last executing test programs:

17m38.614819596s ago: executing program 32 (id=4):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x624, 0x0, 0xc8, 0x404, 0x1a8, 0x0, 0x55c, 0x55c, 0x55c, 0x55c, 0x55c, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xff], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@empty, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x11c, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xfd}}}, {{@uncond, 0x0, 0x11c, 0x158, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d4], 0x2, 0x8, 0x2}}, @common=@dst={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x680)
syz_open_dev$vbi(0x0, 0x0, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000040), 0x1001)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r4 = syz_open_procfs(0x0, &(0x7f0000000480)='pagemap\x00')
preadv(r4, &(0x7f0000000640)=[{&(0x7f0000000b00)=""/152, 0x98}, {&(0x7f0000000500)=""/189, 0x7fffef68}], 0x2, 0x300100, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000000'], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0xffffffffffffffff, 0x0, 0x0)

10m43.154575063s ago: executing program 4 (id=1078):
socket$netlink(0x10, 0x3, 0x14)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000380)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
shutdown(r3, 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="210000002a00070127bd7000003ad5a5d77c0000"], 0x14}, 0x1, 0x0, 0x0, 0x4c800}, 0x4040)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)

10m41.089480848s ago: executing program 4 (id=1086):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x7, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x6000}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8878}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004000}, 0x8000)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
ioctl$EVIOCGKEY(r3, 0x80404518, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000300)=0xa1)
r5 = socket(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)

10m36.972909108s ago: executing program 4 (id=1091):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_open_dev$vbi(0x0, 0x0, 0x2)
capset(0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='pagemap\x00')
preadv(r3, &(0x7f0000000640)=[{&(0x7f0000000b00)=""/152, 0x98}, {&(0x7f0000000500)=""/189, 0x7fffef68}], 0x2, 0x300100, 0x0)
r4 = add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r4, 0x0, 0x0)

10m35.169856049s ago: executing program 4 (id=1097):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0xffffffffffffffff, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x74)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x40)
socket(0xa, 0x3, 0x3a)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

10m33.386623577s ago: executing program 4 (id=1101):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x7, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x6000}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8878}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004000}, 0x8000)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
ioctl$EVIOCGKEY(r3, 0x80404518, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x1, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000300)=0xa1)
r5 = socket(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)

10m23.227111326s ago: executing program 4 (id=1116):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001640)=ANY=[@ANYBLOB="18000000000000000000000000000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff8500000004000000954759ed1fe2d1d95eb67b64bd614bf89df82316ea5cd4db3193a45b61961c7685e022d70760041e62896c735e971e35eaf1e5a331ae04ce6a1407c4acf7d493d0a39b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x0, r0}, 0x18)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b32125}, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\a\x00'/12, @ANYRES32, @ANYBLOB="f9c2a482189ab95e50ad7b8052c41a1c2c138c5f2b814cb6c5b7395380f09a8d907277923ec48bc1ab0900214efbe59de66b1eb651a3317043c2a35f", @ANYRES64=0x0], 0x20)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000340)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x8044)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x8000)
clock_gettime(0x3, &(0x7f0000000180))
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETSGCNT_IN6(r3, 0x89e1, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x32}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f00000000c0)={r1})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

10m8.149866708s ago: executing program 33 (id=1116):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001640)=ANY=[@ANYBLOB="18000000000000000000000000000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff8500000004000000954759ed1fe2d1d95eb67b64bd614bf89df82316ea5cd4db3193a45b61961c7685e022d70760041e62896c735e971e35eaf1e5a331ae04ce6a1407c4acf7d493d0a39b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x0, r0}, 0x18)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b32125}, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\a\x00'/12, @ANYRES32, @ANYBLOB="f9c2a482189ab95e50ad7b8052c41a1c2c138c5f2b814cb6c5b7395380f09a8d907277923ec48bc1ab0900214efbe59de66b1eb651a3317043c2a35f", @ANYRES64=0x0], 0x20)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000340)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x8044)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x8000)
clock_gettime(0x3, &(0x7f0000000180))
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETSGCNT_IN6(r3, 0x89e1, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x32}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f00000000c0)={r1})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

8m28.022519574s ago: executing program 2 (id=1348):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r1)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffb, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x6, 0x6, 0xd21, 0x101, 0x6, 0x5, 0xbd, 0x100, 0x4}}}}]}, 0x58}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x8, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000010}, 0x1c090)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000140)=@xdp={0x2c, 0x8, r10, 0x15}, 0x80, 0x0}, 0x44)

8m15.286614525s ago: executing program 2 (id=1370):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r3, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x4000000)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c00020008000100"], 0x3c}}, 0x0)
write$6lowpan_control(r0, &(0x7f0000000040)='disconnect aa:aa:aa:aa:aa:10 1', 0x1e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @sk_skb=0x4, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000480)=[{0x3, 0x4, 0xb, 0x5}, {0x1, 0x4, 0xb, 0x5}], 0x10, 0x3}, 0x94)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x6}, {0xfff1, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000009000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x166}, 0x48)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r4}, @IFLA_ADDRESS={0xa}]}, 0x48}}, 0x0)

8m11.830240843s ago: executing program 2 (id=1376):
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
setresgid(0x0, 0xee00, 0x0)
socket(0x10, 0x80002, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

8m10.719315659s ago: executing program 2 (id=1381):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x1, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x2, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x2, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x9, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

8m6.663227557s ago: executing program 2 (id=1388):
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
setresgid(0x0, 0xee00, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e140000001a00ffffba16a0aa1c091dbfa1090000", 0x38}], 0x1}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

8m4.487477301s ago: executing program 2 (id=1392):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000003b80)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001a00020000000800170003000000080013000000000008000300030000000800070000000200080002"], 0x5c}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000040000000001000000080001000000000004000480080002000100000024000880140007800800050000000c000580"], 0x4c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@gettfilter={0x24, 0x2e, 0x4, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0xe, 0xffe0}, {0xfff1, 0xfff3}, {0x9, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70a926, 0x25dfdc01, {0x0, 0x0, 0x0, r8, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x1, 0x7, 0x5}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000400008000000000000000008500000027000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fcffffff850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000340)=<r9=>0x0)
sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000380)=@nfc_llcp={0x27, r9, 0x0, 0x2, 0xfe, 0xee, "1e941bd58bd90a192b0d27fa74e378395c27a188c3faf0d07cc5ebbc974dda4b6ac27380eff9468c98304ea6c3fa4cac7e741c2ab17a72c4c59351c2dd464f", 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x1}], 0x200000000000011d}, 0xd0)
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00')
r11 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
open_by_handle_at(r10, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000000", @ANYRES64=r11], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000004c0)={0xa, &(0x7f0000000440)=[{0x0, 0x7, 0x2, 0x3f}, {0x6, 0x9c, 0xea, 0x8}, {0x0, 0x7, 0x0, 0x7}, {0x9, 0x55, 0x1, 0x6}, {0xf6, 0xfa, 0x1, 0x8}, {0x1d6, 0x1, 0x7f, 0xff}, {0x200, 0xff, 0xe2, 0xb}, {0x3319, 0x98, 0x5, 0x7}, {0x0, 0x4, 0xc, 0x9}, {0x2, 0x80, 0x40, 0x10001}]})
fsetxattr$trusted_overlay_opaque(r7, &(0x7f0000000140), &(0x7f0000000180), 0x2, 0x2)

7m51.699695179s ago: executing program 1 (id=1415):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xb9, &(0x7f0000000140)=""/185, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x137}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000400)=0xfffffffd, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48})
r6 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x64, 0x6, 0x5b4, 0xc8, 0x2e4, 0x2e4, 0x40c, 0x0, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'vlan0\x00', {}, {}, 0x6, 0x0, 0x0, 0x51}, 0x0, 0xc8, 0x104, 0x0, {}, [@common=@inet=@socket3={{0x24}, 0x4}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@local, @loopback, [], [], 'vlan0\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @inet=@rpfilter={{0x24}, {0x4}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x104, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d6], 0x4, 0xf, 0x3}}, @common=@frag={{0x30}, {[0x4, 0xb99], 0x5, 0x1, 0x1}}]}, @HL={0x24, 'HL\x00', 0x0, {0x3, 0x81}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xfc}, 0x3}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x610)
unshare(0x6a040000)
r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r7}, 0x14)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0})
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r9})
socket$can_j1939(0x1d, 0x2, 0x7)

7m49.973718758s ago: executing program 1 (id=1418):
r0 = syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r0)
syz_usb_connect$uac1(0x3, 0x79, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0xe41, 0x4249, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x67, 0x3, 0x1, 0x9, 0x10, 0x9, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x11}, [@extension_unit={0x7, 0x24, 0x8, 0x4, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x5, 0xf7, 0xd, {0x7, 0x25, 0x1, 0xc, 0x9, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3f7, 0x5, 0x9, 0x8, {0x7, 0x25, 0x1, 0x4, 0x6, 0x4}}}}}}}}]}}, 0x0)
fsopen(&(0x7f00000000c0)='anon_inodefs\x00', 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x40401, 0x0)
gettid()
timer_create(0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x5000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x2, 0x25000, 0x1})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7m46.988602288s ago: executing program 34 (id=1392):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000003b80)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001a00020000000800170003000000080013000000000008000300030000000800070000000200080002"], 0x5c}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000040000000001000000080001000000000004000480080002000100000024000880140007800800050000000c000580"], 0x4c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@gettfilter={0x24, 0x2e, 0x4, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0xe, 0xffe0}, {0xfff1, 0xfff3}, {0x9, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70a926, 0x25dfdc01, {0x0, 0x0, 0x0, r8, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x1, 0x7, 0x5}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000400008000000000000000008500000027000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fcffffff850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000340)=<r9=>0x0)
sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000380)=@nfc_llcp={0x27, r9, 0x0, 0x2, 0xfe, 0xee, "1e941bd58bd90a192b0d27fa74e378395c27a188c3faf0d07cc5ebbc974dda4b6ac27380eff9468c98304ea6c3fa4cac7e741c2ab17a72c4c59351c2dd464f", 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x1}], 0x200000000000011d}, 0xd0)
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00')
r11 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
open_by_handle_at(r10, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000000", @ANYRES64=r11], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000004c0)={0xa, &(0x7f0000000440)=[{0x0, 0x7, 0x2, 0x3f}, {0x6, 0x9c, 0xea, 0x8}, {0x0, 0x7, 0x0, 0x7}, {0x9, 0x55, 0x1, 0x6}, {0xf6, 0xfa, 0x1, 0x8}, {0x1d6, 0x1, 0x7f, 0xff}, {0x200, 0xff, 0xe2, 0xb}, {0x3319, 0x98, 0x5, 0x7}, {0x0, 0x4, 0xc, 0x9}, {0x2, 0x80, 0x40, 0x10001}]})
fsetxattr$trusted_overlay_opaque(r7, &(0x7f0000000140), &(0x7f0000000180), 0x2, 0x2)

7m45.30246208s ago: executing program 1 (id=1424):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0xd, 0x10, &(0x7f0000000000)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098}, 0x94)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x28)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r1, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0x51, 0x0}}, 0x10)

7m43.556150781s ago: executing program 1 (id=1426):
symlink(0x0, &(0x7f0000000000)='./file0\x00')
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil)
io_setup(0x2007, &(0x7f0000000980))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_open_dev$usbmon(0x0, 0xffffffffffffff3e, 0x2842)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='pagemap\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000180), 0x2000090, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

7m43.049398247s ago: executing program 1 (id=1429):
syz_emit_vhci(&(0x7f0000000900)=ANY=[@ANYBLOB], 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(r4, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)

7m39.984113629s ago: executing program 1 (id=1434):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x2000000000000013, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xb8, &(0x7f0000000140)=""/184, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
request_key(0x0, &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080), 0x0, 0xfffffffffffffffe)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000010c0)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

7m24.257356149s ago: executing program 35 (id=1434):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x2000000000000013, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xb8, &(0x7f0000000140)=""/184, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
request_key(0x0, &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080), 0x0, 0xfffffffffffffffe)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000010c0)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

5m29.490989494s ago: executing program 0 (id=1786):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)={@void, @void, @eth={@broadcast, @broadcast, @val={@val={0x88a8, 0x7, 0x1, 0x24}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x88a8, @udp={{0x5, 0x4, 0x2, 0x15, 0x5c, 0x61, 0x0, 0x84, 0x11, 0x0, @empty, @multicast1}, {0x4e22, 0x4e23, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "562d9ba90683726398023d5cc4caf439005d46e2e099bfb9", "eb835fb65c8b9ae493d4fb662704b8db08835fefb6a4d7ea9378cfc98b077903"}}}}}}}, 0x72)

5m28.390320138s ago: executing program 0 (id=1788):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=ANY=[@ANYBLOB="bc01000019000100fcffffff10000000ffffffff000000000000000000000000fc00000000000000000000000000000100000000ffff20000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000009000000000000000800000000000000000000000000000000000000000000000000000000000000010000000000000009000000000000008000000000000000000000010000000000000000000000000101000300000000040105007f000001000000000000000000000000000004d432000000000000007f00000100000000000000000000000000000000000302000000000000000000fcffffff7f000001000000000000000000000000fffffffc2b"], 0x1bc}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

5m28.060006183s ago: executing program 0 (id=1791):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xb9, &(0x7f0000000140)=""/185, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x137}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000400)=0xfffffffd, 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48})
r7 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x64, 0x6, 0x5b4, 0xc8, 0x2e4, 0x2e4, 0x40c, 0x0, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'vlan0\x00', {}, {}, 0x6, 0x0, 0x0, 0x51}, 0x0, 0xc8, 0x104, 0x0, {}, [@common=@inet=@socket3={{0x24}, 0x4}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@local, @loopback, [], [], 'vlan0\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @inet=@rpfilter={{0x24}, {0x4}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x104, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d6], 0x4, 0xf, 0x3}}, @common=@frag={{0x30}, {[0x4, 0xb99], 0x5, 0x1, 0x1}}]}, @HL={0x24, 'HL\x00', 0x0, {0x3, 0x81}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xfc}, 0x3}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x610)
unshare(0x6a040000)
r8 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r8}, 0x14)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0})
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r10})
socket$can_j1939(0x1d, 0x2, 0x7)

5m25.139421442s ago: executing program 0 (id=1795):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
socket$packet(0x11, 0x3, 0x300)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb62", 0x1c)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

5m24.021959558s ago: executing program 0 (id=1799):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x44004)

5m23.644316382s ago: executing program 0 (id=1804):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair(0x8, 0x5, 0x6, &(0x7f0000000040))
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xfffffff7, 0xee1a, 0x8, 0xc80, 0x8, 0x1, 0x80000001, 0x5, 0xe}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c840)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff3, 0xfff3}, {0x0, 0xfff3}, {0x2, 0x300}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x9, 0x5}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xc, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000039000000850000000400000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000d042abd7000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="b2000600410c04001c0012800ce131fea2b9067b3e744679449b00006d6163766c616e000c000280080007000500fcff130035006d6163766c616e3000000000000000001e7c1e41d1e9d072b639de7d8e57104a18e1bf40759a045a547e8371377d13750c3c2c210bb00b604cf415d0b84c6bfd6dc76c7fdc05d522357dc12e6c6fcaab556e98bf78df63"], 0x50}, 0x1, 0x0, 0x0, 0x400c844}, 0x0)

5m7.531895917s ago: executing program 36 (id=1804):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair(0x8, 0x5, 0x6, &(0x7f0000000040))
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xfffffff7, 0xee1a, 0x8, 0xc80, 0x8, 0x1, 0x80000001, 0x5, 0xe}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c840)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff3, 0xfff3}, {0x0, 0xfff3}, {0x2, 0x300}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x9, 0x5}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xc, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000039000000850000000400000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000d042abd7000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="b2000600410c04001c0012800ce131fea2b9067b3e744679449b00006d6163766c616e000c000280080007000500fcff130035006d6163766c616e3000000000000000001e7c1e41d1e9d072b639de7d8e57104a18e1bf40759a045a547e8371377d13750c3c2c210bb00b604cf415d0b84c6bfd6dc76c7fdc05d522357dc12e6c6fcaab556e98bf78df63"], 0x50}, 0x1, 0x0, 0x0, 0x400c844}, 0x0)

