T6381] binder: 6379:6381 tried to acquire reference to desc 0, got 1 instead
[  218.071293][ T6381] binder: 6379:6381 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  218.095119][ T6381] binder: 6381 RLIMIT_NICE not set
[  218.105264][ T6381] binder: 6381 RLIMIT_NICE not set
[  218.107485][ T6381] binder: 6381 RLIMIT_NICE not set
[  218.109092][ T6381] binder: 6379:6381 Acquire 1 refcount change on invalid ref 5 ret -22
[  218.173672][   T21] binder: undelivered TRANSACTION_COMPLETE
[  218.212760][ T3615] binder: undelivered TRANSACTION_COMPLETE
[  218.214345][ T3615] binder: undelivered transaction 74, process died.
[  218.233723][ T6386] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  219.263993][ T6394] loop0: detected capacity change from 0 to 512
[  219.495734][ T6394] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  219.499506][ T6394] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  220.262997][   T13] Bluetooth: hci3: command 0x0406 tx timeout
[  220.309166][ T6394] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  220.312260][ T6394] EXT4-fs (loop0): orphan cleanup on readonly fs
[  220.338283][ T6394] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #11: comm syz.0.604: attempt to clear invalid blocks 1024 len 1
[  220.342716][ T6407] __nla_validate_parse: 43 callbacks suppressed
[  220.342729][ T6407] netlink: 44 bytes leftover after parsing attributes in process `syz.5.609'.
[  220.370256][ T6394] EXT4-fs (loop0): Remounting filesystem read-only
[  220.392655][ T6394] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.604: bg 0: block 361: padding at end of block bitmap is not set
[  220.408906][ T6394] EXT4-fs (loop0): Remounting filesystem read-only
[  220.411039][ T6394] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  220.419826][ T6394] EXT4-fs (loop0): Remounting filesystem read-only
[  220.421963][ T6394] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.604: invalid indirect mapped block 1811939328 (level 0)
[  220.438750][ T6394] EXT4-fs (loop0): Remounting filesystem read-only
[  220.440663][ T6394] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.604: invalid indirect mapped block 2185560079 (level 1)
[  220.448153][ T6394] EXT4-fs (loop0): Remounting filesystem read-only
[  220.450445][ T6394] EXT4-fs (loop0): 1 truncate cleaned up
[  220.472415][ T6394] EXT4-fs (loop0): mounted filesystem without journal. Opts: nojournal_checksum,noblock_validity,discard,errors=remount-ro,nomblk_io_submit. Quota mode: none.
[  220.523310][ T6411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.611'.
[  220.529717][ T6411] netlink: 12 bytes leftover after parsing attributes in process `syz.2.611'.
[  221.344476][   T26] audit: type=1326 audit(2799.282:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6393 comm="syz.0.604" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff922d9ba8 code=0x0
[  222.424971][ T6430] loop5: detected capacity change from 0 to 512
[  222.498626][ T6430] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  223.094686][ T6430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #2: comm syz.5.619: missing EA_INODE flag
[  223.103940][ T6430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.619: error while reading EA inode 2 err=-117
[  223.109045][ T6430] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  223.113005][ T6430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #2: comm syz.5.619: missing EA_INODE flag
[  223.218044][ T6430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.619: error while reading EA inode 2 err=-117
[  223.221980][ T6430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.619: inode #65536: comm syz.5.619: iget: illegal inode #
[  223.226890][ T6430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.619: error while reading EA inode 65536 err=-117
[  223.231135][ T6430] EXT4-fs (loop5): 1 orphan inode deleted
[  223.232835][ T6430] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,barrier=0x0000000000000004,debug_want_extra_isize=0x000000000000004c,minixdf,resgid=0x0000000000000000,nomblk_io_submit,usrjquota=,,errors=continue. Quota mode: none.
[  225.348823][ T6474] delete_channel: no stack
[  225.468042][ T6481] netlink: 'syz.1.640': attribute type 10 has an invalid length.
[  225.483817][ T6485] binder: 6484:6485 tried to acquire reference to desc 0, got 1 instead
[  225.492338][ T4101] binder: release 6484:6485 transaction 79 out, still active
[  225.494997][ T4101] binder: undelivered TRANSACTION_COMPLETE
[  225.497551][ T4101] binder: undelivered TRANSACTION_COMPLETE
[  225.527212][ T4101] binder: send failed reply for transaction 79, target dead
[  225.529719][ T4101] binder: undelivered transaction 80, process died.
[  225.618614][ T6481] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.639240][ T6481] team0: Failed to send port change of device bond0 via netlink (err -105)
[  225.653594][ T6481] team0: Failed to send options change via netlink (err -105)
[  225.690214][ T6481] team0: Port device bond0 added
[  225.699727][ T6451] netlink: 'syz.3.621': attribute type 2 has an invalid length.
[  225.702133][ T6451] netlink: 'syz.3.621': attribute type 1 has an invalid length.
[  225.709702][ T6451] netlink: 'syz.3.621': attribute type 1 has an invalid length.
[  227.020754][ T6504] futex_wake_op: syz.5.634 tries to shift op by 36; fix this program
[  227.191556][ T6508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.636'.
[  228.404567][ T6525] loop0: detected capacity change from 0 to 256
[  228.428449][ T6524] netlink: 12 bytes leftover after parsing attributes in process `syz.5.642'.
[  228.519465][ T6524] bridge2: port 1(veth0_to_bond) entered blocking state
[  228.521516][ T6524] bridge2: port 1(veth0_to_bond) entered disabled state
[  228.587679][ T6524] device veth0_to_bond entered promiscuous mode
[  228.624577][  T153] bond0: (slave bond_slave_0): link status definitely down, disabling slave
[  231.252635][ T6545] tc_dump_action: action bad kind
[  233.127701][ T6571] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253
[  233.129732][ T6571] PKCS7: Only support pkcs7_signedData type
[  233.182133][ T6573] loop5: detected capacity change from 0 to 512
[  233.215143][ T6573] EXT4-fs (loop5): Unrecognized mount option "dont_measure" or missing value
[  234.387031][ T6596] netlink: 'syz.2.666': attribute type 8 has an invalid length.
[  234.426214][ T6596] bridge0: port 3(syz_tun) entered blocking state
[  234.440706][ T6596] bridge0: port 3(syz_tun) entered disabled state
[  234.519980][ T6596] device syz_tun entered promiscuous mode
[  234.526324][ T6596] bridge0: port 3(syz_tun) entered blocking state
[  234.528689][ T6596] bridge0: port 3(syz_tun) entered forwarding state
[  237.716623][ T6660] netlink: 550 bytes leftover after parsing attributes in process `syz.2.682'.
[  237.773639][ T6652] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  239.455370][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.685'.
[  241.812740][ T6695] netlink: 12 bytes leftover after parsing attributes in process `syz.0.691'.
[  245.470066][ T6730] netlink: 'syz.0.701': attribute type 8 has an invalid length.
[  245.701422][ T6730] bridge0: port 3(syz_tun) entered blocking state
[  245.703739][ T6730] bridge0: port 3(syz_tun) entered disabled state
[  245.707861][ T6730] device syz_tun entered promiscuous mode
[  245.714763][ T6730] bridge0: port 3(syz_tun) entered blocking state
[  245.716615][ T6730] bridge0: port 3(syz_tun) entered forwarding state
[  245.719484][ T6733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.702'.
[  245.724593][ T6733] bridge0: port 3(syz_tun) entered disabled state
[  245.726590][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.728670][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.762482][ T4181] bond0: (slave bridge0): link status definitely down, disabling slave
[  246.144485][ T6739] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709
[  247.677134][ T6756] loop5: detected capacity change from 0 to 256
[  247.795241][ T6762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.711'.
[  247.843295][   T21] kernel write not supported for file /adsp1 (pid: 21 comm: kworker/1:0)
[  248.835077][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.719'.
[  248.839332][ T6780] bridge0: port 3(syz_tun) entered disabled state
[  248.841456][ T6780] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.843519][ T6780] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.872842][ T4180] bond0: (slave bridge0): link status definitely down, disabling slave
[  249.041571][ T4180] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.991260][ T6793] netlink: 16 bytes leftover after parsing attributes in process `syz.3.724'.
[  251.543174][ T6810] 9pnet: Insufficient options for proto=fd
[  251.547631][ T6818] loop0: detected capacity change from 0 to 8
[  251.653781][   T26] audit: type=1326 audit(2829.606:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.5.733" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x0
[  251.675154][   T26] audit: type=1326 audit(2829.626:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.3.734" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9fda9ba8 code=0x0
[  251.879551][ T6831] netlink: 8 bytes leftover after parsing attributes in process `syz.5.736'.
[  251.936449][ T6831] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.962810][ T4180] bond0: (slave bridge0): link status definitely down, disabling slave
[  251.998048][ T6818] SQUASHFS error: zlib decompression failed, data probably corrupt
[  252.006029][ T6818] SQUASHFS error: Failed to read block 0x9b: -5
[  252.016022][ T6818] SQUASHFS error: Unable to read metadata cache entry [99]
[  252.028560][ T6818] SQUASHFS error: Unable to read inode 0x127
[  252.110518][ T6842] loop5: detected capacity change from 0 to 256
[  254.255794][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  254.257587][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  254.775300][ T6857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.744'.
[  254.789908][ T6857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.744'.
[  257.877210][ T6882] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  260.892233][   T26] audit: type=1326 audit(2838.847:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  260.962317][   T26] audit: type=1326 audit(2838.917:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  260.975971][   T26] audit: type=1326 audit(2838.927:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=10 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.023712][   T26] audit: type=1326 audit(2838.927:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.056052][   T26] audit: type=1326 audit(2838.927:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.063057][   T26] audit: type=1326 audit(2838.927:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.069042][   T26] audit: type=1326 audit(2838.927:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.077483][   T26] audit: type=1326 audit(2838.927:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.083914][   T26] audit: type=1326 audit(2838.947:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.093592][   T26] audit: type=1326 audit(2838.947:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.761" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x7ffc0000
[  261.123010][ T6918] netlink: 'syz.3.764': attribute type 10 has an invalid length.