1m32.023170421s ago: executing program 6 (id=2789):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x1, &(0x7f0000000280)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000140)="be27a0fbbe4e95e0a6dce9ecc9694fb4", 0x10}])
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, 0x0, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001003c"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close_range(r3, 0xffffffffffffffff, 0x0)

1m30.902510259s ago: executing program 6 (id=2799):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000100014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f1", 0xcf}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)

1m29.75731792s ago: executing program 6 (id=2803):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xb9, &(0x7f0000000140)=""/185, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x137}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000400)=0xfffffffd, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48})
r7 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x64, 0x6, 0x5b4, 0xc8, 0x2e4, 0x2e4, 0x40c, 0x0, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'vlan0\x00', {}, {}, 0x6, 0x0, 0x0, 0x51}, 0x0, 0xc8, 0x104, 0x0, {}, [@common=@inet=@socket3={{0x24}, 0x4}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@local, @loopback, [], [], 'vlan0\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @inet=@rpfilter={{0x24}, {0x4}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x104, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d6], 0x4, 0xf, 0x3}}, @common=@frag={{0x30}, {[0x4, 0xb99], 0x5, 0x1, 0x1}}]}, @HL={0x24, 'HL\x00', 0x0, {0x3, 0x81}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xfc}, 0x3}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x610)
unshare(0x6a040000)
r8 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r8}, 0x14)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0})
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r10})
socket$can_j1939(0x1d, 0x2, 0x7)

1m26.663902288s ago: executing program 6 (id=2809):
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc)
socket(0x2, 0x80805, 0x0)
socket(0x2, 0x80805, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
close(0x3)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r1)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000014ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x4800)

1m26.333854073s ago: executing program 6 (id=2812):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x15, 0x0)

1m26.05518221s ago: executing program 6 (id=2815):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_open_procfs(0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590)
syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9eebf9", 0x14, 0x6, 0xff, @empty, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x1, 0x0, 0xffd}}}}}}}, 0x0)

1m10.038150139s ago: executing program 37 (id=2815):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_open_procfs(0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590)
syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9eebf9", 0x14, 0x6, 0xff, @empty, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x1, 0x0, 0xffd}}}}}}}, 0x0)

24.864713053s ago: executing program 8 (id=3061):
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)

23.949810116s ago: executing program 8 (id=3064):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4}, {}, {0x6, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0xc858}, 0x80)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x80)

23.539704914s ago: executing program 8 (id=3068):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x70bd29, 0x27dfdbff, {0x0, 0x0, 0x0, 0x0, 0x30409, 0x4140}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000090)

23.211661789s ago: executing program 8 (id=3071):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xb9, &(0x7f0000000140)=""/185, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x137}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000400)=0xfffffffd, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48})
r7 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x64, 0x6, 0x5b4, 0xc8, 0x2e4, 0x2e4, 0x40c, 0x0, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'vlan0\x00', {}, {}, 0x6, 0x0, 0x0, 0x51}, 0x0, 0xc8, 0x104, 0x0, {}, [@common=@inet=@socket3={{0x24}, 0x4}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@local, @loopback, [], [], 'vlan0\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @inet=@rpfilter={{0x24}, {0x4}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x104, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d6], 0x4, 0xf, 0x3}}, @common=@frag={{0x30}, {[0x4, 0xb99], 0x5, 0x1, 0x1}}]}, @HL={0x24, 'HL\x00', 0x0, {0x3, 0x81}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xfc}, 0x3}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x610)
unshare(0x6a040000)
r8 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r8}, 0x14)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0})
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r10})
socket$can_j1939(0x1d, 0x2, 0x7)

12.627378369s ago: executing program 9 (id=3104):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000003900), 0x34aa945a513d639, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")

9.095923029s ago: executing program 9 (id=3106):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x4c142, 0x0)
truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd)
sendfile(r0, r0, 0x0, 0xe3aa6ea)
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)

8.589800714s ago: executing program 9 (id=3108):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{0x0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f00000000c0)=0x7, 0x4)

8.489395001s ago: executing program 8 (id=3109):
r0 = socket$kcm(0x29, 0x5, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x8})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
recvmsg(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x12000)

7.453602224s ago: executing program 9 (id=3115):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x4c142, 0x0)
truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd)
sendfile(r0, r0, 0x0, 0xe3aa6ea)
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)

5.225277247s ago: executing program 8 (id=3119):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xb9, &(0x7f0000000140)=""/185, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x137}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000400)=0xfffffffd, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48})
r7 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x64, 0x6, 0x5b4, 0xc8, 0x2e4, 0x2e4, 0x40c, 0x0, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'vlan0\x00', {}, {}, 0x6, 0x0, 0x0, 0x51}, 0x0, 0xc8, 0x104, 0x0, {}, [@common=@inet=@socket3={{0x24}, 0x4}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@local, @loopback, [], [], 'vlan0\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @inet=@rpfilter={{0x24}, {0x4}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x104, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d6], 0x4, 0xf, 0x3}}, @common=@frag={{0x30}, {[0x4, 0xb99], 0x5, 0x1, 0x1}}]}, @HL={0x24, 'HL\x00', 0x0, {0x3, 0x81}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xfc}, 0x3}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x610)
unshare(0x6a040000)
r8 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r8}, 0x14)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0})
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000240)={@mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86020086, r10})
socket$can_j1939(0x1d, 0x2, 0x7)

4.125268251s ago: executing program 7 (id=3122):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c085)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000040)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00010006080c00bdad01409bbc7a46e39a8285dcdf12176679df069163ce955fed0009d78f0a947ee2b49e", 0x78}], 0x1}, 0xff0f000020000080)

3.115284029s ago: executing program 5 (id=3123):
r0 = io_uring_setup(0x136a, &(0x7f0000000080)={0x0, 0x1f8a, 0x0, 0x3, 0x28c})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = syz_clone3(&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r5, 0x84, 0x10, 0x0, &(0x7f0000000040))
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
readv(r7, &(0x7f00000013c0)=[{&(0x7f0000001300)=""/35, 0x23}, {0x0, 0x36}], 0x2)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000001300050000000000feffffff07000000", @ANYRES32=r8, @ANYBLOB="003000000000000014001a80100004800c000980"], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0)
r9 = syz_pidfd_open(r4, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r9, 0xff02)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r10, &(0x7f0000001400), 0x0, 0xc8d0, &(0x7f0000002400)={0x11, 0x19, r8, 0x1, 0x5, 0x6, @remote}, 0x14)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r11, 0x6, 0x21, &(0x7f0000000100)=""/188, &(0x7f00000001c0)=0xbc)
close_range(r0, 0xffffffffffffffff, 0x0)

2.868503251s ago: executing program 7 (id=3124):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, 0x0, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f00000000c0)=0x7, 0x4)

2.739103452s ago: executing program 5 (id=3125):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

2.281611959s ago: executing program 5 (id=3127):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x200000, &(0x7f0000000180), 0x3, 0x566, &(0x7f00000015c0)="$eJzs3V9rW+UfAPDvSdv9//3WwRjqhRR24WQuXVv/TBA2L0WHA72foc3KaLqMJh1rHWy7cDfeyBBEHIgvwHsvh2/AVyHoYMgoeuFN5aQnW9YkTZtlNvN8PnC25znnpN/z5DnPk+/JSUgAuTWR/lOIeDkivkoiDrdsG41s48TGfmuPbsymSxLr65/8kUSSrWvun2T/H8wqL0XEz19EnCy0x62trC6UKpXyUlafrC9enaytrJ66vFiaL8+Xr0zPzJx5a2b63XfeHlhbX7/w17cf3//gzJfH17758cGRu0mci0PZttZ2PINbrZWJmMiek7E4t2nHqQEEGyZJrx06nAPsvpFsnI9FOgccjpFs1AP/fTcjYh3IqcT4h5xq5gHNa/sBXQe/MB6+v3EB1N7+0Y33RmJf49rowFry1JVRer07PoD4aYyffr93N12ix/sQNwcQD6Dp1u2IOD062j7/Jdn817/T23jXb3OMvL3+wG66n+Y/b3TKfwqP85/okP8c7DB2+9F7/BceDCBMV2n+917H/Pfx1DU+ktX+18j5xpJLlyvl0xHx/4g4EWN703q/93Na8790SeM3c8HsOB6M7n36MXOleqnPcG0e3o545Un+m0Tb/L+vketu7v/0+biwzRjHyvde7batd/tbDT4DXv8h4rWO/f/kjlay9f3Jycb5MNk8K9r9eefYL93i76z9g5f2/4Gt2z+etN6vre08xvf7/i5329bv+b8n+bRR3pOtu16q15emIvYkH7Wvn37y2Ga9uX/a/hPHt57/Op3/+yPis222/87R7mnQMPT/3I76f+eFXz/8/Ltu8bfX/282SieyNduZ/7Z7gM/y3AEAAAAAAMCwKUTEoUgKxcflQqFY3Ph8x9E4UKhUa/WTl6rLV+ai8V3Z8RgrNO90H275PMRU9nnYZn16U30mIo5ExNcj+xv14my1MrfbjQcAAAAAAAAAAAAAAAAAAIAhcbDL9/9Tv43s9tEBz52f/Ib86jn+B/FLT8BQ8voP+WX8Q34Z/5Bfxj/kl/EP+WX8Q34Z/5Bfxj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAM1IXz59Nlfe3Rjdm0PndtZXmheu3UXLm2UFxcni3OVpeuFuer1flKuThbXez19yrV6tWp6Vi+Plkv1+qTtZXVi4vV5Sv1i5cXS/Pli+Wxf6VVAAAAAAAAAAAAAAAAAAAA8GKprawulCqV8pJC18LZGIrD6LuQ9Orls9nJ0FeI0d1voMJzKOzyxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALf4JAAD//5CPL9Y=")
r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0x20)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x9000)
fallocate(r0, 0x0, 0x0, 0x8800000)
r1 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000d80), 0x36f, 0x20102, 0x0)

2.133416803s ago: executing program 3 (id=3128):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)

2.050956987s ago: executing program 9 (id=3129):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000700)={r2}, &(0x7f0000000800)=0x8)

1.788047481s ago: executing program 3 (id=3130):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x1, &(0x7f0000000280)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000140)="be27a0fbbe4e95e0a6dce9ecc9694fb4", 0x10}])
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001003c"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close_range(r3, 0xffffffffffffffff, 0x0)

1.787798271s ago: executing program 7 (id=3131):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4000000000000002, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1.687815838s ago: executing program 9 (id=3132):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x6, 0x8, 0x8, 0x40}, 0x50)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000080), 0x12)

1.421552463s ago: executing program 7 (id=3133):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.312049501s ago: executing program 7 (id=3134):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
syz_open_procfs(0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2001, 0x0)
read(r3, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001040)={<r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x89a2, &(0x7f0000000040)={'veth0_macvtap\x00', @random="1c0000000002"})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, 0x0, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r3, 0x6, 0x2, &(0x7f00000001c0), &(0x7f0000000240)=0x6)
r6 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c)
fdatasync(0xffffffffffffffff)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff, 0x0, 0x2400c840}, 0x4000850)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x8000000)

1.176038504s ago: executing program 5 (id=3135):
r0 = io_uring_setup(0x136a, &(0x7f0000000080)={0x0, 0x1f8a, 0x0, 0x3, 0x28c})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = syz_clone3(&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r5, 0x84, 0x10, 0x0, &(0x7f0000000040))
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
readv(r7, &(0x7f00000013c0)=[{&(0x7f0000001300)=""/35, 0x23}, {0x0, 0x36}], 0x2)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000001300050000000000feffffff07000000", @ANYRES32=r8, @ANYBLOB="003000000000000014001a80100004800c000980"], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0)
r9 = syz_pidfd_open(r4, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r9, 0xff02)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r10, &(0x7f0000001400), 0x0, 0xc8d0, &(0x7f0000002400)={0x11, 0x19, r8, 0x1, 0x5, 0x6, @remote}, 0x14)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r11, 0x6, 0x21, &(0x7f0000000100)=""/188, &(0x7f00000001c0)=0xbc)
close_range(r0, 0xffffffffffffffff, 0x0)

915.429447ms ago: executing program 7 (id=3136):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000000)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x2, 0x86b}})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xee}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000180)={0x2, 0x0, [{0x8, 0x5, 0x0, 0x0, @irqchip={0x81c, 0x4}}, {0xfffffffb, 0x3, 0x1, 0x0, @irqchip={0x6, 0x7f}}]})
mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)='A', 0x1}], 0x1}, 0x400c0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000280000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4308123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dc8aff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798ab20000000bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d2000000000000000819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba84279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5603a9d801300000000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9060000006a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d535556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba0790ee0d112f99e59ba82e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee52303da186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c44500f8ffff970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c1b04e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305977eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f87204311327c18380fedf3d3dad8549f99bf6c5cb060fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce1060f3e6806e774a5f079c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae794286b6c3e1f5a76b85ed6e1f0000c608b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1951393352bc756f3fcaad2c1c399a3e43eaaeca70db90f2fa395964434476719334482eb5424c81814079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fbdd351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2dff78ce9308c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416f80ba17d21d53961471b2d2d459e4bb23230d676ca49633b25e26a322024beb7c3427da59f7daa70a5d44a0eb895f29245df6401295d3da939954e126a3be932f47fe61ef1bfe83086651af7e23c2a8fa702b9aaa65aa3edaaa6b3f5a0c7cdfd008c898d73bb97168ca390ef539800000000000077a5ad1e683aeff92bb0b66b33ed878df1e344b99450086c819bf174578705c049d2fb25a91ba04643cde1a3c391d8646e5249dbf28b13b1c4d5127f685ee0c0576bf74e17cd3b4df4eb7095e504e361689572b0f93ff1dc6f52e8728a03e5a4df80a32c6055df8f4f4152c0bf4d793b20ac2cfa907b5af80716118f82027d3e4cb096fe86de545008b85cb9b637bca30d765b0c3ad489db32955454dcfe000000002830e5e125322d2f5829040a91405bf2fe5bf14833fd7b1e72c775f267bc45"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000040)="2b1c52ac82e71ea05b0c5e43ede4", 0x0, 0xb20c, 0x0, 0x0, 0xc0, 0x0, &(0x7f0000001200)="4c4228369f88e91870041ef4c8baa41449dc6ad5553764e898ddee1dfbb587ef4e6854a6bea12aecd99ac5dd4e39745d195df155a8628b7483b791d4de8609a893ccfbe9dc5c2ed555df193d92968b81da97fe3f0f220dd48b29c98152d9ecb2bb68cbf0bfe454a10e0adf453bd021ba3b502665c757d209f1fa9daa8979aa1fc22684d52bba1cd3c5946a6ea16b40f3bf8cc0134fb55a63817f6bac437682ed4c30147c2d86997f970ba094a19b0de4904bf83ff6fc3f0e46aba38692387ce1", 0x4}, 0x4c)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000665000/0x2000)=nil, 0x400000, 0x0, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
write$sysctl(r4, &(0x7f0000000580)='1\x00', 0x2)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12011900000000406a0563000000000000010902"], 0x0)
write$sysctl(r4, &(0x7f00000000c0)='2\x00', 0x2)

784.883329ms ago: executing program 5 (id=3137):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

717.16561ms ago: executing program 3 (id=3138):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, '`'}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc0}}, 0x0)