[  261.127333][ T6918] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  261.375875][ T6923] xt_ecn: cannot match TCP bits for non-tcp packets
[  261.479733][ T3615] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  261.761220][ T3615] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  261.833512][ T6934] mmap: syz.3.772 (6934) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  261.839957][ T3615] usb 1-1: config 0 has no interfaces?
[  261.841029][ T6934] Injecting memory failure for pfn 0x213dbd at process virtual address 0x2005b000
[  261.844613][ T6932] netlink: 'syz.2.771': attribute type 4 has an invalid length.
[  261.846699][ T6932] netlink: 152 bytes leftover after parsing attributes in process `syz.2.771'.
[  261.854950][ T6934] Memory failure: 0x213dbd: recovery action for reserved kernel page: Ignored
[  261.904164][ T6932] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  261.919839][ T3615] usb 1-1: config 0 has no interfaces?
[  262.029852][ T3615] usb 1-1: config 0 has no interfaces?
[  262.109837][ T3615] usb 1-1: config 0 has no interfaces?
[  262.745840][ T6945] ODEBUG: Out of memory. ODEBUG disabled
[  262.891075][ T6945] syz.5.773 (6945): drop_caches: 2
[  262.944443][ T3615] usb 1-1: config 0 has no interfaces?
[  263.072137][ T3615] usb 1-1: config 0 has no interfaces?
[  263.346087][ T3615] usb 1-1: config 0 has no interfaces?
[  264.361353][ T3615] usb 1-1: unable to read config index 7 descriptor/start: -71
[  264.363547][ T3615] usb 1-1: can't read configurations, error -71
[  264.413265][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.782'.
[  264.743810][ T6976] "syz.3.785" (6976) uses obsolete ecb(arc4) skcipher
[  268.457986][ T7002] MPTCP: kernel_bind error, err=-22
[  269.391185][ T7014] udc-core: couldn't find an available UDC or it's busy
[  269.418548][ T7014] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  269.565903][ T7028] netlink: 'syz.3.804': attribute type 1 has an invalid length.
[  269.577966][ T7028] 8021q: adding VLAN 0 to HW filter on device bond1
[  269.624358][ T7028] 8021q: adding VLAN 0 to HW filter on device bond1
[  269.633379][ T7028] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  269.749556][ T7028] bond1: (slave vxcan3): Error -22 calling dev_set_mtu
[  272.164375][ T7058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.812'.
[  272.174736][ T7048] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  272.181092][ T7048] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  272.227549][ T7057] netlink: 'syz.5.814': attribute type 5 has an invalid length.
[  272.354643][ T7063] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  276.229713][ T7102] netlink: 24 bytes leftover after parsing attributes in process `syz.5.826'.
[  276.866152][ T7104] DRBG: could not allocate digest TFM handle: hmac(sha384)
[  277.192492][ T7120] netlink: 'syz.1.828': attribute type 10 has an invalid length.
[  277.311924][ T7120] bond0: (slave wlan1): Enslaving as an active interface with a down link
[  277.467208][ T7124] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  277.493209][ T7124] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.858608][ T7134] ubi0: attaching mtd0
[  277.861159][ T7134] ubi0: scanning is finished
[  277.862480][ T7134] ubi0: empty MTD device detected
[  277.935031][ T7134] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  277.937296][ T7134] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  277.939582][ T7134] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  277.941572][ T7134] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  277.943524][ T7134] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  277.945358][ T7134] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  277.947896][ T7134] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2728587235
[  277.950711][ T7134] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  277.955163][ T7136] ubi0: detaching mtd0
[  278.194538][ T7136] ubi0: mtd0 is detached
[  279.105114][ T7145] 9pnet: Could not find request transport: 0xffffffffffffffff
[  284.760261][ T7194] netlink: 'syz.3.850': attribute type 1 has an invalid length.
[  285.358814][ T7266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.852'.
[  285.417005][ T7261] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  285.417005][ T7261] The task syz.1.851 (7261) triggered the difference, watch for misbehavior.
[  285.502354][ T7067] Set syz1 is full, maxelem 65536 reached
[  285.886997][ T7272] loop5: detected capacity change from 0 to 512
[  286.054650][ T7272] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  287.853797][ T7291] loop5: detected capacity change from 0 to 512
[  288.105577][ T7291] EXT2-fs (loop5): error: revision level too high, forcing read-only mode
[  288.108666][ T7291] EXT2-fs (loop5): 0.5b, 95/08/09, bs=4096, gc=1, bpg=32768, ipg=32, mo=a00a8]
[  289.341886][ T7305] netlink: 'syz.3.864': attribute type 33 has an invalid length.
[  289.344059][ T7305] netlink: 152 bytes leftover after parsing attributes in process `syz.3.864'.
[  292.040173][ T7325] netlink: 277 bytes leftover after parsing attributes in process `syz.1.871'.
[  294.799652][ T7361] netlink: 'syz.5.882': attribute type 3 has an invalid length.
[  294.814316][ T3615] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  294.831156][ T3615] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  294.840675][ T7361] loop5: detected capacity change from 0 to 1024
[  294.953868][ T7361] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  294.984722][ T3615] kernel write not supported for file /uhid (pid: 3615 comm: kworker/1:2)
[  295.181714][ T7364] fido_id[7364]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  295.508265][ T7381] netlink: 56 bytes leftover after parsing attributes in process `syz.2.887'.
[  295.515414][ T7381] netlink: 56 bytes leftover after parsing attributes in process `syz.2.887'.
[  295.604801][ T7385] tipc: Started in network mode
[  295.609389][ T7385] tipc: Node identity 7f000001, cluster identity 4711
[  295.611858][ T7385] tipc: Enabled bearer <udp:syz2>, priority 10
[  295.683624][ T7388] netlink: 28 bytes leftover after parsing attributes in process `syz.0.890'.
[  297.226637][ T7400] cgroup2: Unknown parameter 'pids_localevents'
[  297.249179][ T7400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.894'.
[  297.285695][ T4518] tipc: Node number set to 2130706433
[  298.528175][ T7441] loop0: detected capacity change from 0 to 1024
[  298.543977][ T7441] EXT4-fs (loop0): Ignoring removed oldalloc option
[  298.581312][ T7441] EXT4-fs (loop0): mounted filesystem without journal. Opts: stripe=0x0000000000000003,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,oldalloc,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  303.739444][ T7488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.921'.
[  303.851644][ T7488] device veth3 entered promiscuous mode
[  303.853523][ T7488] bridge4: port 1(veth3) entered blocking state
[  303.856078][ T7488] bridge4: port 1(veth3) entered disabled state
[  304.243150][ T7508] device ipip0 entered promiscuous mode
[  304.440665][ T7516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.932'.
[  304.444391][ T7516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.932'.
[  304.452159][   T26] kauditd_printk_skb: 2 callbacks suppressed
[  304.452170][   T26] audit: type=1326 audit(2882.402:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7515 comm="syz.0.932" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff922d9ba8 code=0x0
[  304.506411][ T7518] netlink: 80 bytes leftover after parsing attributes in process `syz.2.933'.
[  304.509279][ T7518] netlink: 80 bytes leftover after parsing attributes in process `syz.2.933'.
[  304.513254][ T7518] netlink: 80 bytes leftover after parsing attributes in process `syz.2.933'.
[  307.982552][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.953'.
[  308.037062][ T7581] udc-core: couldn't find an available UDC or it's busy
[  308.039203][ T7581] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  308.051751][ T7584] device batadv_slave_1 entered promiscuous mode
[  308.054728][ T7583] device batadv_slave_1 left promiscuous mode
[  308.642356][ T4033] device syz_tun left promiscuous mode
[  308.644272][ T4033] bridge0: port 3(syz_tun) entered disabled state
[  308.878173][ T7595] netlink: 8 bytes leftover after parsing attributes in process `syz.3.960'.
[  313.244788][   T13] Bluetooth: hci0: command 0x0409 tx timeout
[  313.390791][ T7644] netlink: 'syz.3.974': attribute type 1 has an invalid length.
[  313.447657][ T7644] bond2: (slave gretap1): making interface the new active one
[  313.451374][ T7644] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  313.527898][ T7614] chnl_net:caif_netlink_parms(): no params data found
[  314.274711][ T7614] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.285114][ T7614] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.290473][ T7614] device bridge_slave_0 entered promiscuous mode
[  314.309190][ T7614] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.316934][ T7614] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.328071][ T7614] device bridge_slave_1 entered promiscuous mode
[  314.391565][ T7614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  314.397488][ T7614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  314.430267][ T7614] team0: Port device team_slave_0 added
[  314.443861][ T7614] team0: Port device team_slave_1 added
[  314.475700][ T7614] batman_adv: batadv0: Adding interface: batadv_slave_0
[  314.477689][ T7614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  314.499650][ T7614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  314.508868][ T7614] batman_adv: batadv0: Adding interface: batadv_slave_1
[  314.510773][ T7614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  314.525942][ T7614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  314.689877][ T7676] ptrace attach of "./syz-executor exec"[4036] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  314.805539][ T7614] device hsr_slave_0 entered promiscuous mode
[  314.838325][ T7681] netlink: 12 bytes leftover after parsing attributes in process `syz.5.984'.
[  315.468715][ T4046] Bluetooth: hci0: command 0x041b tx timeout
[  315.474220][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  315.475996][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  315.577315][ T7614] device hsr_slave_1 entered promiscuous mode
[  315.604147][ T7614] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  315.606366][ T7614] Cannot create hsr debugfs directory
[  315.706720][ T7689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.987'.
[  315.768053][ T7689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.987'.
[  315.803590][ T7695] loop5: detected capacity change from 0 to 512
[  315.827653][ T7695] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  315.846627][ T7695] EXT4-fs (loop5): 1 truncate cleaned up
[  315.848215][ T7695] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,nombcache,barrier=0x000000000000ffff,nodelalloc,noblock_validity,barrier=0x0000000000000000,,errors=continue. Quota mode: none.
[  315.886775][ T7694] netlink: 71 bytes leftover after parsing attributes in process `syz.5.989'.
[  316.039902][ T7614] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  316.082538][ T7614] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  316.296398][ T7614] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  317.473867][   T21] Bluetooth: hci0: command 0x040f tx timeout
[  317.486318][ T7614] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  317.651627][ T7717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.995'.
[  317.667701][ T7717] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  317.757492][ T7727] netlink: 24 bytes leftover after parsing attributes in process `syz.1.999'.
[  318.641502][ T7614] 8021q: adding VLAN 0 to HW filter on device bond0
[  318.666067][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  318.669266][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  318.673396][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1005'.
[  318.685973][ T7614] 8021q: adding VLAN 0 to HW filter on device team0
[  318.704037][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  318.722101][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  318.727174][ T7238] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.729424][ T7238] bridge0: port 1(bridge_slave_0) entered forwarding state
[  318.745319][ T7754] x_tables: unsorted entry at hook 1
[  318.751189][ T3615] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  318.755686][ T3615] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  318.765988][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  318.791616][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  318.802288][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  318.814900][ T7238] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.816935][ T7238] bridge0: port 2(bridge_slave_1) entered forwarding state
[  319.020762][ T7756] fido_id[7756]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  320.474674][ T7776] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1013'.
[  320.558721][ T7776] HTB: quantum of class 801D0010 is big. Consider r2q change.
[  320.630078][ T3615] Bluetooth: hci0: command 0x0419 tx timeout
[  320.683842][ T4518] Bluetooth: hci3: command 0x0409 tx timeout
[  321.619784][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  321.623031][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  321.641622][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  321.667741][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  321.694885][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  321.712065][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  321.741226][ T7614] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  321.887516][ T7614] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  322.600195][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  322.603988][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  322.607102][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  322.611053][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  322.614009][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  322.624573][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  324.977957][ T7822] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1023'.
[  324.981049][ T7822] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1023'.
[  325.371400][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  325.374663][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  325.394134][ T7828] udc-core: couldn't find an available UDC or it's busy
[  325.396278][ T7828] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  325.411362][ T7614] 8021q: adding VLAN 0 to HW filter on device batadv0
[  325.442512][ T7832] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1027'.
[  325.519838][ T7832] bond1 (unregistering): Released all slaves
[  325.718524][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  325.722483][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  325.762597][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  325.772575][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  325.778379][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  325.792414][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  325.804312][ T7614] device veth0_vlan entered promiscuous mode
[  325.815719][ T7614] device veth1_vlan entered promiscuous mode
[  325.851978][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  325.862964][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  325.868376][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  325.882617][ T7241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  325.897620][ T7614] device veth0_macvtap entered promiscuous mode
[  325.907898][ T7614] device veth1_macvtap entered promiscuous mode
[  325.955199][ T7614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  325.971776][ T7614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  325.996144][ T7614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  326.003629][ T7614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.010363][ T7614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  326.016803][ T7614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.027027][ T7614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  326.032425][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  326.035649][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  326.038543][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  326.067073][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  326.077818][ T7614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.080727][ T7614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.083476][ T7614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.098166][ T7614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.108969][ T7614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.118913][ T7614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.133081][ T7614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  326.148446][ T7614] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  326.171760][ T7614] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  326.190591][ T7614] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  326.208736][ T7614] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  326.256957][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  326.260398][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  327.503375][ T4182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.513976][ T4182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.553334][  T309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  327.624317][ T4182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.627031][ T4182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.632610][ T4198] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  328.581735][ T7881] netlink: 'syz.6.963': attribute type 1 has an invalid length.
[  328.587363][ T7881] device ip6erspan0 entered promiscuous mode
[  333.544059][ T7908] tipc: Bearer <ib:wg2>: already 2 bearers with priority 10
[  333.546149][ T7908] tipc: Bearer <ib:wg2>: trying with adjusted priority
[  333.548258][ T7908] tipc: Enabled bearer <ib:wg2>, priority 9
[  333.671810][ T7918] binder: 7917:7918 tried to acquire reference to desc 0, got 1 instead
[  333.677267][ T7921] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1052'.
[  333.697210][ T7918] binder: 7917:7918 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 30)
[  333.700633][ T7918] binder: 7918 RLIMIT_NICE not set
[  333.702070][ T7918] binder: 7918 RLIMIT_NICE not set
[  333.726842][ T7918] binder: release 7917:7918 transaction 85 in, still active
[  333.734180][ T7921] netlink: 'syz.3.1052': attribute type 1 has an invalid length.
[  333.737000][ T7921] netlink: 'syz.3.1052': attribute type 2 has an invalid length.
[  333.753752][ T7918] binder: send failed reply for transaction 85 to 7917:7918
[  333.831297][ T7925] sch_fq: defrate 0 ignored.
[  333.894060][ T4078] binder: undelivered TRANSACTION_COMPLETE
[  333.895866][ T4078] binder: undelivered TRANSACTION_ERROR: 29189
[  335.866375][ T7942] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1060'.
[  335.873010][ T7942] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1060'.
[  336.469858][ T7950] binder: 7949:7950 tried to acquire reference to desc 0, got 1 instead
[  336.477075][ T7950] binder: 7949:7950 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  336.480781][ T7950] binder: 7950 RLIMIT_NICE not set
[  336.482182][ T7950] binder: 7950 RLIMIT_NICE not set
[  336.485069][ T7950] binder: 7950 RLIMIT_NICE not set
[  336.487360][ T7950] binder: undelivered TRANSACTION_COMPLETE
[  336.488957][ T7950] binder: undelivered transaction 91, process died.
[  336.550279][ T4046] binder: undelivered TRANSACTION_COMPLETE
[  337.183741][ T7968] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1065'.
[  339.010498][ T7987] netlink: 'syz.6.1073': attribute type 1 has an invalid length.
[  339.030457][ T7989] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1074'.
[  339.127129][ T7987] device veth3 entered promiscuous mode
[  339.269616][ T7997] device batadv0 entered promiscuous mode
[  339.272239][ T7997] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  339.276182][ T7997] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  343.653474][ T4159] Bluetooth: hci3: command 0x0406 tx timeout
[  346.637265][ T8070] set match dimension is over the limit!
[  347.381672][ T8080] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1100'.
[  347.400027][ T8080] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1100'.
[  351.248529][ T8104] device syzkaller0 entered promiscuous mode
[  351.270157][ T4078] syzkaller0: tun_net_xmit 48
[  351.328753][ T8124] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  353.413012][ T8156] loop6: detected capacity change from 0 to 128
[  353.461153][ T8156] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  353.465837][ T8151] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'.
[  356.503524][ T8198] netlink: 'syz.1.1132': attribute type 1 has an invalid length.
[  356.548368][ T8198] 8021q: adding VLAN 0 to HW filter on device bond1
[  356.734825][ T8198] bond1: (slave vlan6): making interface the new active one
[  356.739176][ T8198] bond1: (slave vlan6): Enslaving as an active interface with an up link
[  356.742274][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  357.029996][ T8223] loop6: detected capacity change from 0 to 64
[  357.089529][ T8223] BFS-fs: bfs_fill_super(): loop6 is unclean, continuing
[  358.932830][ T8252] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1144'.
[  362.578397][ T8276] xt_TCPMSS: Only works on TCP SYN packets
[  362.731477][ T8280] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1152'.
[  363.115336][ T8290] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[  368.238076][ T8333] loop5: detected capacity change from 0 to 512
[  369.439118][ T8333] EXT4-fs (loop5): 1 orphan inode deleted
[  369.440886][ T8333] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  369.447173][ T8345] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  370.346108][ T8357] netlink: 'syz.5.1185': attribute type 10 has an invalid length.
[  370.361147][ T8357] device syz_tun entered promiscuous mode
[  370.405591][ T8357] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  371.568513][ T8376] xt_TCPMSS: Only works on TCP SYN packets
[  372.660893][ T8384] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1186'.
[  372.671769][ T8386] netlink: 'syz.6.1194': attribute type 10 has an invalid length.
[  372.675828][ T8386] device syz_tun entered promiscuous mode
[  372.838498][ T8386] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  376.974407][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  376.976429][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  377.864502][ T8424] netlink: 'syz.6.1197': attribute type 1 has an invalid length.
[  377.934265][ T8424] 8021q: adding VLAN 0 to HW filter on device bond1
[  378.158610][ T8424] 8021q: adding VLAN 0 to HW filter on device bond1
[  378.160965][ T8424] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  378.182610][ T8424] bond1: (slave vxcan3): Error -22 calling dev_set_mtu
[  380.982469][ T8450] siw: device registration error -23
[  381.324770][ T8472] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1210'.
[  383.416774][ T8468] loop5: detected capacity change from 0 to 512
[  383.433896][ T8468] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  383.443288][ T8481] netlink: 'syz.1.1211': attribute type 10 has an invalid length.
[  383.471100][ T8481] device syz_tun entered promiscuous mode
[  383.531539][ T8481] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  383.557037][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  383.620974][ T8468] EXT4-fs (loop5): 1 truncate cleaned up
[  383.622677][ T8468] EXT4-fs (loop5): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000400,errors=continue,nombcache,user_xattr,jqfmt=vfsv1,nouid32,,errors=continue. Quota mode: none.