452.734765ms ago: executing program 3 (id=3139):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, 0x0, 0x0)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xd}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000540)='~', 0x1}], 0x1)
close(0x3)

445.017396ms ago: executing program 5 (id=3140):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
r4 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffbffff, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x1}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x10)

258.813137ms ago: executing program 3 (id=3141):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0x0, 0x0}, 0x10)

0s ago: executing program 3 (id=3142):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, 0x0, 0x0)
setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f00000000c0)=0x7, 0x4)

kernel console output (not intermixed with test programs):

ce, different from the descriptor's value: 9
[  791.419751][ T8997] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  791.458488][ T8997] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[  791.491637][ T8997] usb 7-1: config 0 interface 0 has no altsetting 0
[  791.528449][ T8997] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  791.547891][ T8997] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  791.566190][ T8997] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[  791.615548][ T8997] usb 7-1: config 0 interface 0 has no altsetting 0
[  791.653533][ T8997] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  791.662644][ T8997] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  791.753120][ T8997] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[  791.787761][ T8997] usb 7-1: config 0 interface 0 has no altsetting 0
[  791.853769][ T8997] usb 7-1: unable to read config index 7 descriptor/start: -71
[  791.883553][ T8997] usb 7-1: can't read configurations, error -71
[  791.890758][T11182] device syzkaller0 entered promiscuous mode
[  792.815319][T10045] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  793.024246][T10045] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  793.047079][T10045] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.072535][T10045] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  793.092743][T10045] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  793.126103][T10045] usb 6-1: Manufacturer: syz
[  793.172048][T10045] usb 6-1: config 0 descriptor??
[  793.494706][T11222] overlayfs: failed to clone upperpath
[  797.008280][T10045] uclogic 0003:256C:006D.0006: v1 frame probing failed: -71
[  797.016483][T10045] uclogic 0003:256C:006D.0006: failed probing parameters: -71
[  797.198923][T10045] uclogic: probe of 0003:256C:006D.0006 failed with error -71
[  797.220881][T10045] usb 6-1: USB disconnect, device number 30
[  798.594637][T11207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1683'.
[  798.605047][T11226] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1690'.
[  798.711581][T11239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1694'.
[  800.475471][T11285] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1705'.
[  804.084693][ T4562] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  804.155531][ T4562] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  804.301398][T11313] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1715'.
[  805.153084][T11310] fido_id[11310]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  805.759303][T11339] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1725'.
[  806.053725][   T26] usb 9-1: new full-speed USB device number 6 using dummy_hcd
[  806.247095][   T26] usb 9-1: unable to get BOS descriptor or descriptor too short
[  806.326539][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1731'.
[  806.335777][T10179] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  807.044076][T10179] usb 6-1: Using ep0 maxpacket: 32
[  807.077912][   T26] usb 9-1: not running at top speed; connect to a high speed hub
[  807.087206][   T26] usb 9-1: config 1 interface 0 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[  807.107532][   T26] usb 9-1: config 1 interface 0 altsetting 7 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  807.112759][T10179] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  807.133733][   T26] usb 9-1: config 1 interface 0 has no altsetting 0
[  807.147840][   T26] usb 9-1: language id specifier not provided by device, defaulting to English
[  807.159023][   T26] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  807.168399][   T26] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  807.176644][   T26] usb 9-1: Product: syz
[  807.181042][   T26] usb 9-1: Manufacturer: syz
[  807.185789][   T26] usb 9-1: SerialNumber: syz
[  807.194081][T11348] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  807.238686][T10179] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  807.318059][T10179] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  807.371179][T10179] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  807.403466][T10179] usb 6-1: Product: syz
[  807.407727][T10179] usb 6-1: Manufacturer: syz
[  807.420537][   T26] cdc_ether: probe of 9-1:1.0 failed with error -22
[  807.451396][T10179] hub 6-1:4.0: USB hub found
[  807.452683][   T26] usb 9-1: USB disconnect, device number 6
[  807.688748][T10179] hub 6-1:4.0: 9 ports detected
[  807.698485][T10179] hub 6-1:4.0: insufficient power available to use all downstream ports
[  808.099951][T10179] hub 6-1:4.0: set hub depth failed
[  808.124170][T10179] usb 6-1: USB disconnect, device number 31
[  808.175757][T11396] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1740'.
[  808.728937][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  809.320426][T11424] device syzkaller0 entered promiscuous mode
[  809.434795][T11421] 9pnet_virtio: no channels available for device syz
[  809.493432][T11421] netlink: 'syz.6.1744': attribute type 10 has an invalid length.
[  809.567318][T11430] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  810.328607][T11447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1755'.
[  810.648419][T11459] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1756'.
[  810.662896][T11459] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1756'.
[  813.387527][T11476] device syzkaller0 entered promiscuous mode
[  814.113446][ T4397] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  814.240613][T11499] netlink: 'syz.6.1766': attribute type 10 has an invalid length.
[  814.283774][T11499] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1766'.
[  814.293220][T11499] device dummy0 entered promiscuous mode
[  814.334978][T11499] bridge0: port 3(dummy0) entered blocking state
[  814.368974][T11499] bridge0: port 3(dummy0) entered disabled state
[  814.376279][ T4397] usb 6-1: Using ep0 maxpacket: 32
[  814.398446][ T4397] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  814.409339][T11499] bridge0: port 3(dummy0) entered blocking state
[  814.415875][T11499] bridge0: port 3(dummy0) entered forwarding state
[  814.422737][ T4397] usb 6-1: config 0 has no interface number 0
[  814.443010][ T4397] usb 6-1: config 0 interface 184 has no altsetting 0
[  814.452320][ T4397] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  814.481911][ T4397] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  814.502144][ T4397] usb 6-1: Product: syz
[  814.520554][ T4397] usb 6-1: Manufacturer: syz
[  814.530670][ T4397] usb 6-1: SerialNumber: syz
[  814.554951][ T4397] usb 6-1: config 0 descriptor??
[  814.572781][ T4397] smsc75xx v1.0.0
[  815.332299][ T4397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  815.597249][ T4397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  815.608037][T11512] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1771'.
[  816.654520][ T4278] Bluetooth: hci0: command 0x0406 tx timeout
[  818.327763][ T4397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71
[  818.719411][ T4397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71
[  818.780874][ T4397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address
[  818.811748][ T4397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  818.868014][ T4397] smsc75xx: probe of 6-1:0.184 failed with error -71
[  819.033553][ T4397] usb 6-1: USB disconnect, device number 32
[  820.488852][T11540] tipc: Started in network mode
[  820.493819][T11540] tipc: Node identity 4, cluster identity 4711
[  820.500028][T11540] tipc: Node number set to 4
[  820.766364][T11547] netlink: 65039 bytes leftover after parsing attributes in process `syz.6.1781'.
[  822.183605][ T4397] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  822.383505][ T4397] usb 9-1: Using ep0 maxpacket: 32
[  822.404886][ T4397] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  822.443459][ T4397] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  822.471754][ T4397] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  822.493497][ T4397] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  822.521369][ T4397] usb 9-1: config 0 descriptor??
[  822.554596][ T4397] hub 9-1:0.0: USB hub found
[  822.748093][ T4397] hub 9-1:0.0: 1 port detected
[  822.891695][T11568] loop6: detected capacity change from 0 to 1024
[  822.917940][T11568] EXT4-fs: inline encryption not supported
[  822.964867][ T4397] hub 9-1:0.0: hub_hub_status failed (err = -71)
[  822.971572][ T4397] hub 9-1:0.0: config failed, can't get hub status (err -71)
[  823.035360][ T4397] usbhid 9-1:0.0: can't add hid device: -71
[  823.063571][ T4397] usbhid: probe of 9-1:0.0 failed with error -71
[  823.087320][T11568] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  823.148201][T11568] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  823.164171][ T4397] usb 9-1: USB disconnect, device number 7
[  823.272675][T11568] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.1787: bg 0: block 112: padding at end of block bitmap is not set
[  823.488176][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  827.897694][T11604] netlink: 'syz.7.1798': attribute type 4 has an invalid length.
[  827.972191][T11604] netlink: 152 bytes leftover after parsing attributes in process `syz.7.1798'.
[  828.057054][T11611] netlink: 'syz.5.1801': attribute type 29 has an invalid length.
[  828.203030][T11611] netlink: 'syz.5.1801': attribute type 29 has an invalid length.
[  828.243713][T11612] netlink: 'syz.5.1801': attribute type 29 has an invalid length.
[  828.914421][T11626] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1807'.
[  829.417074][T11640] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1804'.
[  829.450216][T11640] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1804'.
[  831.283648][ T4278] Bluetooth: hci1: command 0x0406 tx timeout
[  832.127898][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1813'.
[  832.205173][T11665] Cannot find add_set index 0 as target
[  832.216158][   T27] audit: type=1326 audit(1776373032.666:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  832.827413][   T27] audit: type=1326 audit(1776373032.666:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  833.001342][   T27] audit: type=1326 audit(1776373032.666:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  833.116789][   T27] audit: type=1326 audit(1776373032.666:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  834.153931][   T27] audit: type=1326 audit(1776373032.666:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  835.888665][   T27] audit: type=1326 audit(1776373032.716:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f581439c582 code=0x7ffc0000
[  836.858136][T11679] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1817'.
[  836.994902][   T27] audit: type=1326 audit(1776373032.716:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f581439c582 code=0x7ffc0000
[  837.043732][   T27] audit: type=1326 audit(1776373032.726:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  837.532013][   T27] audit: type=1326 audit(1776373032.726:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f581439c582 code=0x7ffc0000
[  837.555690][   T27] audit: type=1326 audit(1776373032.726:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f581439c617 code=0x7ffc0000
[  837.607181][   T27] audit: type=1326 audit(1776373032.726:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f5814359511 code=0x7ffc0000
[  837.673646][   T27] audit: type=1326 audit(1776373032.726:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f581439d609 code=0x7ffc0000
[  837.800266][T11698] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1820'.
[  837.873118][   T27] audit: type=1326 audit(1776373032.726:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f581435957b code=0x7ffc0000
[  838.004361][   T27] audit: type=1326 audit(1776373032.726:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  838.343762][   T27] audit: type=1326 audit(1776373032.726:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581439c819 code=0x7ffc0000
[  838.413439][   T27] audit: type=1326 audit(1776373032.726:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f5814358c6c code=0x7ffc0000
[  838.488484][   T27] audit: type=1326 audit(1776373032.726:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f5814358cce code=0x7ffc0000
[  838.582143][   T27] audit: type=1326 audit(1776373032.726:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11656 comm="syz.7.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f581439c4ab code=0x7ffc0000
[  838.827127][T11720] loop5: detected capacity change from 0 to 128
[  838.839924][T11721] netlink: 'syz.6.1826': attribute type 1 has an invalid length.
[  838.867906][T11721] netlink: 'syz.6.1826': attribute type 2 has an invalid length.
[  838.979998][T11721] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1826'.
[  839.701818][T11729] IPv6: NLM_F_CREATE should be specified when creating new route
[  839.740682][T11732] netlink: 'syz.8.1830': attribute type 1 has an invalid length.
[  839.861372][T11732] 8021q: adding VLAN 0 to HW filter on device bond1
[  839.981393][T11732] bond1: (slave batadv1): Error -99 calling set_mac_address
[  840.267826][T11744] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1833'.
[  841.351077][T11751] loop8: detected capacity change from 0 to 512
[  841.390932][T11751] EXT4-fs: Ignoring removed i_version option
[  841.437005][T11751] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  841.507965][T11751] EXT4-fs (loop8): corrupt root inode, run e2fsck
[  841.597742][T11751] EXT4-fs (loop8): mount failed
[  841.744375][T11759] netlink: 'syz.8.1839': attribute type 1 has an invalid length.
[  841.773453][T11759] netlink: 'syz.8.1839': attribute type 2 has an invalid length.
[  841.872800][T11759] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1839'.
[  842.056424][T11767] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  844.622101][T11787] device wg1 entered promiscuous mode
[  844.953181][T11794] netlink: 'syz.6.1853': attribute type 1 has an invalid length.
[  844.983161][T11794] netlink: 'syz.6.1853': attribute type 2 has an invalid length.
[  845.033150][T11794] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1853'.
[  846.222800][T11811] netlink: 'syz.6.1857': attribute type 1 has an invalid length.
[  846.361151][T11811] 8021q: adding VLAN 0 to HW filter on device bond3
[  846.396106][T11819] bond3: (slave batadv1): Error -99 calling set_mac_address
[  847.327604][ T4285] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  847.364083][ T4285] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  847.373874][ T4285] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  847.393959][ T4285] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  847.402913][ T4285] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  847.410588][ T4285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  847.774831][T11836] autofs4:pid:11836:autofs_fill_super: called with bogus options
[  848.131523][T11823] chnl_net:caif_netlink_parms(): no params data found
[  848.311097][T11852] netlink: 'syz.7.1871': attribute type 1 has an invalid length.
[  848.371045][T11852] 8021q: adding VLAN 0 to HW filter on device bond4
[  848.392283][T11855] bond4: (slave batadv1): Error -99 calling set_mac_address
[  849.444812][ T4278] Bluetooth: hci3: command 0x0409 tx timeout
[  849.900063][T11823] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.907682][T11823] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.916320][T11823] device bridge_slave_0 entered promiscuous mode
[  849.925491][T11823] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.932626][T11823] bridge0: port 2(bridge_slave_1) entered disabled state
[  850.015951][T11823] device bridge_slave_1 entered promiscuous mode
[  850.161985][T11823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  850.228360][T11868] loop8: detected capacity change from 0 to 1024
[  850.235662][T11823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  850.266674][ T2939] tipc: Left network mode
[  850.360468][T11868] EXT4-fs: Ignoring removed bh option
[  850.396830][T11868] EXT4-fs: inline encryption not supported
[  850.470618][T11868] EXT4-fs (loop8): too many log groups per flexible block group
[  850.483979][T11868] EXT4-fs (loop8): failed to initialize mballoc (-12)
[  850.490938][T11868] EXT4-fs (loop8): mount failed
[  850.583200][T11823] team0: Port device team_slave_0 added
[  850.617857][T11823] team0: Port device team_slave_1 added
[  850.857789][T11823] batman_adv: batadv0: Adding interface: batadv_slave_0
[  850.903681][T11823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  851.028340][T11823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  851.091946][T11888] loop6: detected capacity change from 0 to 4096
[  851.177583][T11823] batman_adv: batadv0: Adding interface: batadv_slave_1
[  851.198510][T11823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  851.250261][T11888] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  851.283921][T11823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  851.384415][   T27] kauditd_printk_skb: 34 callbacks suppressed
[  851.384434][   T27] audit: type=1800 audit(1776373051.906:54): pid=11888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1880" name="file1" dev="loop6" ino=15 res=0 errno=0
[  851.450721][T11899] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.1880: corrupted inode contents
[  851.473726][T11886] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1879'.
[  851.508977][T11899] EXT4-fs error (device loop6): ext4_dirty_inode:6156: inode #15: comm syz.6.1880: mark_inode_dirty error
[  851.523756][ T4278] Bluetooth: hci3: command 0x041b tx timeout
[  851.586832][T11899] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.1880: corrupted inode contents
[  851.616322][T11899] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #15: comm syz.6.1880: mark_inode_dirty error
[  851.637048][T11899] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.1880: corrupted inode contents
[  851.677285][T11899] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #15: comm syz.6.1880: mark_inode_dirty error
[  851.710444][T11823] device hsr_slave_0 entered promiscuous mode
[  851.747477][T11899] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.1880: corrupted inode contents
[  851.792943][T11899] EXT4-fs error (device loop6): ext4_truncate:4325: inode #15: comm syz.6.1880: mark_inode_dirty error
[  851.819324][T11823] device hsr_slave_1 entered promiscuous mode