[  385.834284][ T8514] siw: device registration error -23
[  386.017002][ T8519] 8021q: adding VLAN 0 to HW filter on device bond2
[  386.098220][ T8526] loop6: detected capacity change from 0 to 8
[  386.231392][ T8526] SQUASHFS error: zlib decompression failed, data probably corrupt
[  386.237971][ T8526] SQUASHFS error: Failed to read block 0x9b: -5
[  386.239794][ T8526] SQUASHFS error: Unable to read metadata cache entry [99]
[  386.241793][ T8526] SQUASHFS error: Unable to read inode 0x127
[  389.253295][ T8537] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1230'.
[  390.756865][ T8555] syz.6.1229 (8555): drop_caches: 2
[  390.864548][ T4180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  390.884472][ T4180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.919216][ T8552] netlink: 'syz.2.1233': attribute type 10 has an invalid length.
[  390.933788][ T8552] bridge0: port 3(syz_tun) entered disabled state
[  391.059738][ T8552] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  391.278403][ T8560] netlink: 'syz.1.1237': attribute type 33 has an invalid length.
[  391.286437][ T8560] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1237'.
[  391.409336][ T4352] tipc: Subscription rejected, illegal request
[  391.532274][ T8557] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1236'.
[  391.741534][ T4180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  391.762105][ T4180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.122283][ T4180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  393.150454][ T4180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  393.342832][ T8595] kernel read not supported for file /šLŲ (pid: 8595 comm: syz.3.1246)
[  393.374990][ T4180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  393.388289][ T4180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.494509][ T4180] tipc: Disabling bearer <eth:team0>
[  394.505506][   T26] audit: type=1326 audit(2972.469:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8600 comm="syz.1.1248" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x0
[  394.566332][ T8615] loop6: detected capacity change from 0 to 128
[  394.572424][ T4180] tipc: Disabling bearer <eth:vlan0>
[  394.586149][ T4180] tipc: Left network mode
[  395.335738][ T4180] bond1: (slave ip6gretap1): Releasing active interface
[  395.368947][ T8615] 9pnet: Could not find request transport: f
[  396.485788][ T4352] attempt to access beyond end of device
[  396.485788][ T4352] loop6: rw=1, want=569, limit=128
[  396.583866][ T8633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1256'.
[  396.599498][ T8638] netlink: 277 bytes leftover after parsing attributes in process `syz.6.1255'.
[  399.701093][ T8666] netlink: 'syz.5.1263': attribute type 4 has an invalid length.
[  399.739571][ T8669] xt_ipcomp: unknown flags B
[  400.728912][ T8680] cgroup2: Unknown parameter 'pids_localevents'
[  400.740885][ T8680] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1268'.
[  401.872071][ T4180] bond0: (slave wlan1): Releasing backup interface
[  402.699786][ T8736] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  402.707479][ T8736] CIFS mount error: No usable UNC path provided in device string!
[  402.707479][ T8736] 
[  402.710447][ T8736] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  403.581067][ T8729] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1275'.
[  404.024802][ T8751] loop6: detected capacity change from 0 to 8
[  404.560297][ T8751] SQUASHFS error: zlib decompression failed, data probably corrupt
[  404.562696][ T8751] SQUASHFS error: Failed to read block 0x9b: -5
[  404.564464][ T8751] SQUASHFS error: Unable to read metadata cache entry [99]
[  404.566419][ T8751] SQUASHFS error: Unable to read inode 0x127
[  406.292322][ T4180] device hsr_slave_0 left promiscuous mode
[  406.486936][ T4180] device hsr_slave_1 left promiscuous mode
[  406.733835][ T4180] batman_adv: batadv0: Interface deactivated: dummy0
[  406.735837][ T4180] batman_adv: batadv0: Removing interface: dummy0
[  406.738982][ T4180] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  406.741060][ T4180] batman_adv: batadv0: Removing interface: batadv_slave_0
[  406.746987][ T4180] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  406.753473][ T4180] batman_adv: batadv0: Removing interface: batadv_slave_1
[  406.756843][ T4180] device bridge_slave_1 left promiscuous mode
[  406.956193][ T4180] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.557486][ T4180] device bridge_slave_0 left promiscuous mode
[  407.559410][ T4180] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.923011][ T4180] device veth1_macvtap left promiscuous mode
[  407.924868][ T4180] device veth0_macvtap left promiscuous mode
[  407.926560][ T4180] device veth1_vlan left promiscuous mode
[  407.928209][ T4180] device veth0_vlan left promiscuous mode
[  409.622385][ T8808] sctp: [Deprecated]: syz.6.1295 (pid 8808) Use of int in max_burst socket option.
[  409.622385][ T8808] Use struct sctp_assoc_value instead
[  409.726757][ T4180] bond2 (unregistering): Released all slaves
[  409.742372][ T4180] bond1 (unregistering): Released all slaves
[  409.917294][ T4180] team0 (unregistering): Port device team_slave_1 removed
[  409.928356][ T4180] team0 (unregistering): Port device team_slave_0 removed
[  409.937469][ T4180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  409.992737][ T4180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  410.184090][ T4180] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  410.234389][ T4180] bond0 (unregistering): Released all slaves
[  410.456940][ T8771] bond0: (slave syz_tun): Releasing backup interface
[  410.501981][ T8771] bond0: (slave bridge0): Releasing backup interface
[  410.546886][ T8771] device bridge_slave_0 left promiscuous mode
[  410.548806][ T8771] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.584922][ T8771] device bridge_slave_1 left promiscuous mode
[  410.586719][ T8771] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.637157][ T8771] bond0: (slave bond_slave_0): Releasing backup interface
[  410.675191][ T8771] bond0: (slave bond_slave_1): Releasing backup interface
[  410.722765][ T8771] team0: Port device team_slave_0 removed
[  410.731905][ T8771] team0: Port device team_slave_1 removed
[  410.738148][ T8771] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.740926][ T8771] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.750284][ T8771] bond2: (slave gretap1): Releasing active interface
[  410.886901][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  410.893948][ T8771] bond0: (slave macvlan2): Releasing backup interface
[  411.540328][ T8771] device batadv0 left promiscuous mode
[  411.613859][ T8780] netlink: 'syz.3.1287': attribute type 10 has an invalid length.
[  411.617075][ T8780] 8021q: adding VLAN 0 to HW filter on device bond0
[  411.619309][ T8780] team0: Device bond0 failed to register rx_handler
[  411.638132][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1287'.
[  412.876538][ T8830] loop5: detected capacity change from 0 to 128
[  414.009015][ T8845] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1306'.
[  414.189130][ T8859] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1308'.
[  414.221756][ T8859] loop5: detected capacity change from 0 to 1024
[  414.246485][ T8852] loop6: detected capacity change from 0 to 4096
[  414.389548][ T8870] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  414.433147][ T8852] NILFS (loop6): corrupt root inode
[  414.470398][ T8859] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  414.519095][ T8859] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.1308: bg 0: block 260: invalid block bitmap
[  414.899997][ T8859] smc: net device bond0 applied user defined pnetid SYZ0
[  414.916757][ T8859] smc: net device bond0 erased user defined pnetid SYZ0
[  414.930151][ T8880] xt_bpf: check failed: parse error
[  416.188579][ T8897] loop5: detected capacity change from 0 to 512
[  416.875076][ T8897] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  417.129267][ T8911] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1322'.
[  419.239395][ T8930] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1329'.
[  419.335160][ T8934] netlink: 'syz.6.1330': attribute type 1 has an invalid length.
[  420.407746][ T8946] bond2: (slave gretap1): making interface the new active one
[  420.411275][ T8946] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  420.443907][ T8934] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1330'.
[  420.447685][ T8934] 8021q: adding VLAN 0 to HW filter on device bond2
[  424.167996][ T9003] loop6: detected capacity change from 0 to 2048
[  424.371576][ T9014] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  425.181065][ T9024] netlink: 'syz.2.1347': attribute type 10 has an invalid length.
[  425.218504][ T9024] 8021q: adding VLAN 0 to HW filter on device team0
[  425.221765][ T9024] bond0: (slave team0): Enslaving as an active interface with an up link
[  425.279494][ T9028] netlink: 'syz.2.1347': attribute type 1 has an invalid length.
[  427.265502][ T9056] xt_ipcomp: unknown flags B
[  427.343241][ T9058] loop5: detected capacity change from 0 to 256
[  427.461530][ T9058] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  430.954587][ T9083] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1359'.
[  431.052015][ T9083] netlink: 'syz.5.1359': attribute type 1 has an invalid length.
[  431.057952][ T9083] netlink: 'syz.5.1359': attribute type 2 has an invalid length.
[  431.666349][ T9098] udc-core: couldn't find an available UDC or it's busy
[  431.668321][ T9098] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  431.882687][ T9104] loop5: detected capacity change from 0 to 4096
[  432.963878][ T9104] ntfs: (device loop5): parse_options(): NLS character set iso8859 not found. Using previous one default.
[  433.028891][ T9116] sch_fq: defrate 0 ignored.
[  433.045835][ T9104] ntfs: volume version 3.1.
[  433.980786][ T9123] tipc: Started in network mode
[  433.982249][ T9123] tipc: Node identity ac1414aa, cluster identity 4711
[  434.009260][ T9123] tipc: Enabled bearer <udp:s>, priority 10
[  434.066937][ T9133] xt_ipcomp: unknown flags B
[  435.235568][ T4088] tipc: Node number set to 2886997162
[  435.894965][ T4046] Bluetooth: hci0: command 0x0406 tx timeout
[  437.476333][ T9166] binder: BINDER_SET_CONTEXT_MGR already set
[  437.699312][ T9166] binder: 9162:9166 ioctl 4018620d 20000040 returned -16
[  438.246923][ T9172] binder: tried to use weak ref as strong ref
[  438.248602][ T9172] binder: 9162:9172 Acquire 1 refcount change on invalid ref 0 ret -22
[  439.226349][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  439.228210][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  439.250961][ T9172] binder: 9162:9172 got transaction to invalid handle, 1
[  439.253070][ T9172] binder: 9162:9172 transaction failed 29201/-22, size 0-0 line 2917
[  440.553913][ T9175] tipc: Failed to obtain node identity
[  440.555459][ T9175] tipc: Enabling of bearer <ib:wg2> rejected, failed to enable media
[  440.652675][ T9185] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  440.767833][ T9185] loop6: detected capacity change from 0 to 256
[  440.807739][ T4078] binder: undelivered TRANSACTION_ERROR: 29201
[  441.694451][ T9185] FAT-fs (loop6): error, corrupted file size (i_pos 196, 2097152)
[  441.699829][ T9185] FAT-fs (loop6): Filesystem has been set read-only
[  441.864043][ T9192] device batadv0 entered promiscuous mode
[  441.866049][ T9192] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  441.869545][ T9192] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  444.746662][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1392'.