[  852.574329][T11823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  852.582066][T11823] Cannot create hsr debugfs directory
[  852.613455][T11899] EXT4-fs error (device loop6) in ext4_setattr:5695: Corrupt filesystem
[  852.745915][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  853.603621][ T4278] Bluetooth: hci3: command 0x040f tx timeout
[  854.375960][T11932] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1892'.
[  855.334171][ T2939] device hsr_slave_0 left promiscuous mode
[  855.439148][ T2939] device hsr_slave_1 left promiscuous mode
[  855.492546][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_0
[  855.500963][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_1
[  855.508846][ T2939] device bridge_slave_1 left promiscuous mode
[  855.517003][ T2939] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.525921][ T2939] device bridge_slave_0 left promiscuous mode
[  855.532272][ T2939] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.683649][ T4278] Bluetooth: hci3: command 0x0419 tx timeout
[  855.748348][T11966] fuse: Unknown parameter 'grou00000000000000000000'
[  857.633858][ T2939] bond14 (unregistering): Released all slaves
[  857.962092][T11990] overlayfs: failed to clone lowerpath
[  859.841356][ T2939] bond13 (unregistering): Released all slaves
[  860.144442][ T2939] bond12 (unregistering): Released all slaves
[  860.332768][ T2939] bond11 (unregistering): Released all slaves
[  860.556251][T12013] fuse: Unknown parameter 'grou00000000000000000000'
[  860.567941][ T2939] bond10 (unregistering): Released all slaves
[  860.784315][ T2939] bond9 (unregistering): Released all slaves
[  860.825738][ T2939] bond8 (unregistering): (slave veth7): Releasing active interface
[  861.012729][ T2939] bond8 (unregistering): Released all slaves
[  861.158212][ T2939] bond7 (unregistering): Released all slaves
[  861.301786][ T2939] bond6 (unregistering): Released all slaves
[  861.444106][ T2939] bond5 (unregistering): Released all slaves
[  861.609687][ T2939] bond4 (unregistering): Released all slaves
[  861.763077][ T2939] bond3 (unregistering): Released all slaves
[  861.990540][ T2939] bond2 (unregistering): Released all slaves
[  862.168095][ T2939] bond1 (unregistering): Released all slaves
[  862.975115][ T2939] team0 (unregistering): Port device team_slave_1 removed
[  863.063847][ T2939] team0 (unregistering): Port device team_slave_0 removed
[  863.174469][ T2939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  863.288537][ T2939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  864.109183][ T2939] bond0 (unregistering): Released all slaves
[  864.306106][T11823] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  864.636177][T11823] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  864.656402][T11823] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  864.694468][T11823] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  865.261600][T11823] 8021q: adding VLAN 0 to HW filter on device bond0
[  865.325087][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  865.339555][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  865.378493][T11823] 8021q: adding VLAN 0 to HW filter on device team0
[  867.566222][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  867.634338][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  867.710053][ T9517] bridge0: port 1(bridge_slave_0) entered blocking state
[  867.717303][ T9517] bridge0: port 1(bridge_slave_0) entered forwarding state
[  867.810625][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  867.836067][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  867.905569][T12058] binder: 12050:12058 ioctl c0285840 200000000500 returned -22
[  867.925959][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  868.076162][ T9517] bridge0: port 2(bridge_slave_1) entered blocking state
[  868.083441][ T9517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  868.378364][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  868.511899][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  868.696338][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  868.794335][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  868.856331][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  868.911027][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  868.960697][T12064] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1933'.
[  868.973867][T12064] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1933'.
[  869.008643][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  869.017512][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  869.193113][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  870.199561][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  870.209417][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  870.264292][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  871.245366][T12090] device batadv_slave_1 entered promiscuous mode
[  871.304810][T12087] device batadv_slave_1 left promiscuous mode
[  873.559399][T12106] device syzkaller0 entered promiscuous mode
[  873.925190][T12111] loop8: detected capacity change from 0 to 4096
[  873.940556][T12114] loop6: detected capacity change from 0 to 128
[  873.966242][T12111] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  873.992084][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  874.011529][T12114] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  874.059058][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  874.193713][T12114] ext4 filesystem being mounted at /173/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  875.067915][   T27] audit: type=1804 audit(1776373075.596:55): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1946" name="/newroot/173/file0/file0" dev="loop6" ino=12 res=1 errno=0
[  875.118338][T11823] 8021q: adding VLAN 0 to HW filter on device batadv0
[  875.124992][T10173] EXT4-fs (loop8): unmounting filesystem.
[  875.193463][   T27] audit: type=1804 audit(1776373075.596:56): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1946" name="/newroot/173/file0/file0" dev="loop6" ino=12 res=1 errno=0
[  875.483475][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  875.491137][T12130] loop8: detected capacity change from 0 to 256
[  875.613771][T12130] FAT-fs (loop8): bogus logical sector size 2057
[  875.620911][T12130] FAT-fs (loop8): Can't find a valid FAT filesystem
[  877.042185][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  877.130619][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  877.253985][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  877.272839][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  877.295574][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  877.314202][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  877.363162][T12153] netlink: 'syz.8.1955': attribute type 1 has an invalid length.
[  877.407025][T12153] 8021q: adding VLAN 0 to HW filter on device bond2
[  877.426799][T11823] device veth0_vlan entered promiscuous mode
[  877.456231][T12163] bond2: (slave batadv1): Error -99 calling set_mac_address
[  878.119892][ T4399] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  878.596518][T11823] device veth1_vlan entered promiscuous mode
[  878.756282][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  878.768772][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  878.791207][T11823] device veth0_macvtap entered promiscuous mode
[  878.815899][T11823] device veth1_macvtap entered promiscuous mode
[  878.888656][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  878.919792][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  878.951376][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  878.992172][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  879.022848][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  879.073471][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  879.118090][T11823] batman_adv: batadv0: Interface activated: batadv_slave_0
[  879.147847][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  879.171714][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  879.244179][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  879.300381][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  879.415766][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  879.464138][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  879.507428][T12202] loop8: detected capacity change from 0 to 512
[  879.560736][T12202] EXT4-fs error (device loop8): ext4_free_branches:1030: inode #11: comm syz.8.1967: invalid indirect mapped block 256 (level 2)
[  879.574125][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  879.586052][T12202] EXT4-fs (loop8): Remounting filesystem read-only
[  879.595323][T12202] EXT4-fs (loop8): 2 truncates cleaned up
[  879.601214][T12202] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  879.646105][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  879.658363][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  879.669408][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  879.695990][T11823] batman_adv: batadv0: Interface activated: batadv_slave_1
[  879.708744][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  879.730285][T10173] EXT4-fs (loop8): unmounting filesystem.
[  879.746884][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  879.837379][T11823] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  879.873451][T11823] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  879.917587][T11823] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  879.943605][T11823] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  879.996114][T12214] fuse: Unknown parameter 'group_id00000000000000000000'
[  880.015229][T12213] netlink: 'syz.6.1970': attribute type 1 has an invalid length.
[  880.037514][T12218] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1971'.
[  880.085014][T12213] netlink: 'syz.6.1970': attribute type 2 has an invalid length.
[  880.181613][T12213] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1970'.
[  880.226335][ T4398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  880.251893][ T4398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  880.288142][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  880.370866][ T4399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  880.379930][T12223] netlink: 'syz.8.1972': attribute type 1 has an invalid length.
[  880.417986][ T4399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  880.601589][T12223] 8021q: adding VLAN 0 to HW filter on device bond3
[  880.615283][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  880.740784][T12232] bond3: (slave batadv1): Error -99 calling set_mac_address
[  882.077217][T12268] fuse: Bad value for 'user_id'
[  882.563135][T12280] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1985'.
[  882.696309][T12282] netlink: 20 bytes leftover after parsing attributes in process `syz.9.1986'.
[  883.864471][T12289] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1988'.
[  885.067213][T12332] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2000'.
[  885.962097][T12334] overlayfs: failed to clone lowerpath
[  886.375976][T12350] loop5: detected capacity change from 0 to 4096
[  886.500701][T12350] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  887.007040][T12363] loop9: detected capacity change from 0 to 512
[  887.124283][T12363] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  887.224687][T12364] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2008'.
[  887.254872][T12363] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  888.385945][ T4520] EXT4-fs (loop5): unmounting filesystem.
[  888.676758][T12363] EXT4-fs (loop9): 1 truncate cleaned up
[  888.682494][T12363] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  889.504314][T11823] EXT4-fs (loop9): unmounting filesystem.
[  891.547263][T12376] bridge0: port 3(dummy0) entered disabled state
[  891.553982][T12376] bridge0: port 2(bridge_slave_1) entered disabled state
[  891.561298][T12376] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.998250][T12434] overlayfs: failed to clone upperpath
[  893.314299][T12376] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  893.506413][T12376] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  894.673070][T12459] loop9: detected capacity change from 0 to 512
[  894.701460][T12376] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  894.724136][T12376] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  894.728030][T12459] EXT4-fs: Ignoring removed mblk_io_submit option
[  894.733063][T12376] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  894.782013][T12459] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  894.819505][T12459] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  894.829684][T12376] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  894.884980][T12459] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  894.910595][T12459] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  895.088567][   T27] audit: type=1800 audit(1776373095.616:57): pid=12463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2036" name="file2" dev="loop9" ino=16 res=0 errno=0
[  895.179891][T11823] EXT4-fs (loop9): unmounting filesystem.
[  895.249550][T12418] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2023'.
[  895.293137][T12438] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2027'.
[  895.468427][T12469] netlink: 'syz.5.2038': attribute type 1 has an invalid length.
[  895.489353][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  895.512709][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  895.575717][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  895.612813][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  895.632512][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  895.643175][T12468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  896.583152][T12485] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  897.473633][T12385] Set syz1 is full, maxelem 65536 reached
[  897.694560][T12517] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2051'.
[  897.750440][T12516] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2050'.
[  898.052817][T12524] syz.7.2052 uses obsolete (PF_INET,SOCK_PACKET)
[  898.154081][T12531] netlink: 'syz.5.2056': attribute type 1 has an invalid length.
[  898.199540][T12531] netlink: 'syz.5.2056': attribute type 2 has an invalid length.
[  898.260416][T12531] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2056'.
[  898.274537][T12536] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  898.842968][T12547] netlink: 'syz.5.2060': attribute type 1 has an invalid length.
[  899.050814][T12547] 8021q: adding VLAN 0 to HW filter on device bond10
[  899.174591][T12547] bond10: (slave batadv1): Error -99 calling set_mac_address
[  899.960321][T12573] device syzkaller0 entered promiscuous mode
[  900.260230][T12580] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  900.315440][T12583] netlink: 'syz.8.2070': attribute type 1 has an invalid length.
[  900.395791][T12583] netlink: 'syz.8.2070': attribute type 2 has an invalid length.
[  900.483085][T12583] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2070'.
[  900.523522][T12596] netlink: 'syz.5.2074': attribute type 1 has an invalid length.
[  900.554090][T12597] fuse: Bad value for 'fd'
[  900.837393][T12605] netlink: 'syz.8.2077': attribute type 1 has an invalid length.
[  900.875208][   T27] audit: type=1326 audit(1776373101.406:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  900.942155][T12605] 8021q: adding VLAN 0 to HW filter on device bond5
[  900.991729][   T27] audit: type=1326 audit(1776373101.426:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.014762][   T27] audit: type=1326 audit(1776373101.426:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.053574][   T27] audit: type=1326 audit(1776373101.426:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.140928][T12605] bond5: (slave batadv1): Error -99 calling set_mac_address
[  901.212471][   T27] audit: type=1326 audit(1776373101.426:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.212516][   T27] audit: type=1326 audit(1776373101.426:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.212551][   T27] audit: type=1326 audit(1776373101.426:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.212595][   T27] audit: type=1326 audit(1776373101.426:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.212631][   T27] audit: type=1326 audit(1776373101.426:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.212665][   T27] audit: type=1326 audit(1776373101.426:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12606 comm="syz.5.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[  901.814600][T12608] tty tty1: ldisc open failed (-12), clearing slot 0
[  902.108383][T12639] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  902.114500][T12634] device syzkaller0 entered promiscuous mode
[  902.615140][T12655] loop9: detected capacity change from 0 to 164
[  902.828051][T12658] fuse: Bad value for 'fd'
[  903.156402][T12665] loop9: detected capacity change from 0 to 512
[  903.275580][T12665] EXT4-fs (loop9): Cannot turn on journaled quota: type 0: error -2
[  903.331209][T12665] EXT4-fs (loop9): Cannot turn on journaled quota: type 1: error -2
[  903.395079][T12665] EXT4-fs (loop9): 1 truncate cleaned up
[  903.405684][T12665] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  903.550220][T11823] EXT4-fs (loop9): unmounting filesystem.
[  903.765180][T12687] device syzkaller0 entered promiscuous mode
[  903.787280][T12689] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  903.822677][T12693] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2103'.
[  904.279540][T12703] binder: 12699:12703 ioctl c0285840 200000000500 returned -22
[  904.989162][T12714] fuse: Bad value for 'fd'
[  905.299275][T12705] device syzkaller0 entered promiscuous mode
[  905.599729][T12724] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  906.003279][T12740] overlayfs: failed to resolve './file1': -2
[  907.005161][T12750] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  907.990119][T12756] loop5: detected capacity change from 0 to 512
[  908.072825][T12756] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  908.113463][T12756] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  908.135604][T12756] EXT4-fs (loop5): 1 truncate cleaned up
[  908.141347][T12756] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  908.256836][T12756] EXT4-fs error (device loop5): ext4_append:79: inode #2: comm syz.5.2119: Logical block already allocated
[  908.309596][T12756] EXT4-fs (loop5): Remounting filesystem read-only
[  908.367792][ T4520] EXT4-fs (loop5): unmounting filesystem.
[  908.843702][T12762] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  908.850779][T12762] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  908.943796][T12762] vhci_hcd vhci_hcd.0: Device attached
[  909.163526][T10046] vhci_hcd: vhci_device speed not set
[  909.245694][T10046] usb 43-1: new full-speed USB device number 2 using vhci_hcd
[  909.396999][T12764] vhci_hcd: connection reset by peer
[  909.424801][T11600] vhci_hcd: stop threads
[  909.430430][T11600] vhci_hcd: release socket
[  909.437811][T11600] vhci_hcd: disconnect device
[  910.846634][T12781] fuse: Invalid rootmode
[  912.118632][    C1] hrtimer: interrupt took 157074 ns
[  912.978576][T12813] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  914.439749][T10046] vhci_hcd: vhci_device speed not set
[  919.219428][T12852] loop6: detected capacity change from 0 to 512
[  922.150974][T12893] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  924.008821][T12915] binder: 12913:12915 ioctl c0285840 200000000500 returned -22
[  925.053245][T12925] fuse: Bad value for 'rootmode'
[  926.062562][T12956] binder: 12954:12956 ioctl c0285840 200000000500 returned -22
[  927.574219][T12972] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2182'.
[  927.630394][T12972] netlink: 'syz.7.2182': attribute type 2 has an invalid length.
[  928.393029][T12986] netlink: 'syz.7.2186': attribute type 1 has an invalid length.
[  928.567330][T12986] 8021q: adding VLAN 0 to HW filter on device bond5
[  928.626318][T12991] bond5: (slave batadv1): Error -99 calling set_mac_address
[  929.085235][T13006] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2189'.
[  929.976105][T13016] loop6: detected capacity change from 0 to 512
[  930.074008][T13016] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  930.165240][T13016] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  930.194406][T13016] ext4 filesystem being mounted at /223/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  930.445736][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  930.540954][T13024] team0 (unregistering): Port device team_slave_0 removed
[  930.626125][T13024] team0 (unregistering): Port device team_slave_1 removed
[  930.796803][T13041] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2197'.
[  931.607791][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  932.201227][T13059] fuse: Unknown parameter 'use00000000000000000000'
[  933.376671][T13096] loop5: detected capacity change from 0 to 128
[  935.253905][   T27] kauditd_printk_skb: 358 callbacks suppressed
[  935.253924][   T27] audit: type=1800 audit(1776373135.746:426): pid=13096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2212" name="bus" dev="loop5" ino=1049145 res=0 errno=0
[  936.096600][T13103] loop8: detected capacity change from 0 to 512
[  936.222164][T13103] EXT4-fs: Ignoring removed i_version option
[  936.373887][T13103] EXT4-fs: Ignoring removed nomblk_io_submit option
[  936.644322][T13103] EXT4-fs error (device loop8): ext4_orphan_get:1431: comm syz.8.2216: bad orphan inode 1
[  936.694511][T13103] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  936.720072][T13137] loop5: detected capacity change from 0 to 4096
[  936.749289][T13137] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  936.769618][   T27] audit: type=1800 audit(1776373137.296:427): pid=13137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2225" name="file1" dev="loop5" ino=15 res=0 errno=0
[  936.791068][T13137] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2225: corrupted inode contents
[  936.808371][T13137] EXT4-fs error (device loop5): ext4_dirty_inode:6156: inode #15: comm syz.5.2225: mark_inode_dirty error
[  936.820401][T13137] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2225: corrupted inode contents
[  936.832839][T13137] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.2225: mark_inode_dirty error
[  936.845310][T13137] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2225: corrupted inode contents
[  936.857766][T13137] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.2225: mark_inode_dirty error
[  936.869712][T13137] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2225: corrupted inode contents
[  936.884106][T13137] EXT4-fs error (device loop5): ext4_truncate:4325: inode #15: comm syz.5.2225: mark_inode_dirty error
[  936.895764][T13137] EXT4-fs error (device loop5) in ext4_setattr:5695: Corrupt filesystem
[  937.547881][ T4520] EXT4-fs (loop5): unmounting filesystem.
[  937.957930][T13173] loop6: detected capacity change from 0 to 512
[  938.036216][T13173] EXT4-fs: journaled quota format not specified
[  938.350164][T13178] loop5: detected capacity change from 0 to 512
[  938.453038][T13178] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  938.513751][T13178] ext4 filesystem being mounted at /428/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  939.040104][T13205] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2245'.
[  939.972694][T10173] EXT4-fs (loop8): unmounting filesystem.
[  940.212403][T13216] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2248'.
[  940.298819][T13222] random: crng reseeded on system resumption
[  940.441528][T13225] netlink: 'syz.6.2249': attribute type 27 has an invalid length.
[  940.499721][T13225] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2249'.
[  940.511008][ T4520] EXT4-fs (loop5): unmounting filesystem.
[  940.538230][T13225] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  941.769012][T13247] loop5: detected capacity change from 0 to 256
[  941.835180][T13247] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  942.220421][T13258] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2258'.
[  942.887194][T13267] tipc: Started in network mode
[  942.892215][T13267] tipc: Node identity 4, cluster identity 4711
[  942.991446][T13267] tipc: Node number set to 4
[  945.441834][T13323] device syzkaller0 entered promiscuous mode
[  945.904226][T13331] device syzkaller0 entered promiscuous mode
[  950.673521][ T8989] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  950.841397][T13404] netlink: 71 bytes leftover after parsing attributes in process `syz.7.2300'.
[  950.865692][ T8989] usb 6-1: config 0 has no interfaces?
[  950.873545][ T8989] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  950.899685][ T8989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.928216][ T8989] usb 6-1: config 0 descriptor??
[  954.310371][ T8989] usb 6-1: string descriptor 0 read error: -71
[  954.323840][ T8989] usb 6-1: USB disconnect, device number 33
[  955.525140][T13447] 9pnet_virtio: no channels available for device syz
[  955.561852][T13447] netlink: 'syz.7.2313': attribute type 10 has an invalid length.
[  955.596389][T13450] bridge0: port 3(geneve1) entered blocking state
[  955.615150][T13450] bridge0: port 3(geneve1) entered disabled state
[  955.659105][T13450] device geneve1 entered promiscuous mode
[  956.689659][T13475] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2321'.
[  959.626960][T13497] 9pnet_virtio: no channels available for device syz
[  959.667292][T13497] netlink: 'syz.8.2328': attribute type 10 has an invalid length.
[  960.660512][T13508] loop6: detected capacity change from 0 to 512
[  960.750454][T13508] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  960.793502][T13508] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  960.924545][T13508] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.2332: invalid indirect mapped block 4294967295 (level 1)
[  960.978919][T13508] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.2332: invalid indirect mapped block 4294967295 (level 1)
[  961.015012][T13508] EXT4-fs (loop6): 2 truncates cleaned up
[  961.020936][T13508] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  961.280226][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  964.065284][T13543] loop8: detected capacity change from 0 to 512
[  964.110463][T13543] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  964.203169][T13543] EXT4-fs (loop8): 1 truncate cleaned up
[  964.243570][T13543] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  964.522600][ T4398] tipc: Left network mode
[  964.552905][T10173] EXT4-fs (loop8): unmounting filesystem.
[  965.165220][T13560] netlink: 'syz.8.2346': attribute type 1 has an invalid length.
[  965.203451][T13560] netlink: 'syz.8.2346': attribute type 2 has an invalid length.
[  965.239002][T13560] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2346'.
[  967.255102][T13604] loop8: detected capacity change from 0 to 128
[  967.351059][T13604] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  967.373163][T13604] ext4 filesystem being mounted at /149/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  967.514795][T13613] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2359'.
[  967.704531][T10173] EXT4-fs (loop8): unmounting filesystem.
[  968.246087][ T4398] device hsr_slave_0 left promiscuous mode
[  968.331505][ T4398] device hsr_slave_1 left promiscuous mode
[  968.354553][ T4398] batman_adv: batadv0: Removing interface: batadv_slave_0
[  968.384053][ T4398] batman_adv: batadv0: Removing interface: batadv_slave_1
[  968.508766][ T4398] device bridge_slave_1 left promiscuous mode
[  968.523802][ T4398] bridge0: port 2(bridge_slave_1) entered disabled state
[  968.592489][ T4398] device bridge_slave_0 left promiscuous mode
[  968.642738][ T4398] bridge0: port 1(bridge_slave_0) entered disabled state
[  968.846319][T13646] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  969.366238][ T4398] bond6 (unregistering): Released all slaves
[  969.523681][ T4285] Bluetooth: hci3: command 0x0406 tx timeout
[  969.967499][T13661] loop5: detected capacity change from 0 to 4096
[  969.995506][T13664] fuse: Unknown parameter '0x0000000000000003'
[  970.030453][T13661] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  970.060970][   T27] audit: type=1800 audit(1776373170.586:428): pid=13661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2370" name="file1" dev="loop5" ino=15 res=0 errno=0
[  970.061827][T13661] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2370: corrupted inode contents
[  970.094500][T13661] EXT4-fs error (device loop5): ext4_dirty_inode:6156: inode #15: comm syz.5.2370: mark_inode_dirty error
[  970.117835][T13661] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2370: corrupted inode contents
[  970.131692][T13661] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.2370: mark_inode_dirty error
[  970.144036][T13661] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2370: corrupted inode contents
[  970.158304][T13661] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.2370: mark_inode_dirty error
[  970.171842][T13661] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #15: comm syz.5.2370: corrupted inode contents
[  970.184412][T13661] EXT4-fs error (device loop5): ext4_truncate:4325: inode #15: comm syz.5.2370: mark_inode_dirty error
[  970.198249][T13661] EXT4-fs error (device loop5) in ext4_setattr:5695: Corrupt filesystem
[  970.333829][ T4520] EXT4-fs (loop5): unmounting filesystem.
[  970.404532][ T4398] bond5 (unregistering): Released all slaves
[  970.801498][ T4398] bond4 (unregistering): Released all slaves
[  970.983903][ T4398] bond3 (unregistering): Released all slaves
[  971.159464][ T4398] bond2 (unregistering): Released all slaves
[  971.339870][ T4398] bond1 (unregistering): Released all slaves
[  971.361452][ T4398] bond0 (unregistering): (slave batadv1): Releasing backup interface
[  971.927933][ T4398] team0 (unregistering): Port device team_slave_1 removed
[  971.978922][ T4398] team0 (unregistering): Port device team_slave_0 removed
[  972.031333][ T4398] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  972.080540][ T4398] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  972.421325][ T4398] bond0 (unregistering): Released all slaves
[  972.532680][T13637] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2363'.
[  972.673083][T13678] tipc: Enabled bearer <udp:s>, priority 10
[  972.749942][T13680] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  973.087193][T13691] loop6: detected capacity change from 0 to 1024
[  973.288519][T13700] overlayfs: failed to clone upperpath
[  973.308611][T13691] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  973.324457][T13702] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2384'.
[  973.789140][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  974.100679][T13729] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2388'.
[  975.121601][T13730] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2387'.
[  975.903496][T10046] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  976.096339][T10046] usb 10-1: config 0 has no interfaces?
[  976.102031][T10046] usb 10-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  976.179494][T10046] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.247914][T10046] usb 10-1: config 0 descriptor??
[  976.359629][T13764] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2398'.
[  977.587875][T13794] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  977.755985][T13802] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2407'.
[  980.467510][T10046] usb 10-1: string descriptor 0 read error: -71
[  980.484634][T10046] usb 10-1: USB disconnect, device number 2
[  980.688702][T13824] device syzkaller0 entered promiscuous mode
[  981.453974][T13848] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  981.499158][T13852] tipc: Started in network mode
[  981.504353][T13852] tipc: Node identity ac1414aa, cluster identity 4711
[  981.625169][T13854] loop6: detected capacity change from 0 to 4096
[  981.694648][T13852] tipc: Enabled bearer <udp:s>, priority 10
[  981.881203][T13854] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  981.949178][   T27] audit: type=1800 audit(1776373182.476:429): pid=13854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2420" name="file1" dev="loop6" ino=15 res=0 errno=0
[  981.975667][T13854] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.2420: corrupted inode contents
[  981.991912][T13854] EXT4-fs error (device loop6): ext4_dirty_inode:6156: inode #15: comm syz.6.2420: mark_inode_dirty error
[  982.005394][T13854] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.2420: corrupted inode contents
[  982.019719][T13854] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #15: comm syz.6.2420: mark_inode_dirty error
[  982.043361][T13854] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.2420: corrupted inode contents
[  982.058818][T13854] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #15: comm syz.6.2420: mark_inode_dirty error
[  982.071661][T13854] EXT4-fs error (device loop6): ext4_do_update_inode:5279: inode #15: comm syz.6.2420: corrupted inode contents
[  982.087604][T13854] EXT4-fs error (device loop6): ext4_truncate:4325: inode #15: comm syz.6.2420: mark_inode_dirty error
[  982.102048][T13854] EXT4-fs error (device loop6) in ext4_setattr:5695: Corrupt filesystem
[  982.706090][   T26] tipc: Node number set to 2886997162
[  983.988845][ T8731] EXT4-fs (loop6): unmounting filesystem.
[  985.247167][T13893] device syzkaller0 entered promiscuous mode
[  985.525503][T13909] loop9: detected capacity change from 0 to 164
[  985.566769][T13909] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  985.626704][T13909] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  985.702149][T13909] Symlink component flag not implemented
[  985.730817][T13909] Symlink component flag not implemented
[  985.751247][T13910] Symlink component flag not implemented (7)
[  985.763728][ T4270] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  985.847951][T13910] Symlink component flag not implemented (116)
[  985.975288][ T4270] usb 7-1: config 0 has no interfaces?
[  985.981127][ T4270] usb 7-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  986.031684][ T4270] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  986.094358][ T4270] usb 7-1: config 0 descriptor??
[  986.307027][T13921] device syzkaller0 entered promiscuous mode
[  986.994735][T13942] device syzkaller0 entered promiscuous mode
[  987.860601][T13956] device syzkaller0 entered promiscuous mode
[  988.494677][T13969] device syzkaller0 entered promiscuous mode
[  988.930131][ T4270] usb 7-1: string descriptor 0 read error: -71
[  988.940835][ T4270] usb 7-1: USB disconnect, device number 14
[  989.089949][T13979] loop9: detected capacity change from 0 to 2048
[  989.180456][T13982] device syzkaller0 entered promiscuous mode
[  989.182455][T13979] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  989.345838][T11823] EXT4-fs (loop9): unmounting filesystem.
[  989.635141][T13999] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2458'.
[  990.594151][T14004] device syzkaller0 entered promiscuous mode
[  991.014657][T14020] device syzkaller0 entered promiscuous mode
[  992.021701][T14046] loop9: detected capacity change from 0 to 4096
[  992.160750][T14046] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  992.238980][   T27] audit: type=1800 audit(1776373192.766:430): pid=14046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2467" name="file1" dev="loop9" ino=15 res=0 errno=0
[  992.269857][T14046] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.2467: corrupted inode contents
[  992.292386][T14046] EXT4-fs error (device loop9): ext4_dirty_inode:6156: inode #15: comm syz.9.2467: mark_inode_dirty error
[  992.317217][T14046] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.2467: corrupted inode contents
[  992.398645][T14046] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #15: comm syz.9.2467: mark_inode_dirty error
[  992.477867][T14046] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.2467: corrupted inode contents
[  992.635295][T14046] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #15: comm syz.9.2467: mark_inode_dirty error
[  992.690956][T14046] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.2467: corrupted inode contents
[  992.717741][T14046] EXT4-fs error (device loop9): ext4_truncate:4325: inode #15: comm syz.9.2467: mark_inode_dirty error
[  992.794911][T14046] EXT4-fs error (device loop9) in ext4_setattr:5695: Corrupt filesystem
[  993.049572][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  994.210683][T14093] device syzkaller0 entered promiscuous mode
[  994.735563][T14101] device syzkaller0 entered promiscuous mode
[  998.275523][T14147] device syzkaller0 entered promiscuous mode
[  998.282500][T14141] netlink: 'syz.8.2491': attribute type 8 has an invalid length.
[  999.203749][ T8989] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  999.433670][ T8989] usb 6-1: config 0 has no interfaces?
[  999.442728][ T8989] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  999.478350][ T8989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.508553][ T8989] usb 6-1: config 0 descriptor??
[ 1001.075186][T11823] EXT4-fs (loop9): unmounting filesystem.
[ 1002.293656][ T8989] usb 6-1: string descriptor 0 read error: -71
[ 1002.301911][ T8989] usb 6-1: USB disconnect, device number 34
[ 1005.331299][T14210] loop9: detected capacity change from 0 to 764
[ 1005.402377][T14210] Symlink component flag not implemented
[ 1005.420029][T14210] Symlink component flag not implemented
[ 1005.455614][T14213] netlink: 'syz.6.2504': attribute type 1 has an invalid length.
[ 1005.493590][T14213] netlink: 'syz.6.2504': attribute type 2 has an invalid length.
[ 1007.512107][T14225] netlink: 'syz.9.2508': attribute type 1 has an invalid length.
[ 1007.577108][T14225] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1007.668424][T14234] device syzkaller0 entered promiscuous mode
[ 1007.680022][T14234] tc action pedit offset 120 out of bounds
[ 1007.686592][T14234] tc action pedit offset 120 out of bounds
[ 1007.692478][T14234] tc action pedit offset 120 out of bounds
[ 1007.698540][T14234] tc action pedit offset 120 out of bounds
[ 1007.704433][T14234] tc action pedit offset 120 out of bounds
[ 1007.710274][T14234] tc action pedit offset 120 out of bounds
[ 1007.716272][T14234] tc action pedit offset 120 out of bounds