[  444.750301][ T9226] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1393'.
[  444.753432][ T9225] device bridge_slave_1 left promiscuous mode
[  444.757133][ T9225] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.826901][ T9225] device bridge_slave_0 left promiscuous mode
[  444.829046][ T9225] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.868128][ T9225] bond0: (slave bridge0): Releasing backup interface
[  445.026768][ T9226] netlink: 'syz.6.1393': attribute type 1 has an invalid length.
[  445.029204][ T9226] netlink: 'syz.6.1393': attribute type 2 has an invalid length.
[  448.809269][ T9273] loop5: detected capacity change from 0 to 2048
[  449.028025][ T9273] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  449.036410][ T9284] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1408'.
[  449.042005][ T9284] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1408'.
[  452.142281][ T9337] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  452.650836][   T26] audit: type=1326 audit(3030.609:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9343 comm="syz.1.1424" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1482ba8 code=0x0
[  452.657508][ T9341] bond0: (slave syz_tun): Releasing backup interface
[  455.759366][ T9341] bond0: (slave bridge0): Releasing backup interface
[  455.831972][ T9341] bond0: (slave team0): Releasing backup interface
[  455.924575][ T9341] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  455.931075][ T9341] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  455.933631][ T9341] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  456.003348][ T9379] loop5: detected capacity change from 0 to 16
[  456.088343][ T9379] erofs: (device loop5): mounted with root inode @ nid 36.
[  456.356048][ T9379] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  456.566639][ T9379] erofs: (device loop5): z_erofs_readpage: failed to read, err [-117]
[  456.626028][ T9341] device bridge_slave_0 left promiscuous mode
[  456.628158][ T9341] bridge0: port 1(bridge_slave_0) entered disabled state
[  456.872154][ T9341] device bridge_slave_1 left promiscuous mode
[  456.874487][ T9341] bridge0: port 2(bridge_slave_1) entered disabled state
[  456.968718][ T9341] bond0: (slave bond_slave_0): Releasing backup interface
[  457.599761][ T9341] bond0: (slave bond_slave_1): Releasing backup interface
[  457.674081][ T9341] team0: Port device team_slave_0 removed
[  457.711798][ T9341] team0: Port device team_slave_1 removed
[  457.716156][ T9341] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  457.718545][ T9341] batman_adv: batadv0: Removing interface: batadv_slave_0
[  457.722129][ T9341] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  457.724726][ T9341] batman_adv: batadv0: Removing interface: batadv_slave_1
[  457.741185][ T9341] bond1: (slave veth3): Releasing active interface
[  457.843541][ T9341] bond0: (slave macvlan2): Releasing backup interface
[  457.852923][ T9393] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  457.861732][ T9393] loop5: detected capacity change from 0 to 256
[  457.886470][ T9341] device batadv0 left promiscuous mode
[  457.911866][ T9393] FAT-fs (loop5): error, corrupted file size (i_pos 196, 2097152)
[  457.915059][ T9393] FAT-fs (loop5): Filesystem has been set read-only
[  457.932832][ T9356] netlink: 'syz.2.1434': attribute type 10 has an invalid length.
[  457.943632][ T9356] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.949242][ T9356] team0: Port device bond0 added
[  457.952761][ T9360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1434'.
[  458.020288][ T9360] team0 (unregistering): Port device bond0 removed
[  458.070123][ T9378] netlink: 'syz.3.1431': attribute type 1 has an invalid length.
[  458.110806][ T9378] 8021q: adding VLAN 0 to HW filter on device bond3
[  458.125689][ T9380] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  458.437528][ T9382] bond3: (slave vlan4): Opening slave failed
[  463.221620][ T9440] netlink: 'syz.1.1456': attribute type 10 has an invalid length.
[  464.626658][ T9463] bond0: (slave syz_tun): Releasing backup interface
[  464.872597][ T9463] bond0: (slave bridge0): Releasing backup interface
[  464.898583][ T9463] bond0: (slave bridge0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  464.981614][ T9463] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  465.040061][ T9463] team0: Port device bond0 removed
[  465.042461][ T9463] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  465.067543][ T9463] bond0: (slave wlan1): Releasing backup interface
[  465.759469][ T9463] bridge4: port 1(veth3) entered disabled state
[  465.854206][ T9463] bond1: (slave vlan6): Releasing active interface
[  465.934327][ T9467] netlink: 'syz.1.1451': attribute type 10 has an invalid length.
[  465.939967][ T9467] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.961324][ T9467] team0: Port device bond0 added
[  465.963164][ T9471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1451'.
[  466.030636][ T9471] team0 (unregistering): Port device bond0 removed
[  467.303926][ T9476] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1455'.
[  467.306576][ T9476] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1455'.
[  467.345125][ T9483] netlink: 'syz.3.1455': attribute type 10 has an invalid length.
[  468.869889][ T9503] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1462'.
[  470.442030][ T9549] overlayfs: conflicting options: userxattr,redirect_dir=follow
[  470.744484][ T9565] bond0: (slave syz_tun): Releasing backup interface
[  470.802819][ T9565] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  470.812428][ T9565] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  470.816789][ T9565] device bridge_slave_0 left promiscuous mode
[  470.818772][ T9565] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.991348][ T9565] device bridge_slave_1 left promiscuous mode
[  470.993623][ T9565] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.636882][ T9565] bond0: (slave bond_slave_0): Releasing backup interface
[  472.802586][ T9565] bond0: (slave bond_slave_1): Releasing backup interface
[  473.577844][ T9565] team0: Port device team_slave_0 removed
[  473.607131][ T9565] team0: Port device team_slave_1 removed
[  473.609457][ T9565] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  473.622052][ T9565] batman_adv: batadv0: Removing interface: batadv_slave_0
[  473.626058][ T9565] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  473.628157][ T9565] batman_adv: batadv0: Removing interface: batadv_slave_1
[  473.644745][ T9565] bond2: (slave gretap1): Releasing active interface
[  473.743539][ T9568] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  473.811711][ T9571] netlink: 'syz.6.1475': attribute type 10 has an invalid length.
[  473.822924][ T9571] 8021q: adding VLAN 0 to HW filter on device bond0
[  473.842851][ T9571] team0: Port device bond0 added
[  473.847079][ T9575] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1475'.
[  473.892827][ T9575] team0 (unregistering): Port device bond0 removed
[  473.958360][ T9588] netlink: 'syz.3.1481': attribute type 1 has an invalid length.
[  476.650463][ T9625] fuse: Bad value for 'fd'
[  476.709452][ T9628] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  478.784170][ T9653] netlink: 'syz.3.1497': attribute type 10 has an invalid length.
[  479.463759][ T9653] bond0: (slave wlan1): Enslaving as an active interface with a down link
[  479.544267][ T9660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1499'.
[  480.613257][ T9687] netlink: 'syz.1.1505': attribute type 10 has an invalid length.
[  480.803553][ T9687] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1505'.
[  480.822660][ T9687] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  481.368193][ T9700] tmpfs: Bad value for 'size'
[  483.194416][ T9712] netlink: 'syz.6.1514': attribute type 10 has an invalid length.
[  485.909095][ T9712] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  486.056928][ T9738] netlink: 'syz.3.1519': attribute type 1 has an invalid length.
[  486.107752][ T9738] 8021q: adding VLAN 0 to HW filter on device bond4
[  486.179238][ T9745] bond4: (slave gretap2): making interface the new active one
[  486.196484][ T9745] bond4: (slave gretap2): Enslaving as an active interface with an up link
[  486.236640][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[  486.309767][ T9756] overlayfs: conflicting options: userxattr,redirect_dir=follow
[  486.386305][ T9763] tmpfs: Bad value for 'size'
[  487.852357][ T9779] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1528'.
[  487.952952][ T9784] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  489.073442][ T9822] netlink: 'syz.2.1533': attribute type 10 has an invalid length.
[  489.095794][ T9822] bond0: (slave wlan1): Enslaving as an active interface with a down link
[  489.932310][ T9850] tmpfs: Bad value for 'size'
[  494.651822][ T9906] tmpfs: Bad value for 'size'
[  499.724092][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  499.725853][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  502.076157][ T9963] tipc: Enabling of bearer <eth:syzkaller0> rejected, max 3 bearers permitted
[  502.101521][ T9966] netlink: 'syz.3.1568': attribute type 1 has an invalid length.
[  502.291066][ T9966] 8021q: adding VLAN 0 to HW filter on device bond5
[  504.113265][ T9990] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1577'.
[  504.315492][ T9995] overlayfs: conflicting options: userxattr,redirect_dir=follow
[  504.532848][T10011] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  507.375852][T10045] netlink: 'syz.5.1592': attribute type 1 has an invalid length.
[  508.339415][T10045] 8021q: adding VLAN 0 to HW filter on device bond2
[  509.452921][T10059] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  509.461221][T10053] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  509.493751][T10061] netlink: 'syz.3.1595': attribute type 10 has an invalid length.
[  509.496391][T10061] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1595'.
[  509.499438][T10061] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  509.557502][T10045] bond2: (slave gretap2): making interface the new active one
[  509.565914][T10068] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  509.580773][T10045] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  509.584136][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  512.298272][T10096] CIFS mount error: No usable UNC path provided in device string!
[  512.298272][T10096] 
[  512.301472][T10096] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  514.247595][T10106] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1608'.
[  514.804002][T10122] ptrace attach of "./syz-executor exec"[4044] was attempted by "./syz-executor exec"[10122]
[  515.400927][T10120] netlink: 'syz.6.1611': attribute type 1 has an invalid length.
[  515.741710][T10120] 8021q: adding VLAN 0 to HW filter on device bond3
[  516.713476][T10138] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  516.765744][T10120] bond3: (slave gretap2): making interface the new active one
[  516.781848][T10120] bond3: (slave gretap2): Enslaving as an active interface with an up link
[  516.816679][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  519.452299][T10158] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1621'.
[  519.536382][T10170] 9pnet: Insufficient options for proto=fd
[  520.664959][T10187] netlink: 'syz.1.1630': attribute type 1 has an invalid length.
[  520.686071][T10187] 8021q: adding VLAN 0 to HW filter on device bond3
[  521.584230][T10187] bond3: (slave gretap1): making interface the new active one
[  521.601308][T10187] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  521.616300][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  529.789138][T10276] sch_tbf: burst 7710 is lower than device lo mtu (11337746) !
[  529.806444][T10278] netlink: 'syz.2.1659': attribute type 12 has an invalid length.
[  531.472442][T10306] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1669'.
[  531.477937][T10306] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1669'.
[  531.707560][T10314] netlink: 'syz.2.1672': attribute type 12 has an invalid length.
[  537.728897][   T26] audit: type=1326 audit(3113.879:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  538.395391][   T26] audit: type=1326 audit(3113.879:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  538.456478][   T26] audit: type=1326 audit(3113.899:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=190 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  538.711385][   T26] audit: type=1326 audit(3113.899:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  540.750442][   T26] audit: type=1326 audit(3113.899:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  540.931194][   T26] audit: type=1326 audit(3113.899:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=191 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  540.937672][   T26] audit: type=1326 audit(3113.899:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  540.946205][   T26] audit: type=1326 audit(3113.899:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  540.952711][   T26] audit: type=1326 audit(3113.899:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  543.502661][   T26] audit: type=1326 audit(3113.899:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  543.509361][   T26] audit: type=1326 audit(3113.899:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  543.734209][   T26] audit: type=1326 audit(3113.899:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  543.740253][   T26] audit: type=1326 audit(3113.909:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  544.545705][   T26] audit: type=1326 audit(3113.909:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  544.551828][   T26] audit: type=1326 audit(3113.909:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=208 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  545.613734][   T26] audit: type=1326 audit(3113.909:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  545.619951][   T26] audit: type=1326 audit(3113.909:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10322 comm="syz.6.1674" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82f26ba8 code=0x7ffc0000
[  552.942476][T10440] delete_channel: no stack
[  560.939368][T10509] netlink: 'syz.5.1723': attribute type 12 has an invalid length.
[  561.154996][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  561.156796][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  566.513999][T10542] lo speed is unknown, defaulting to 1000
[  566.515861][T10542] lo speed is unknown, defaulting to 1000
[  566.517857][T10542] lo speed is unknown, defaulting to 1000
[  566.524685][T10542] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  569.223407][T10542] lo speed is unknown, defaulting to 1000
[  569.225896][T10542] lo speed is unknown, defaulting to 1000
[  569.228058][T10542] lo speed is unknown, defaulting to 1000
[  569.230274][T10542] lo speed is unknown, defaulting to 1000
[  569.232382][T10542] lo speed is unknown, defaulting to 1000
[  583.240010][T10670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1766'.
[  585.852798][T10677] siw: device registration error -23
[  591.902452][   T26] audit: type=1326 audit(3169.419:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  591.943441][   T26] audit: type=1326 audit(3169.419:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  591.996585][   T26] audit: type=1326 audit(3169.419:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=190 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  592.033488][   T26] audit: type=1326 audit(3169.419:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  592.074301][   T26] audit: type=1326 audit(3169.419:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  592.080487][   T26] audit: type=1326 audit(3169.419:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=191 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  592.248285][T10760] siw: device registration error -23
[  594.033837][   T26] audit: type=1326 audit(3169.419:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  594.040175][   T26] audit: type=1326 audit(3169.419:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  594.087591][   T26] audit: type=1326 audit(3169.419:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  595.379952][   T26] audit: type=1326 audit(3169.419:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10735 comm="syz.5.1787" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf516ba8 code=0x7ffc0000
[  595.878327][T10795] netlink: 'syz.5.1803': attribute type 12 has an invalid length.
[  613.135663][T10935] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1843'.
[  620.882299][T10997] netlink: 'syz.1.1860': attribute type 12 has an invalid length.
[  622.664160][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  622.665984][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  623.644567][T11014] delete_channel: no stack
[  624.959942][T11032] netlink: 'syz.5.1871': attribute type 12 has an invalid length.
[  625.268182][T11028] netlink: 'syz.1.1869': attribute type 1 has an invalid length.
[  626.264188][T11028] 8021q: adding VLAN 0 to HW filter on device bond4
[  627.066719][T11040] 8021q: adding VLAN 0 to HW filter on device bond4
[  627.072929][T11040] bond4: (slave vxcan1): The slave device specified does not support setting the MAC address
[  627.093162][T11040] bond4: (slave vxcan1): Error -22 calling dev_set_mtu
[  627.151196][T11038] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  627.153571][T11038] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  627.157861][T11038] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  627.160222][T11038] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  627.162428][T11038] device geneve2 entered promiscuous mode
[  627.194821][T11028] device gretap2 entered promiscuous mode
[  627.210033][T11028] bond4: (slave gretap2): making interface the new active one
[  627.225542][T11028] bond4: (slave gretap2): Enslaving as an active interface with an up link
[  627.242023][T11049] device macvlan2 entered promiscuous mode
[  627.253211][T11049] device bond4 entered promiscuous mode
[  627.256624][T11049] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  627.475235][T11049] bond4: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap2
[  628.225320][T11049] device bond4 left promiscuous mode
[  630.137099][T11094] delete_channel: no stack
[  631.267801][T11097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1885'.
[  651.573015][T11315] delete_channel: no stack
[  652.360842][T11334] netlink: 'syz.2.1951': attribute type 1 has an invalid length.
[  652.379498][T11334] 8021q: adding VLAN 0 to HW filter on device bond2
[  652.471526][T11334] 8021q: adding VLAN 0 to HW filter on device bond2
[  652.476579][T11334] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  652.492020][T11334] bond2: (slave vxcan3): Error -22 calling dev_set_mtu
[  652.538674][T11338] device gretap2 entered promiscuous mode
[  652.568915][T11338] bond2: (slave gretap2): making interface the new active one
[  652.571644][T11338] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  654.013851][T11334] device macvlan3 entered promiscuous mode
[  654.016476][T11334] device bond2 entered promiscuous mode
[  654.018381][T11334] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  654.193126][T11334] bond2: (slave macvlan3): the slave hw address is in use by the bond; giving it the hw address of gretap2
[  654.324131][T11334] device bond2 left promiscuous mode
[  655.871068][T11370] netlink: 'syz.6.1962': attribute type 12 has an invalid length.
[  656.729860][T11372] delete_channel: no stack
[  656.887098][T11376] netlink: 'syz.6.1974': attribute type 12 has an invalid length.
[  663.232951][T11428] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1979'.
[  671.557623][T11520] delete_channel: no stack
[  671.574310][T11520] delete_channel: no stack
[  684.054242][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  684.056134][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  689.241193][ T4159] Bluetooth: hci5: command 0x0409 tx timeout
[  689.276875][T11650] lo speed is unknown, defaulting to 1000
[  690.162759][ T7256] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.214704][T11650] chnl_net:caif_netlink_parms(): no params data found
[  690.247481][T11699] netlink: 'syz.6.2050': attribute type 12 has an invalid length.
[  690.877997][ T7256] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.898310][T11650] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.900590][T11650] bridge0: port 1(bridge_slave_0) entered disabled state
[  690.907936][T11650] device bridge_slave_0 entered promiscuous mode
[  690.920382][T11650] bridge0: port 2(bridge_slave_1) entered blocking state
[  690.928901][T11650] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.946901][T11650] device bridge_slave_1 entered promiscuous mode
[  690.969978][T11650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  690.974773][T11650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  691.005788][T11650] team0: Port device team_slave_0 added
[  691.012027][ T7256] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.029374][T11650] team0: Port device team_slave_1 added
[  691.059553][T11650] batman_adv: batadv0: Adding interface: batadv_slave_0
[  691.061590][T11650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  691.090001][T11650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  691.104453][ T7256] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.115140][T11650] batman_adv: batadv0: Adding interface: batadv_slave_1
[  691.117035][T11650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  691.127731][T11650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  692.101046][ T4518] Bluetooth: hci5: command 0x041b tx timeout
[  694.231958][ T4159] Bluetooth: hci5: command 0x040f tx timeout
[  694.242732][T11650] device hsr_slave_0 entered promiscuous mode
[  694.274483][T11650] device hsr_slave_1 entered promiscuous mode
[  694.277901][T11750] netlink: 'syz.5.2065': attribute type 12 has an invalid length.
[  695.005543][T11650] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  695.012375][T11650] Cannot create hsr debugfs directory
[  696.274245][ T4518] Bluetooth: hci5: command 0x0419 tx timeout
[  696.298598][T11792] netlink: 'syz.5.2077': attribute type 12 has an invalid length.
[  696.441992][T11650] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  696.470448][T11800] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2079'.
[  696.575905][T11650] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  697.905775][T11650] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  697.946756][T11650] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  699.193533][T11851] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2090'.