[ 1007.722213][T14234] tc action pedit offset 120 out of bounds
[ 1007.728211][T14234] tc action pedit offset 120 out of bounds
[ 1007.734317][T14234] tc action pedit offset 120 out of bounds
[ 1007.740163][T14234] tc action pedit offset 120 out of bounds
[ 1007.746053][T14234] tc action pedit offset 120 out of bounds
[ 1007.751994][T14234] tc action pedit offset 120 out of bounds
[ 1007.757974][T14234] tc action pedit offset 120 out of bounds
[ 1007.763866][T14234] tc action pedit offset 120 out of bounds
[ 1007.769722][T14234] tc action pedit offset 120 out of bounds
[ 1007.775607][T14234] tc action pedit offset 120 out of bounds
[ 1007.781451][T14234] 0: reclassify loop, rule prio 0, protocol 800
[ 1008.768615][T14245] device syzkaller0 entered promiscuous mode
[ 1009.032662][T14252] device syzkaller0 entered promiscuous mode
[ 1009.415473][T14266] netlink: 'syz.6.2521': attribute type 1 has an invalid length.
[ 1009.447523][T14266] netlink: 'syz.6.2521': attribute type 2 has an invalid length.
[ 1011.672680][T14287] netlink: 'syz.6.2524': attribute type 1 has an invalid length.
[ 1011.816128][T14296] loop9: detected capacity change from 0 to 512
[ 1011.925353][T14287] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1011.971583][T14296] FAT-fs (loop9): Directory bread(block 199916) failed
[ 1011.983937][T14296] FAT-fs (loop9): Directory bread(block 199917) failed
[ 1011.991015][T14296] FAT-fs (loop9): Directory bread(block 199918) failed
[ 1012.037125][T14296] FAT-fs (loop9): Directory bread(block 199919) failed
[ 1012.063652][T14296] FAT-fs (loop9): Directory bread(block 199920) failed
[ 1012.074453][T14296] FAT-fs (loop9): Directory bread(block 199921) failed
[ 1012.094106][T14296] FAT-fs (loop9): Directory bread(block 199922) failed
[ 1012.101268][T14296] FAT-fs (loop9): Directory bread(block 199923) failed
[ 1012.133854][T14291] FAT-fs (loop9): Directory bread(block 199916) failed
[ 1012.143422][T14291] FAT-fs (loop9): Directory bread(block 199917) failed
[ 1012.485907][T14316] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2529'.
[ 1013.581422][T14322] device syzkaller0 entered promiscuous mode
[ 1014.296529][T14355] loop8: detected capacity change from 0 to 2048
[ 1015.386528][T14355] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[ 1016.256750][T14355] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1016.367735][T14355] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[ 1016.483567][T14355] EXT4-fs (loop8): This should not happen!! Data will be lost
[ 1016.483567][T14355] 
[ 1016.563954][T14355] EXT4-fs (loop8): Total free blocks count 0
[ 1016.643041][T14355] EXT4-fs (loop8): Free/Dirty block details
[ 1016.711272][T14355] EXT4-fs (loop8): free_blocks=2415919504
[ 1016.729589][T14355] EXT4-fs (loop8): dirty_blocks=16
[ 1016.753491][T14355] EXT4-fs (loop8): Block reservation details
[ 1016.780123][T14355] EXT4-fs (loop8): i_reserved_data_blocks=1
[ 1017.145772][    T9] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1017.422120][T14382] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2543'.
[ 1017.552100][T14385] loop5: detected capacity change from 0 to 1024
[ 1017.650764][T14385] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[ 1017.789177][ T4520] EXT4-fs (loop5): unmounting filesystem.
[ 1019.571487][T14435] loop6: detected capacity change from 0 to 512
[ 1019.656380][T14431] device syzkaller0 entered promiscuous mode
[ 1019.695228][T14435] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2
[ 1019.729521][T14435] EXT4-fs error (device loop6): ext4_iget_extra_inode:4763: inode #15: comm syz.6.2557: corrupted in-inode xattr
[ 1019.808616][T14435] EXT4-fs error (device loop6): ext4_orphan_get:1410: comm syz.6.2557: couldn't read orphan inode 15 (err -117)
[ 1019.862286][T14435] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[ 1020.264513][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1020.930193][T14457] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2561'.
[ 1021.798709][T14473] loop9: detected capacity change from 0 to 2048
[ 1021.882435][T14473] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002]
[ 1021.893881][T14473] System zones: 0-7
[ 1021.932926][T14473] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[ 1022.023396][T14473] EXT4-fs error (device loop9): ext4_ext_precache:627: inode #2: comm syz.9.2569: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[ 1022.050488][T14480] tipc: Enabled bearer <udp:s>, priority 10
[ 1022.056770][T14473] EXT4-fs (loop9): Remounting filesystem read-only
[ 1022.444858][T11823] EXT4-fs (loop9): unmounting filesystem.
[ 1022.649401][T14488] loop6: detected capacity change from 0 to 128
[ 1022.724631][T14488] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1022.766860][T14488] ext4 filesystem being mounted at /307/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1023.107657][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1025.695008][T14516] loop5: detected capacity change from 0 to 764
[ 1026.243839][T14524] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2582'.
[ 1026.464587][T14530] loop6: detected capacity change from 0 to 1024
[ 1026.653687][T14530] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1026.672881][T14530] ext4 filesystem being mounted at /309/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1026.794716][T14530] EXT4-fs error (device loop6): ext4_map_blocks:747: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1026.875449][T14544] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1026.913713][T14530] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 117
[ 1026.942062][T14530] EXT4-fs (loop6): This should not happen!! Data will be lost
[ 1026.942062][T14530] 
[ 1026.965075][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.008247][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.035446][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.051721][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.077861][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.100713][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.131667][T14547] EXT4-fs error (device loop6): ext4_map_blocks:637: inode #15: block 1: comm syz.6.2584: lblock 1 mapped to illegal pblock 1 (length 1)
[ 1027.391433][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1027.585371][T14574] loop6: detected capacity change from 0 to 764
[ 1027.713003][T14575] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2595'.
[ 1027.968669][T14591] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2598'.
[ 1028.677720][T14607] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1029.052002][   T27] audit: type=1326 audit(1776373229.576:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.154783][   T27] audit: type=1326 audit(1776373229.586:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.297504][   T27] audit: type=1326 audit(1776373229.586:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.449312][   T27] audit: type=1326 audit(1776373229.586:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.556602][   T27] audit: type=1326 audit(1776373229.586:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.668508][   T27] audit: type=1326 audit(1776373229.586:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.745958][T14632] overlayfs: failed to clone upperpath
[ 1029.770154][   T27] audit: type=1326 audit(1776373229.586:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.846495][   T27] audit: type=1326 audit(1776373229.586:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1029.960996][T14644] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2613'.
[ 1029.985119][   T27] audit: type=1326 audit(1776373229.586:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1030.049482][T14643] bond0: (slave vlan2): Opening slave failed
[ 1030.109490][   T27] audit: type=1326 audit(1776373229.586:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14614 comm="syz.6.2607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b9b39c819 code=0x7ffc0000
[ 1030.477231][T14660] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1030.932564][T14678] loop6: detected capacity change from 0 to 1024
[ 1031.079596][T14690] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2624'.
[ 1031.094385][T14678] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1031.119701][T14678] ext4 filesystem being mounted at /318/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1031.154954][T14678] EXT4-fs error (device loop6): ext4_map_blocks:747: inode #15: comm syz.6.2625: lblock 0 mapped to illegal pblock 0 (length 4)
[ 1031.352330][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1032.119302][T14716] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[ 1032.284745][T14720] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1033.541906][T14758] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1034.026959][T14779] netlink: 'syz.6.2655': attribute type 1 has an invalid length.
[ 1034.258431][T14775] loop8: detected capacity change from 0 to 8192
[ 1034.634672][T14791] loop8: detected capacity change from 8192 to 0
[ 1035.236307][T10173] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[ 1035.292927][T10173] FAT-fs (loop8): Filesystem has been set read-only
[ 1035.702358][T14823] 9pnet_virtio: no channels available for device syz
[ 1035.724596][T14823] netlink: 'syz.9.2659': attribute type 10 has an invalid length.
[ 1035.942823][T14828] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2662'.
[ 1038.101659][T14879] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2677'.
[ 1038.757347][T14888] loop8: detected capacity change from 0 to 2048
[ 1038.882928][T14888]  loop8: p1 < > p3 < > p4 < >
[ 1038.910794][T14888] loop8: partition table partially beyond EOD, truncated
[ 1038.947618][T14888] loop8: p1 start 3405774849 is beyond EOD, truncated
[ 1038.996888][T14888] loop8: p3 start 2304 is beyond EOD, truncated
[ 1039.274449][T14899] loop6: detected capacity change from 0 to 1024
[ 1039.385997][T14899] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1039.725317][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1040.845816][T14947] netlink: 'syz.9.2699': attribute type 10 has an invalid length.
[ 1041.073942][T14947] team0: Device wg1 is of different type
[ 1042.326640][T15002] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1043.617152][T15048] loop8: detected capacity change from 0 to 1024
[ 1043.736406][T15048] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[ 1043.870755][T15053] tipc: Enabled bearer <udp:s>, priority 10
[ 1043.926536][T15057] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2721'.
[ 1044.276625][T10173] EXT4-fs (loop8): unmounting filesystem.
[ 1044.632470][T15072] loop6: detected capacity change from 0 to 2048
[ 1044.714760][T15072] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1044.846634][T15072] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1045.325496][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1045.575541][T15105] loop6: detected capacity change from 0 to 1024
[ 1045.671606][T15105] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1045.775405][T15117] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2738'.
[ 1045.870164][T15115] loop8: detected capacity change from 0 to 1024
[ 1045.981419][T15115] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[ 1046.092695][T15115] ext4 filesystem being mounted at /213/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1046.494633][ T8731] EXT4-fs (loop6): unmounting filesystem.
[ 1046.527446][T10173] EXT4-fs (loop8): unmounting filesystem.
[ 1046.896705][T15143] tipc: Enabled bearer <udp:s>, priority 10
[ 1047.368725][T15163] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2752'.
[ 1048.179252][T15188] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1051.150641][T15222] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2769'.
[ 1053.733328][   T26] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[ 1054.231976][T15240] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2774'.
[ 1054.337083][T15242] binder: 15237:15242 ioctl c0285840 200000000500 returned -22
[ 1054.488605][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1055.667724][T15252] netlink: 'syz.8.2777': attribute type 1 has an invalid length.
[ 1055.703391][T15252] netlink: 'syz.8.2777': attribute type 2 has an invalid length.
[ 1055.898058][T15253] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2778'.
[ 1056.139313][T15259] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2779'.
[ 1056.163088][T15259] netlink: 'syz.5.2779': attribute type 30 has an invalid length.
[ 1056.209703][T15259] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1056.218500][T15259] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1056.226978][T15259] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1056.235226][T15259] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1056.301875][T15260] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2779'.
[ 1056.353552][T15260] netlink: 'syz.5.2779': attribute type 30 has an invalid length.
[ 1056.521657][T15252] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2777'.
[ 1057.016164][T15276] netlink: 'syz.5.2786': attribute type 1 has an invalid length.
[ 1059.518080][T15288] binder: 15277:15288 ioctl c0285840 200000000500 returned -22
[ 1059.770395][T15276] 8021q: adding VLAN 0 to HW filter on device bond12
[ 1059.853493][T15279] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1059.885190][T15279] bond12: (slave batadv1): making interface the new active one
[ 1059.910704][T15279] bond12: (slave batadv1): Enslaving as an active interface with an up link
[ 1059.939268][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): bond12: link becomes ready
[ 1059.974038][T15292] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2790'.
[ 1060.245563][T15302] overlayfs: unrecognized mount option "/" or missing value
[ 1060.296711][T15304] netlink: 'syz.5.2792': attribute type 1 has an invalid length.
[ 1060.315706][T15304] netlink: 'syz.5.2792': attribute type 2 has an invalid length.
[ 1060.342590][T15304] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2792'.
[ 1060.541553][T15312] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2796'.
[ 1060.993386][ T4562] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[ 1061.214027][ T4562] usb 9-1: config 0 has no interfaces?
[ 1061.219693][ T4562] usb 9-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1061.310372][T15333] binder: 15327:15333 ioctl c0285840 200000000500 returned -22
[ 1062.047175][ T4562] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.062555][ T4562] usb 9-1: config 0 descriptor??
[ 1064.762137][T15350] overlayfs: unrecognized mount option "/" or missing value
[ 1065.270448][T15357] netlink: 'syz.5.2808': attribute type 1 has an invalid length.
[ 1065.333760][T15357] netlink: 'syz.5.2808': attribute type 2 has an invalid length.
[ 1065.369567][T15359] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1065.412987][T15357] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2808'.
[ 1065.441388][T15364] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2810'.
[ 1066.109882][T15380] binder: 15376:15380 ioctl c0285840 200000000500 returned -22
[ 1066.887689][ T4562] usb 9-1: string descriptor 0 read error: -71
[ 1066.925113][ T4562] usb 9-1: USB disconnect, device number 8
[ 1067.006631][T15379] xt_hashlimit: size too large, truncated to 1048576
[ 1067.019168][T15384] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2818'.
[ 1067.212994][T15389] overlayfs: unrecognized mount option "/" or missing value
[ 1069.947200][T15400] capability: warning: `syz.9.2820' uses 32-bit capabilities (legacy support in use)
[ 1071.215036][T15412] netlink: 'syz.7.2824': attribute type 1 has an invalid length.
[ 1071.289638][T15413] 9pnet_virtio: no channels available for device syz
[ 1071.296611][T15412] netlink: 'syz.7.2824': attribute type 2 has an invalid length.
[ 1071.315528][T15412] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2824'.
[ 1071.354047][T15413] netlink: 'syz.9.2822': attribute type 10 has an invalid length.
[ 1071.951852][T15425] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2828'.
[ 1072.433373][ T8989] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[ 1073.943659][ T8989] usb 6-1: config 0 has no interfaces?
[ 1073.949212][ T8989] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1074.578545][ T8989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1074.588586][ T8989] usb 6-1: config 0 descriptor??
[ 1075.473409][T15450] loop9: detected capacity change from 0 to 512
[ 1075.519676][T15450] ext4: Unknown parameter 'seclabel'
[ 1075.811156][ T8989] usb 6-1: string descriptor 0 read error: -71
[ 1075.844480][ T8989] usb 6-1: USB disconnect, device number 35
[ 1076.135523][T15469] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2842'.
[ 1079.676448][T15496] 9pnet_virtio: no channels available for device syz
[ 1079.722913][T15496] netlink: 'syz.9.2846': attribute type 10 has an invalid length.
[ 1081.553826][   T27] kauditd_printk_skb: 8 callbacks suppressed
[ 1081.553847][   T27] audit: type=1326 audit(1776373281.286:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.676914][   T27] audit: type=1326 audit(1776373281.286:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.701309][   T27] audit: type=1326 audit(1776373281.416:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.725345][   T27] audit: type=1326 audit(1776373281.416:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.747921][   T27] audit: type=1326 audit(1776373281.416:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.771163][   T27] audit: type=1326 audit(1776373281.616:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.799634][   T27] audit: type=1326 audit(1776373281.616:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.863842][   T27] audit: type=1326 audit(1776373281.616:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1081.946824][   T27] audit: type=1326 audit(1776373281.746:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1082.202043][   T27] audit: type=1326 audit(1776373281.746:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15509 comm="syz.8.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899019c819 code=0x7ffc0000
[ 1082.979416][ T4278] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1082.990334][ T4278] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1082.999895][ T4278] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1083.009427][ T4278] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1083.017904][ T4278] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1083.025412][ T4278] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1083.201765][T15550] netlink: 16186 bytes leftover after parsing attributes in process `syz.9.2868'.
[ 1083.493810][T15540] chnl_net:caif_netlink_parms(): no params data found
[ 1083.619846][T15563] binder: 15558:15563 ioctl c0285840 200000000500 returned -22
[ 1084.777493][T15540] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1084.784809][T15573] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2877'.
[ 1084.871690][T15540] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1084.890602][T15540] device bridge_slave_0 entered promiscuous mode
[ 1084.899349][T15575] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2876'.
[ 1084.907403][T15540] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1084.932100][T15540] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1084.970374][T15540] device bridge_slave_1 entered promiscuous mode