[  699.419181][T11650] 8021q: adding VLAN 0 to HW filter on device bond0
[  699.430989][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  699.433602][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  700.726546][T11650] 8021q: adding VLAN 0 to HW filter on device team0
[  701.784789][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  701.787754][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  701.790268][ T7243] bridge0: port 1(bridge_slave_0) entered blocking state
[  701.792257][ T7243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  701.797172][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  701.799966][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  701.802407][ T7243] bridge0: port 2(bridge_slave_1) entered blocking state
[  701.804412][ T7243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  701.807469][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  701.810477][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  701.939336][T11887] netlink: 'syz.6.2101': attribute type 12 has an invalid length.
[  702.074084][ T7256] bond4: (slave gretap2): Releasing active interface
[  703.246365][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  703.249158][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  703.252781][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  703.262952][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  703.286223][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  703.294621][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  703.302462][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  703.317017][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  703.324695][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  703.354607][T11650] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  703.482920][ T7243] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  705.203108][T11650] 8021q: adding VLAN 0 to HW filter on device batadv0
[  705.230008][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  705.232528][ T4197] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  708.843488][ T7256] bond0: (slave wlan1): Releasing backup interface
[  710.056582][ T7256] device hsr_slave_0 left promiscuous mode
[  711.224152][ T7256] device hsr_slave_1 left promiscuous mode
[  713.004983][ T7256] device veth0_vlan left promiscuous mode
[  713.024270][T12013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2133'.
[  713.890723][ T7256] bond5 (unregistering): Released all slaves
[  713.980886][ T7256] bond4 (unregistering): Released all slaves
[  714.026026][T12029] netlink: 'syz.5.2139': attribute type 12 has an invalid length.
[  714.117941][ T7256] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface
[  714.165016][ T7256] bond3 (unregistering): Released all slaves
[  716.037387][T12048] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2143'.
[  716.085208][ T7256] bond2 (unregistering): Released all slaves
[  716.115791][ T7256] bond1 (unregistering): Released all slaves
[  718.200627][T12076] netlink: 'syz.6.2151': attribute type 12 has an invalid length.
[  719.272887][ T7256] bond0 (unregistering): Released all slaves
[  720.833897][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  720.859476][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  720.871472][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  720.893237][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  721.124231][T11650] device veth0_vlan entered promiscuous mode
[  721.127088][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  722.546589][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  723.700120][T11650] device veth1_vlan entered promiscuous mode
[  723.831425][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  723.835481][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  723.845035][T11650] device veth0_macvtap entered promiscuous mode
[  723.849034][T12120] netlink: 'syz.5.2162': attribute type 12 has an invalid length.
[  723.887433][T11650] device veth1_macvtap entered promiscuous mode
[  723.940091][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  723.943116][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  723.966175][T11650] batman_adv: batadv0: Interface activated: batadv_slave_0
[  723.976654][T11650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  723.979588][T11650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  723.983275][T11650] batman_adv: batadv0: Interface activated: batadv_slave_1
[  724.011842][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  724.016427][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  724.019208][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  724.021966][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  724.041190][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  724.074847][T11650] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  724.077204][T11650] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  724.079541][T11650] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  724.081888][T11650] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  724.947122][ T4182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  724.949863][ T4182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  724.990935][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  725.006530][ T4182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.011854][ T4182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  725.023216][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  727.371846][T12179] netlink: 'syz.6.2175': attribute type 12 has an invalid length.
[  732.282692][T12233] netlink: 'syz.5.2187': attribute type 12 has an invalid length.
[  735.709490][T12294] netlink: 'syz.5.2202': attribute type 12 has an invalid length.
[  742.647380][T12426] loop7: detected capacity change from 0 to 512
[  742.886902][T12429] xt_limit: Overflow, try lower: 687865856/40
[  742.927302][T12426] EXT4-fs (loop7): Ignoring removed nobh option
[  742.929252][T12426] EXT4-fs (loop7): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  742.977683][T12426] EXT4-fs error (device loop7): ext4_orphan_get:1401: inode #15: comm syz.7.2232: iget: bad i_size value: 38620345925642
[  742.991319][T12426] EXT4-fs error (device loop7): ext4_orphan_get:1406: comm syz.7.2232: couldn't read orphan inode 15 (err -117)
[  743.012196][T12426] EXT4-fs (loop7): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,bsdgroups,,errors=continue. Quota mode: writeback.
[  743.656533][ T4182] EXT4-fs error (device loop7): ext4_validate_block_bitmap:429: comm kworker/u4:9: bg 0: block 5: invalid block bitmap
[  743.683751][ T4182] EXT4-fs (loop7): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 2048 with error 28
[  743.708750][ T4182] EXT4-fs (loop7): This should not happen!! Data will be lost
[  743.708750][ T4182] 
[  743.711627][ T4182] EXT4-fs (loop7): Total free blocks count 0
[  743.713342][ T4182] EXT4-fs (loop7): Free/Dirty block details
[  743.734040][ T4182] EXT4-fs (loop7): free_blocks=0
[  743.735681][ T4182] EXT4-fs (loop7): dirty_blocks=6368
[  743.737255][ T4182] EXT4-fs (loop7): Block reservation details
[  743.738891][ T4182] EXT4-fs (loop7): i_reserved_data_blocks=6368
[  743.846189][ T4182] EXT4-fs (loop7): Delayed block allocation failed for inode 19 at logical offset 2052 with max blocks 2048 with error 28
[  743.849792][ T4182] EXT4-fs (loop7): This should not happen!! Data will be lost
[  743.849792][ T4182] 
[  745.484282][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[  745.486135][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[  754.689150][T12629] loop7: detected capacity change from 0 to 764
[  755.732426][T12629] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  756.365213][T12643] loop7: detected capacity change from 0 to 64
[  760.953149][ T4180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  760.960216][ T4180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  761.282189][T12717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  762.581938][T12734] loop7: detected capacity change from 0 to 512
[  762.610666][T12734] EXT4-fs (loop7): Ignoring removed nobh option
[  762.684433][T12734] EXT4-fs (loop7): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  762.785004][T12734] EXT4-fs error (device loop7): ext4_orphan_get:1401: inode #15: comm syz.7.2310: iget: bad i_size value: 38620345925642
[  762.789011][T12734] EXT4-fs error (device loop7): ext4_orphan_get:1406: comm syz.7.2310: couldn't read orphan inode 15 (err -117)
[  762.793208][T12734] EXT4-fs (loop7): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,bsdgroups,,errors=continue. Quota mode: writeback.
[  765.090116][T12738] EXT4-fs error (device loop7): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  765.158810][ T4182] EXT4-fs (loop7): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 916 with error 28
[  765.162351][ T4182] EXT4-fs (loop7): This should not happen!! Data will be lost
[  765.162351][ T4182] 
[  765.192360][ T4182] EXT4-fs (loop7): Total free blocks count 0
[  765.212628][ T4182] EXT4-fs (loop7): Free/Dirty block details
[  765.214803][ T4182] EXT4-fs (loop7): free_blocks=0
[  765.216168][ T4182] EXT4-fs (loop7): dirty_blocks=916
[  765.222746][ T4182] EXT4-fs (loop7): Block reservation details
[  765.280063][ T4182] EXT4-fs (loop7): i_reserved_data_blocks=916
[  771.519976][T12887] loop7: detected capacity change from 0 to 1024
[  771.708272][T12887] EXT4-fs (loop7): Ignoring removed orlov option
[  771.710202][T12887] EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
[  771.784550][T12887] EXT4-fs (loop7): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  773.099473][T12927] ==================================================================
[  773.102268][T12927] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[  773.104236][T12927] Read of size 4 at addr ffff0000cdff0238 by task syz.7.2363/12927