[ 1085.132916][T15540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1085.142421][ T4285] Bluetooth: hci2: command 0x0409 tx timeout
[ 1085.191652][T15540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1085.364863][T15540] team0: Port device team_slave_0 added
[ 1085.417141][T15540] team0: Port device team_slave_1 added
[ 1085.430739][T15594] loop5: detected capacity change from 0 to 7
[ 1085.475802][T15594]  loop5:
[ 1085.485764][T15594] loop5: partition table partially beyond EOD, truncated
[ 1085.516695][T15540] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1085.542113][T15540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1085.652946][T15540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1085.726068][T15540] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1085.759435][T15540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1086.580946][T15603] 9pnet_virtio: no channels available for device syz
[ 1086.591496][T15540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1086.613869][T15603] netlink: 'syz.7.2878': attribute type 10 has an invalid length.
[ 1086.631589][T15605] loop5: detected capacity change from 0 to 512
[ 1086.769564][T15540] device hsr_slave_0 entered promiscuous mode
[ 1086.772163][T15607] loop9: detected capacity change from 0 to 1024
[ 1086.865209][T15540] device hsr_slave_1 entered promiscuous mode
[ 1086.910543][T15540] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1086.931716][T15607] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[ 1086.969195][T15540] Cannot create hsr debugfs directory
[ 1086.983520][T15607] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1087.203591][ T4285] Bluetooth: hci2: command 0x041b tx timeout
[ 1087.307338][T11823] EXT4-fs (loop9): unmounting filesystem.
[ 1087.818335][T15632] loop8: detected capacity change from 0 to 512
[ 1087.871974][T15632] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[ 1088.019631][T15632] EXT4-fs: error: could not find journal device path
[ 1088.137061][T15632] loop8: detected capacity change from 0 to 128
[ 1088.302906][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.302906][T15640] loop8: rw=2049, sector=145, nr_sectors = 152 limit=128
[ 1088.435348][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.435348][T15640] loop8: rw=524288, sector=145, nr_sectors = 152 limit=128
[ 1088.471059][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471059][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.471202][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471202][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.471292][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471292][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.471378][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471378][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.471465][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471465][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.471564][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471564][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.471650][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.471650][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1088.472952][T15640] syz.8.2895: attempt to access beyond end of device
[ 1088.472952][T15640] loop8: rw=0, sector=145, nr_sectors = 8 limit=128
[ 1089.286703][ T4285] Bluetooth: hci2: command 0x040f tx timeout
[ 1089.507758][T15540] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1089.534022][T15540] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1089.564683][T15540] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1089.599440][T15540] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1089.809397][T15540] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1089.905093][T15540] 8021q: adding VLAN 0 to HW filter on device team0
[ 1089.922351][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1089.956464][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1090.039144][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1090.057956][T15681] overlayfs: missing 'lowerdir'
[ 1090.067702][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1090.108294][T11366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1090.115467][T11366] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1090.157648][T15683] loop9: detected capacity change from 0 to 1024
[ 1090.183911][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1090.212131][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1090.232697][T11366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1090.239984][T11366] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1090.253333][T12854] blk_print_req_error: 9 callbacks suppressed
[ 1090.253351][T12854] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1090.311348][   T27] kauditd_printk_skb: 2 callbacks suppressed
[ 1090.311365][   T27] audit: type=1326 audit(1776373290.836:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.385147][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1090.414818][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1090.454266][   T27] audit: type=1326 audit(1776373290.876:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.459189][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1090.476648][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1090.574261][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1090.584111][   T27] audit: type=1326 audit(1776373290.876:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.647981][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1090.697760][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1090.713435][   T27] audit: type=1326 audit(1776373290.876:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.731043][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1090.787505][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1090.817410][   T27] audit: type=1326 audit(1776373290.876:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.817954][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1090.911708][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1090.919772][   T27] audit: type=1326 audit(1776373290.876:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.942349][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1090.957735][   T27] audit: type=1326 audit(1776373290.876:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1090.993758][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1091.008183][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1091.051540][   T27] audit: type=1326 audit(1776373290.886:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1091.077908][T15540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1091.172378][   T27] audit: type=1326 audit(1776373290.886:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15692 comm="syz.5.2912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc4e899c819 code=0x7ffc0000
[ 1091.194943][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1091.363397][ T4285] Bluetooth: hci2: command 0x0419 tx timeout
[ 1091.431903][T15719] device syzkaller0 entered promiscuous mode
[ 1091.561502][T15727] overlayfs: missing 'lowerdir'
[ 1092.315689][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1092.336284][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1092.382342][T15540] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1092.509553][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1092.530992][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1092.576563][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1092.595200][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1092.617580][T15540] device veth0_vlan entered promiscuous mode
[ 1092.626936][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1092.655020][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1092.680141][T15540] device veth1_vlan entered promiscuous mode
[ 1092.833098][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1092.850274][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1092.869169][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1092.911603][T11366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1092.936353][T15540] device veth0_macvtap entered promiscuous mode
[ 1092.972451][T15540] device veth1_macvtap entered promiscuous mode
[ 1093.032101][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.068346][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.085959][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.102350][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.125246][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.164905][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.203749][T15540] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1093.230734][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1093.246337][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1093.281898][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1093.311510][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1093.360676][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.417354][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.464235][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.489312][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.537345][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.579434][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.605356][T15787] overlayfs: missing 'lowerdir'
[ 1093.622085][T15540] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1093.657923][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1093.677700][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1093.710656][T15540] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.751041][T15540] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.807002][T15540] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.833704][T15540] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1094.197948][T15800] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1094.252392][T11647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1094.272756][T11647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1094.298112][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1094.362022][ T5616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1094.383366][ T5616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1094.399001][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1096.049655][T15829] device syzkaller0 entered promiscuous mode
[ 1097.134047][T15846] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1097.540318][T15861] tipc: Started in network mode
[ 1097.546880][T15861] tipc: Node identity 4, cluster identity 4711
[ 1097.553131][T15861] tipc: Node number set to 4
[ 1098.578777][T15869] device syzkaller0 entered promiscuous mode
[ 1099.570169][T15886] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2963'.
[ 1101.257277][T15905] loop8: detected capacity change from 0 to 1024
[ 1101.281935][T15907] tc_dump_action: action bad kind
[ 1101.405731][T15905] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[ 1101.824751][T15924] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1101.856735][T10173] EXT4-fs (loop8): unmounting filesystem.
[ 1102.430224][T15938] overlayfs: missing 'workdir'
[ 1102.683740][T15951] loop5: detected capacity change from 0 to 512
[ 1102.887019][T15954] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2978'.
[ 1102.936540][T15946] loop3: detected capacity change from 0 to 8192
[ 1103.253641][T15961] loop3: detected capacity change from 8192 to 0
[ 1104.137596][T15980] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1105.276289][T15540] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[ 1105.303876][T15540] FAT-fs (loop3): Filesystem has been set read-only
[ 1105.353393][ T4562] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[ 1105.595242][ T4562] usb 9-1: config 0 has no interfaces?
[ 1105.600807][ T4562] usb 9-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1105.616235][ T4562] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.634429][T15992] 9pnet_virtio: no channels available for device syz
[ 1105.642684][T15992] netlink: 'syz.7.2987': attribute type 10 has an invalid length.
[ 1105.663199][ T4562] usb 9-1: config 0 descriptor??
[ 1105.796533][T15999] overlayfs: missing 'workdir'
[ 1105.854448][T16002] loop9: detected capacity change from 0 to 512
[ 1105.928605][ T4562] usb 9-1: string descriptor 0 read error: -71
[ 1105.973428][ T4562] usb 9-1: USB disconnect, device number 9
[ 1109.152425][T16039] netlink: 'syz.7.2997': attribute type 10 has an invalid length.
[ 1109.614209][T16045] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1110.461148][T16039] team0: Device wg1 is of different type
[ 1110.715830][T16043] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2995'.
[ 1112.942003][T16083] overlayfs: missing 'workdir'
[ 1115.927866][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.275348][ T4318] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[ 1117.245226][T16154] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3013'.
[ 1119.804386][T16197] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1120.338617][T16213] binder: 16203:16213 ioctl c0285840 200000000500 returned -22
[ 1121.713380][ T4329] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[ 1121.926722][ T4329] usb 6-1: config 0 has no interfaces?
[ 1121.932316][ T4329] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1121.986502][T16242] loop3: detected capacity change from 0 to 128
[ 1121.990958][ T4329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.084368][ T4329] usb 6-1: config 0 descriptor??
[ 1122.134553][   T27] audit: type=1800 audit(1776373322.666:470): pid=16242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3036" name="bus" dev="loop3" ino=1049182 res=0 errno=0
[ 1123.182441][T16256] loop3: detected capacity change from 0 to 1024
[ 1123.305886][T16256] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1123.316382][T16262] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1123.668312][T15540] EXT4-fs (loop3): unmounting filesystem.
[ 1123.843139][T16272] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3043'.
[ 1124.840645][ T4329] usb 6-1: string descriptor 0 read error: -71
[ 1124.867847][ T4329] usb 6-1: USB disconnect, device number 36
[ 1125.030686][T16289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3047'.
[ 1125.070305][T16289] netlink: 'syz.3.3047': attribute type 30 has an invalid length.
[ 1125.126217][T16289] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1125.135261][T16289] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1125.144347][T16289] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1125.153122][T16289] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1125.238881][T16293] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3047'.
[ 1125.286145][T16293] netlink: 'syz.3.3047': attribute type 30 has an invalid length.
[ 1125.542991][T16306] loop3: detected capacity change from 0 to 128
[ 1125.600834][T16306] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1125.610123][T16306] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1125.940756][T16318] netlink: 'syz.8.3054': attribute type 8 has an invalid length.
[ 1127.115641][T16339] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3060'.
[ 1127.340675][T16345] netlink: 'syz.7.3062': attribute type 58 has an invalid length.
[ 1127.408136][T16345] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3062'.
[ 1127.734180][ T8733] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1127.746515][ T8733] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1127.760620][ T4278] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1127.772852][ T8733] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1127.792166][ T8733] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1127.800110][ T8733] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1127.832440][ T4520] bond0: (slave syz_tun): Releasing backup interface
[ 1128.492283][T16348] chnl_net:caif_netlink_parms(): no params data found
[ 1128.609550][T15540] EXT4-fs (loop3): unmounting filesystem.
[ 1128.875461][T16348] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1128.921729][T16348] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1128.944597][T16348] device bridge_slave_0 entered promiscuous mode
[ 1128.980882][T16348] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1129.018894][T16348] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1129.074532][T16348] device bridge_slave_1 entered promiscuous mode
[ 1129.185528][T16348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1129.221851][T16396] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3072'.
[ 1129.237817][T16348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1129.378248][T16348] team0: Port device team_slave_0 added
[ 1129.418946][T16397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3073'.
[ 1129.460196][T16348] team0: Port device team_slave_1 added
[ 1129.579822][T16410] netlink: 44 bytes leftover after parsing attributes in process `syz.9.3075'.
[ 1129.589722][T16348] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1129.618985][T16348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1129.722973][T16348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1129.808473][T16348] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1129.824060][T16348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1129.853919][ T4285] Bluetooth: hci4: command 0x0409 tx timeout
[ 1129.967177][T16348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1130.140042][T16425] overlayfs: failed to resolve './file0': -2
[ 1130.297984][T16348] device hsr_slave_0 entered promiscuous mode
[ 1130.351057][T16348] device hsr_slave_1 entered promiscuous mode
[ 1130.468325][T16348] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1130.533758][T16348] Cannot create hsr debugfs directory
[ 1130.584627][T16425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3077'.
[ 1131.250709][T16348] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1131.377848][T16348] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1131.508232][T16348] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1131.610504][T16348] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1131.869565][T16464] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3085'.
[ 1131.923698][ T4285] Bluetooth: hci4: command 0x041b tx timeout
[ 1132.782654][T16348] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1132.819246][T16348] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1132.860787][T16348] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1132.899620][T16348] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1132.926737][T16470] netlink: 44 bytes leftover after parsing attributes in process `syz.9.3087'.
[ 1133.054384][T16471] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3086'.
[ 1133.302739][T16480] RDS: rds_bind could not find a transport for feff::, load rds_tcp or rds_rdma?
[ 1133.482398][T16348] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1133.841193][T16487] loop9: detected capacity change from 0 to 4096
[ 1134.075108][ T4285] Bluetooth: hci4: command 0x040f tx timeout
[ 1134.120680][T16487] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[ 1134.340633][   T27] audit: type=1800 audit(1776373334.786:471): pid=16487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3089" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1136.230560][T16491] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3089: corrupted inode contents