[  773.106408][T12927] 
[  773.107100][T12927] CPU: 1 PID: 12927 Comm: syz.7.2363 Not tainted 5.15.186-syzkaller #0
[  773.109439][T12927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  773.112301][T12927] Call trace:
[  773.113252][T12927]  dump_backtrace+0x0/0x43c
[  773.114497][T12927]  show_stack+0x2c/0x3c
[  773.115664][T12927]  __dump_stack+0x30/0x40
[  773.116878][T12927]  dump_stack_lvl+0xf8/0x160
[  773.118107][T12927]  print_address_description+0x78/0x30c
[  773.119732][T12927]  kasan_report+0xec/0x15c
[  773.120933][T12927]  __asan_report_load4_noabort+0x44/0x50
[  773.122544][T12927]  ax25_fillin_cb+0x394/0x568
[  773.123834][T12927]  ax25_setsockopt+0x8d0/0xa5c
[  773.125140][T12927]  __sys_setsockopt+0x2f8/0x4b0
[  773.126527][T12927]  __arm64_sys_setsockopt+0xb8/0xd4
[  773.127960][T12927]  invoke_syscall+0x98/0x2b8
[  773.129281][T12927]  el0_svc_common+0x138/0x258
[  773.130629][T12927]  do_el0_svc+0x58/0x14c
[  773.131885][T12927]  el0_svc+0x78/0x1e0
[  773.133081][T12927]  el0t_64_sync_handler+0xcc/0xe4
[  773.134522][T12927]  el0t_64_sync+0x1a0/0x1a4
[  773.135770][T12927] 
[  773.136433][T12927] Allocated by task 4883:
[  773.137750][T12927]  __kasan_kmalloc+0xb0/0xf0
[  773.139045][T12927]  kmem_cache_alloc_trace+0x274/0x3fc
[  773.140604][T12927]  ax25_dev_device_up+0x5c/0x540
[  773.141949][T12927]  ax25_device_event+0x504/0x590
[  773.143341][T12927]  raw_notifier_call_chain+0xd4/0x164
[  773.144873][T12927]  __dev_notify_flags+0x250/0x46c
[  773.146220][T12927]  dev_change_flags+0xc8/0x154
[  773.147563][T12927]  dev_ifsioc+0x504/0xef4
[  773.148807][T12927]  dev_ioctl+0x4d0/0xc94
[  773.149966][T12927]  sock_do_ioctl+0x18c/0x240
[  773.151244][T12927]  sock_ioctl+0x5c8/0x87c
[  773.152429][T12927]  __arm64_sys_ioctl+0x14c/0x1c8
[  773.153903][T12927]  invoke_syscall+0x98/0x2b8
[  773.155213][T12927]  el0_svc_common+0x138/0x258
[  773.156494][T12927]  do_el0_svc+0x58/0x14c
[  773.157663][T12927]  el0_svc+0x78/0x1e0
[  773.158811][T12927]  el0t_64_sync_handler+0xcc/0xe4
[  773.160241][T12927]  el0t_64_sync+0x1a0/0x1a4
[  773.161507][T12927] 
[  773.162152][T12927] Freed by task 12718:
[  773.163256][T12927]  kasan_set_track+0x4c/0x84
[  773.164500][T12927]  kasan_set_free_info+0x28/0x4c
[  773.165880][T12927]  ____kasan_slab_free+0x118/0x164
[  773.167351][T12927]  __kasan_slab_free+0x18/0x28
[  773.168667][T12927]  slab_free_freelist_hook+0x128/0x1e8
[  773.170204][T12927]  kfree+0x170/0x40c
[  773.171285][T12927]  ax25_release+0x564/0x814
[  773.172535][T12927]  sock_close+0xb4/0x1f8
[  773.173704][T12927]  __fput+0x1c0/0x7f8
[  773.174855][T12927]  ____fput+0x20/0x30
[  773.175933][T12927]  task_work_run+0x12c/0x1e0
[  773.177258][T12927]  do_notify_resume+0x24b4/0x3128
[  773.178699][T12927]  el0_svc+0xf0/0x1e0
[  773.179782][T12927]  el0t_64_sync_handler+0xcc/0xe4
[  773.181177][T12927]  el0t_64_sync+0x1a0/0x1a4
[  773.182481][T12927] 
[  773.183151][T12927] Last potentially related work creation:
[  773.184777][T12927]  kasan_save_stack+0x38/0x68
[  773.186117][T12927]  kasan_record_aux_stack+0xcc/0x114
[  773.187559][T12927]  kvfree_call_rcu+0xb8/0x66c
[  773.188900][T12927]  drop_sysctl_table+0x274/0x39c
[  773.190301][T12927]  drop_sysctl_table+0x294/0x39c
[  773.191768][T12927]  unregister_sysctl_table+0x94/0x134
[  773.193248][T12927]  unregister_net_sysctl_table+0x20/0x30
[  773.194898][T12927]  mpls_dev_notify+0x5e0/0x738
[  773.196187][T12927]  raw_notifier_call_chain+0xd4/0x164
[  773.197771][T12927]  dev_change_name+0x540/0x7c0
[  773.199132][T12927]  do_setlink+0x818/0x3088
[  773.200391][T12927]  rtnl_newlink+0x10d0/0x1404
[  773.201702][T12927]  rtnetlink_rcv_msg+0x9d4/0xd04
[  773.203099][T12927]  netlink_rcv_skb+0x208/0x3c4
[  773.204454][T12927]  rtnetlink_rcv+0x28/0x38
[  773.205769][T12927]  netlink_unicast+0x60c/0x89c
[  773.207124][T12927]  netlink_sendmsg+0x6e8/0x9cc
[  773.208409][T12927]  __sys_sendto+0x2e8/0x3d8
[  773.209624][T12927]  __arm64_sys_sendto+0xd8/0xf8
[  773.210980][T12927]  invoke_syscall+0x98/0x2b8
[  773.212250][T12927]  el0_svc_common+0x138/0x258
[  773.213534][T12927]  do_el0_svc+0x58/0x14c
[  773.214730][T12927]  el0_svc+0x78/0x1e0
[  773.215805][T12927]  el0t_64_sync_handler+0xcc/0xe4
[  773.217209][T12927]  el0t_64_sync+0x1a0/0x1a4
[  773.218490][T12927] 
[  773.219110][T12927] Second to last potentially related work creation:
[  773.220898][T12927]  kasan_save_stack+0x38/0x68
[  773.222246][T12927]  kasan_record_aux_stack+0xcc/0x114
[  773.223744][T12927]  insert_work+0x64/0x388
[  773.224938][T12927]  __queue_work+0xb30/0x1054
[  773.226187][T12927]  queue_work_on+0xc4/0x17c
[  773.227397][T12927]  call_usermodehelper_exec+0x22c/0x478
[  773.228981][T12927]  kobject_uevent_env+0x670/0x888
[  773.230340][T12927]  kobject_uevent+0x2c/0x3c
[  773.231678][T12927]  driver_register+0x29c/0x374
[  773.233010][T12927]  usb_register_driver+0x1bc/0x390
[  773.234531][T12927]  rtl8152_driver_init+0x5c/0x74
[  773.235895][T12927]  do_one_initcall+0x228/0x8b0
[  773.237220][T12927]  do_initcall_level+0x154/0x214
[  773.238646][T12927]  do_initcalls+0x58/0xac
[  773.239882][T12927]  do_basic_setup+0x8c/0xa0
[  773.241172][T12927]  kernel_init_freeable+0x404/0x5fc
[  773.242628][T12927]  kernel_init+0x24/0x1d0
[  773.243899][T12927]  ret_from_fork+0x10/0x20
[  773.245101][T12927] 
[  773.245738][T12927] The buggy address belongs to the object at ffff0000cdff0200
[  773.245738][T12927]  which belongs to the cache kmalloc-256 of size 256
[  773.249720][T12927] The buggy address is located 56 bytes inside of
[  773.249720][T12927]  256-byte region [ffff0000cdff0200, ffff0000cdff0300)
[  773.253419][T12927] The buggy address belongs to the page:
[  773.255078][T12927] page:0000000052bde711 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dff0
[  773.257933][T12927] head:0000000052bde711 order:1 compound_mapcount:0
[  773.259753][T12927] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  773.262051][T12927] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[  773.264406][T12927] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  773.266903][T12927] page dumped because: kasan: bad access detected
[  773.268666][T12927] 
[  773.269284][T12927] Memory state around the buggy address:
[  773.270837][T12927]  ffff0000cdff0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  773.273231][T12927]  ffff0000cdff0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  773.275590][T12927] >ffff0000cdff0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  773.277877][T12927]                                         ^
[  773.279538][T12927]  ffff0000cdff0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  773.281803][T12927]  ffff0000cdff0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  773.284062][T12927] ==================================================================
[  773.286273][T12927] Disabling lock debugging due to kernel taint
[  773.338833][T12926] Unable to handle kernel paging request at virtual address 0060051c00003756
[  773.347262][T12926] Mem abort info:
[  773.349621][T12926]   ESR = 0x0000000096000021
[  773.352196][T12926]   EC = 0x25: DABT (current EL), IL = 32 bits
[  773.356193][T12926]   SET = 0, FnV = 0
[  773.358545][T12926]   EA = 0, S1PTW = 0
[  773.362054][T12926]   FSC = 0x21: alignment fault
[  773.364922][T12926] Data abort info:
[  773.367328][T12926]   ISV = 0, ISS = 0x00000021
[  773.369935][T12926]   CM = 0, WnR = 0
[  773.372206][T12926] [0060051c00003756] address between user and kernel address ranges
[  773.387602][T12926] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[  773.389545][T12926] Modules linked in:
[  773.390562][T12926] CPU: 1 PID: 12926 Comm: syz.7.2363 Tainted: G    B             5.15.186-syzkaller #0
[  773.393350][T12926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  773.396100][T12926] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  773.398246][T12926] pc : ax25_release+0x4f4/0x814
[  773.399647][T12926] lr : ax25_release+0x4ec/0x814
[  773.401034][T12926] sp : ffff80001f827a00
[  773.402201][T12926] x29: ffff80001f827a20 x28: dfff800000000000 x27: ffff0000c1ed8080
[  773.404398][T12926] x26: ffff0000dd9c6828 x25: ffff0000dd9c6831 x24: 00000000ffffffff
[  773.406617][T12926] x23: f360051c00003756 x22: ffff0000cdff0200 x21: ffff0000ea6ae018
[  773.408852][T12926] x20: ffff0000c1ed8000 x19: 1fffe0001bb38d05 x18: 0000000000000000
[  773.411108][T12926] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000004
[  773.413337][T12926] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[  773.415629][T12926] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff800010472234
[  773.417779][T12926] x8 : ffff0000d9ac0000 x7 : 0000000000000000 x6 : ffff80000837b9b0
[  773.420014][T12926] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800010472228
[  773.422241][T12926] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[  773.424467][T12926] Call trace:
[  773.425392][T12926]  ax25_release+0x4f4/0x814
[  773.426635][T12926]  sock_close+0xb4/0x1f8
[  773.427806][T12926]  __fput+0x1c0/0x7f8
[  773.428915][T12926]  ____fput+0x20/0x30
[  773.430034][T12926]  task_work_run+0x12c/0x1e0
[  773.431347][T12926]  do_notify_resume+0x24b4/0x3128
[  773.432774][T12926]  el0_svc+0xf0/0x1e0
[  773.433845][T12926]  el0t_64_sync_handler+0xcc/0xe4
[  773.435277][T12926]  el0t_64_sync+0x1a0/0x1a4
[  773.436552][T12926] Code: d503201f 9600200b 52800038 4b1803f8 (b87802f8) 
[  773.438466][T12926] ---[ end trace aea9aaf8d561a4f8 ]---
[  773.979801][T12926] Kernel panic - not syncing: Oops: Fatal exception
[  773.981753][T12926] SMP: stopping secondary CPUs
[  773.983166][T12926] Kernel Offset: disabled
[  773.984428][T12926] CPU features: 0x8,000081c1,21302e40
[  773.986003][T12926] Memory Limit: none
[  774.493619][T12926] Rebooting in 86400 seconds..