[ 1136.242788][ T4285] Bluetooth: hci4: command 0x0419 tx timeout
[ 1136.272471][T16491] EXT4-fs error (device loop9): ext4_dirty_inode:6156: inode #15: comm syz.9.3089: mark_inode_dirty error
[ 1136.293630][T16491] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3089: corrupted inode contents
[ 1136.306322][T16491] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #15: comm syz.9.3089: mark_inode_dirty error
[ 1136.318725][T16491] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3089: corrupted inode contents
[ 1136.331799][T16491] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #15: comm syz.9.3089: mark_inode_dirty error
[ 1136.344969][T16491] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3089: corrupted inode contents
[ 1136.361986][T16491] EXT4-fs error (device loop9): ext4_truncate:4325: inode #15: comm syz.9.3089: mark_inode_dirty error
[ 1136.378116][T16491] EXT4-fs error (device loop9) in ext4_setattr:5695: Corrupt filesystem
[ 1136.450299][   T27] audit: type=1800 audit(1776373336.666:472): pid=16491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.3089" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1136.750855][T16348] 8021q: adding VLAN 0 to HW filter on device team0
[ 1136.766418][T11823] EXT4-fs (loop9): unmounting filesystem.
[ 1136.838579][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1136.874135][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1136.912956][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1136.945282][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1136.965582][T14127] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1136.972767][T14127] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1137.001611][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1137.064813][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1137.114135][T14127] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1137.121484][T14127] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1137.193710][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1137.274524][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1137.282717][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1137.325045][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1137.354931][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1137.390411][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1137.417184][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1137.447232][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1137.479062][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1137.512500][T14127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1137.555373][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1137.571641][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1137.611241][T16348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1137.876482][T16518] overlayfs: failed to resolve './file0': -2
[ 1137.922628][T16518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3098'.
[ 1138.661647][T16528] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3099'.
[ 1139.172160][T16348] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1139.251571][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1139.273821][T11861] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1139.623909][T16553] loop9: detected capacity change from 0 to 4096
[ 1142.344218][T16553] EXT4-fs: error -4 creating inode table initialization thread
[ 1142.352870][T16553] EXT4-fs (loop9): mount failed
[ 1143.892994][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1143.929306][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1143.979213][T16585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3111'.
[ 1144.014733][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1144.040607][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1144.076090][T16348] device veth0_vlan entered promiscuous mode
[ 1144.085012][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1144.107626][T11647] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1144.161297][T16348] device veth1_vlan entered promiscuous mode
[ 1144.264851][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1144.283904][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1144.323942][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1144.395442][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1144.430556][T16348] device veth0_macvtap entered promiscuous mode
[ 1144.463955][T16348] device veth1_macvtap entered promiscuous mode
[ 1144.511247][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1144.550997][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1144.583292][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1144.623012][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1144.661189][T16600] loop9: detected capacity change from 0 to 4096
[ 1144.667824][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1144.683509][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1144.714698][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1144.756931][T16600] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[ 1144.773591][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1144.785841][T16348] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1144.794843][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1144.805634][   T27] audit: type=1800 audit(1776373345.336:473): pid=16600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3115" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1144.850177][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1144.894696][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1144.911494][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1144.934973][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.008788][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.053495][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.121008][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.161901][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.201975][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.239403][T16348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1145.285934][T16348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1145.321025][T16348] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1145.361192][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1145.391394][T13887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1145.483912][T16348] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.492923][T16348] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.548620][T16348] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.588860][T16348] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1145.868114][T13887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1145.873542][ T4562] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[ 1145.905677][T13887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1145.945059][ T9517] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1146.039956][T11647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1146.048940][T11647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1146.096712][ T5616] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1146.213157][ T4562] usb 4-1: config 0 has no interfaces?
[ 1146.219062][ T4562] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1146.286709][ T4562] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1146.352203][ T4562] usb 4-1: config 0 descriptor??
[ 1147.486441][   T27] audit: type=1800 audit(1776373348.016:474): pid=16600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.3115" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 1148.913545][T16646] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3123'.
[ 1149.118303][T16600] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3115: corrupted inode contents
[ 1149.222388][T16600] EXT4-fs error (device loop9): ext4_dirty_inode:6156: inode #15: comm syz.9.3115: mark_inode_dirty error
[ 1149.276913][T16600] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3115: corrupted inode contents
[ 1149.337139][ T4562] usb 4-1: string descriptor 0 read error: -71
[ 1149.361219][T16600] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #15: comm syz.9.3115: mark_inode_dirty error
[ 1149.380408][ T4562] usb 4-1: USB disconnect, device number 2
[ 1149.400287][T16600] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3115: corrupted inode contents
[ 1149.468359][T16600] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #15: comm syz.9.3115: mark_inode_dirty error
[ 1149.510027][T16600] EXT4-fs error (device loop9): ext4_do_update_inode:5279: inode #15: comm syz.9.3115: corrupted inode contents
[ 1149.550827][T16600] EXT4-fs error (device loop9): ext4_truncate:4325: inode #15: comm syz.9.3115: mark_inode_dirty error
[ 1149.610111][T16600] EXT4-fs error (device loop9) in ext4_setattr:5695: Corrupt filesystem
[ 1149.783604][T16664] loop5: detected capacity change from 0 to 1024
[ 1149.797702][T11823] EXT4-fs (loop9): unmounting filesystem.
[ 1149.928354][T16664] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[ 1150.154608][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3131'.
[ 1150.191765][T16677] netlink: 'syz.7.3131': attribute type 30 has an invalid length.
[ 1150.227018][T16677] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1150.236044][T16677] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1150.245285][T16677] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1150.254182][T16677] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1150.266006][T16681] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3131'.
[ 1150.313440][T16681] netlink: 'syz.7.3131': attribute type 30 has an invalid length.
[ 1150.637633][T16348] EXT4-fs (loop5): unmounting filesystem.
[ 1150.899030][T16700] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3135'.
[ 1151.867770][T16722] ------------[ cut here ]------------
[ 1151.873865][T16722] WARNING: CPU: 0 PID: 16722 at net/sched/sch_taprio.c:1020 taprio_get_start_time+0x139/0x160
[ 1151.884344][T16722] Modules linked in:
[ 1151.888275][T16722] CPU: 0 PID: 16722 Comm: syz.5.3140 Not tainted syzkaller #0
[ 1151.895891][T16722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1151.906096][T16722] RIP: 0010:taprio_get_start_time+0x139/0x160
[ 1151.912192][T16722] Code: 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 6c d2 6f f9 4c 89 23 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 97 c5 1e f9 <0f> 0b b8 f2 ff ff ff eb e7 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
[ 1151.931962][T16722] RSP: 0018:ffffc9000417ed68 EFLAGS: 00010283
[ 1151.938209][T16722] RAX: ffffffff8863afb9 RBX: ffffc9000417ee78 RCX: 0000000000080000
[ 1151.946332][T16722] RDX: ffffc90010e3a000 RSI: 0000000000006f51 RDI: 0000000000006f52
[ 1151.954375][T16722] RBP: 0000000000000000 R08: ffffffff90af93a7 R09: 1ffffffff215f274
[ 1151.962364][T16722] R10: dffffc0000000000 R11: fffffbfff215f275 R12: 18a6f22702676bd6
[ 1151.970380][T16722] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1151.978414][T16722] FS:  00007fa0f48386c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1151.987503][T16722] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1151.994139][T16722] CR2: 00007f2470c82a90 CR3: 000000005ddb1000 CR4: 00000000003506f0
[ 1152.002256][T16722] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1152.010273][T16722] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1152.018305][T16722] Call Trace:
[ 1152.021631][T16722]  <TASK>
[ 1152.024701][T16722]  taprio_change+0x40d9/0x5490
[ 1152.029523][T16722]  ? taprio_destroy+0x4b0/0x4b0
[ 1152.034441][T16722]  ? qdisc_create+0x7eb/0x10b0
[ 1152.039315][T16722]  ? ____sys_sendmsg+0x5be/0x970
[ 1152.044326][T16722]  ? memset+0x1e/0x40
[ 1152.048362][T16722]  ? fifo_init+0x3f6/0x6d0
[ 1152.052816][T16722]  ? qdisc_peek_head+0x40/0x40
[ 1152.057610][T16722]  ? qdisc_alloc+0x77a/0xa50
[ 1152.062214][T16722]  ? rcu_is_watching+0x11/0xa0
[ 1152.067110][T16722]  ? taprio_peek+0x590/0x590
[ 1152.071843][T16722]  qdisc_create+0x7eb/0x10b0
[ 1152.076543][T16722]  ? qdisc_notify+0x370/0x370
[ 1152.081256][T16722]  ? lockdep_rtnl_is_held+0x22/0x30
[ 1152.086558][T16722]  ? qdisc_lookup+0x366/0x6c0
[ 1152.091285][T16722]  tc_modify_qdisc+0xb5f/0x1d10
[ 1152.096200][T16722]  ? qdisc_offload_query_caps+0x150/0x150
[ 1152.101946][T16722]  ? rtnetlink_rcv_msg+0x226/0xfc0
[ 1152.107159][T16722]  ? rtnetlink_rcv_msg+0x226/0xfc0
[ 1152.112291][T16722]  ? qdisc_offload_query_caps+0x150/0x150
[ 1152.118077][T16722]  rtnetlink_rcv_msg+0x87c/0xfc0
[ 1152.123095][T16722]  ? rtnetlink_bind+0x80/0x80
[ 1152.127824][T16722]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1152.133310][T16722]  ? lockdep_hardirqs_on+0x94/0x140
[ 1152.138592][T16722]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1152.144073][T16722]  ? _local_bh_enable+0xa0/0xa0
[ 1152.148936][T16722]  ? __dev_queue_xmit+0x26b/0x37c0
[ 1152.154113][T16722]  ? __dev_queue_xmit+0x26b/0x37c0
[ 1152.159252][T16722]  ? __dev_queue_xmit+0x1cd2/0x37c0
[ 1152.164503][T16722]  ? __dev_queue_xmit+0x26b/0x37c0
[ 1152.169650][T16722]  ? ref_tracker_free+0x68c/0x840
[ 1152.174877][T16722]  ? __copy_skb_header+0x3ba/0x4f0
[ 1152.180055][T16722]  ? refcount_inc+0x70/0x70
[ 1152.184719][T16722]  ? memcpy+0x3c/0x60
[ 1152.188739][T16722]  ? __copy_skb_header+0x3ba/0x4f0
[ 1152.193892][T16722]  ? __skb_clone+0x480/0x790
[ 1152.198588][T16722]  netlink_rcv_skb+0x1fb/0x450
[ 1152.203484][T16722]  ? rtnetlink_bind+0x80/0x80
[ 1152.208181][T16722]  ? netlink_ack+0x1170/0x1170
[ 1152.212965][T16722]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1152.218215][T16722]  netlink_unicast+0x74d/0x8d0
[ 1152.223000][T16722]  netlink_sendmsg+0x8ad/0xbd0
[ 1152.227808][T16722]  ? netlink_getsockopt+0x550/0x550
[ 1152.233018][T16722]  ? aa_sock_msg_perm+0x94/0x150
[ 1152.238032][T16722]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1152.243388][T16722]  ? security_socket_sendmsg+0x7c/0xa0
[ 1152.248894][T16722]  ? netlink_getsockopt+0x550/0x550
[ 1152.254207][T16722]  ____sys_sendmsg+0x5be/0x970
[ 1152.258984][T16722]  ? __sys_sendmsg_sock+0x30/0x30
[ 1152.264131][T16722]  ? __import_iovec+0x315/0x500
[ 1152.269006][T16722]  ? import_iovec+0x6f/0xa0
[ 1152.273561][T16722]  ___sys_sendmsg+0x2a2/0x360
[ 1152.278248][T16722]  ? try_to_wake_up+0x6ae/0x1080
[ 1152.283270][T16722]  ? __sys_sendmsg+0x290/0x290
[ 1152.288093][T16722]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1152.292957][T16722]  ? __x64_sys_sendmsg+0x80/0x80
[ 1152.297948][T16722]  ? lockdep_hardirqs_on+0x94/0x140
[ 1152.303153][T16722]  do_syscall_64+0x4c/0xa0
[ 1152.307612][T16722]  ? clear_bhb_loop+0x60/0xb0
[ 1152.312507][T16722]  ? clear_bhb_loop+0x60/0xb0
[ 1152.317248][T16722]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1152.323296][T16722] RIP: 0033:0x7fa0f399c819
[ 1152.327750][T16722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1152.347429][T16722] RSP: 002b:00007fa0f4838028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1152.355908][T16722] RAX: ffffffffffffffda RBX: 00007fa0f3c16090 RCX: 00007fa0f399c819
[ 1152.363912][T16722] RDX: 0000000000000010 RSI: 00002000000012c0 RDI: 0000000000000006
[ 1152.371892][T16722] RBP: 00007fa0f3a32c91 R08: 0000000000000000 R09: 0000000000000000
[ 1152.379904][T16722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1152.388099][T16722] R13: 00007fa0f3c16128 R14: 00007fa0f3c16090 R15: 00007ffcc53e8588
[ 1152.396161][T16722]  </TASK>
[ 1152.399198][T16722] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1152.406674][T16722] CPU: 0 PID: 16722 Comm: syz.5.3140 Not tainted syzkaller #0
[ 1152.414433][T16722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1152.424594][T16722] Call Trace:
[ 1152.427903][T16722]  <TASK>
[ 1152.430845][T16722]  dump_stack_lvl+0x188/0x24e
[ 1152.435577][T16722]  ? memcpy+0x3c/0x60
[ 1152.439561][T16722]  ? show_regs_print_info+0x12/0x12
[ 1152.444791][T16722]  ? load_image+0x400/0x400
[ 1152.449343][T16722]  panic+0x2e5/0x730
[ 1152.453344][T16722]  ? bpf_jit_dump+0xd0/0xd0
[ 1152.457989][T16722]  __warn+0x2f8/0x4f0
[ 1152.461981][T16722]  ? taprio_get_start_time+0x139/0x160
[ 1152.467458][T16722]  ? taprio_get_start_time+0x139/0x160
[ 1152.472925][T16722]  report_bug+0x2ba/0x4f0
[ 1152.477333][T16722]  ? taprio_get_start_time+0x139/0x160
[ 1152.482813][T16722]  handle_bug+0x3a/0x70
[ 1152.486978][T16722]  exc_invalid_op+0x16/0x40
[ 1152.491591][T16722]  asm_exc_invalid_op+0x16/0x20
[ 1152.496461][T16722] RIP: 0010:taprio_get_start_time+0x139/0x160
[ 1152.502573][T16722] Code: 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 6c d2 6f f9 4c 89 23 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 97 c5 1e f9 <0f> 0b b8 f2 ff ff ff eb e7 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
[ 1152.522544][T16722] RSP: 0018:ffffc9000417ed68 EFLAGS: 00010283
[ 1152.528649][T16722] RAX: ffffffff8863afb9 RBX: ffffc9000417ee78 RCX: 0000000000080000
[ 1152.536704][T16722] RDX: ffffc90010e3a000 RSI: 0000000000006f51 RDI: 0000000000006f52
[ 1152.544772][T16722] RBP: 0000000000000000 R08: ffffffff90af93a7 R09: 1ffffffff215f274
[ 1152.552970][T16722] R10: dffffc0000000000 R11: fffffbfff215f275 R12: 18a6f22702676bd6
[ 1152.561041][T16722] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1152.569032][T16722]  ? taprio_get_start_time+0x139/0x160
[ 1152.574524][T16722]  ? taprio_get_start_time+0x139/0x160
[ 1152.580164][T16722]  taprio_change+0x40d9/0x5490
[ 1152.584955][T16722]  ? taprio_destroy+0x4b0/0x4b0
[ 1152.589836][T16722]  ? qdisc_create+0x7eb/0x10b0
[ 1152.594642][T16722]  ? ____sys_sendmsg+0x5be/0x970
[ 1152.599769][T16722]  ? memset+0x1e/0x40
[ 1152.603782][T16722]  ? fifo_init+0x3f6/0x6d0
[ 1152.608315][T16722]  ? qdisc_peek_head+0x40/0x40
[ 1152.613097][T16722]  ? qdisc_alloc+0x77a/0xa50
[ 1152.617702][T16722]  ? rcu_is_watching+0x11/0xa0
[ 1152.622534][T16722]  ? taprio_peek+0x590/0x590
[ 1152.627143][T16722]  qdisc_create+0x7eb/0x10b0
[ 1152.631784][T16722]  ? qdisc_notify+0x370/0x370
[ 1152.636479][T16722]  ? lockdep_rtnl_is_held+0x22/0x30
[ 1152.641703][T16722]  ? qdisc_lookup+0x366/0x6c0
[ 1152.646404][T16722]  tc_modify_qdisc+0xb5f/0x1d10
[ 1152.651360][T16722]  ? qdisc_offload_query_caps+0x150/0x150
[ 1152.657125][T16722]  ? rtnetlink_rcv_msg+0x226/0xfc0
[ 1152.662353][T16722]  ? rtnetlink_rcv_msg+0x226/0xfc0
[ 1152.667469][T16722]  ? qdisc_offload_query_caps+0x150/0x150
[ 1152.673196][T16722]  rtnetlink_rcv_msg+0x87c/0xfc0
[ 1152.678172][T16722]  ? rtnetlink_bind+0x80/0x80
[ 1152.682853][T16722]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1152.688238][T16722]  ? lockdep_hardirqs_on+0x94/0x140
[ 1152.693450][T16722]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1152.698824][T16722]  ? _local_bh_enable+0xa0/0xa0
[ 1152.703691][T16722]  ? __dev_queue_xmit+0x26b/0x37c0
[ 1152.708822][T16722]  ? __dev_queue_xmit+0x26b/0x37c0
[ 1152.713969][T16722]  ? __dev_queue_xmit+0x1cd2/0x37c0
[ 1152.719191][T16722]  ? __dev_queue_xmit+0x26b/0x37c0
[ 1152.724321][T16722]  ? ref_tracker_free+0x68c/0x840
[ 1152.729382][T16722]  ? __copy_skb_header+0x3ba/0x4f0
[ 1152.734519][T16722]  ? refcount_inc+0x70/0x70
[ 1152.739043][T16722]  ? memcpy+0x3c/0x60
[ 1152.743118][T16722]  ? __copy_skb_header+0x3ba/0x4f0
[ 1152.748426][T16722]  ? __skb_clone+0x480/0x790
[ 1152.753058][T16722]  netlink_rcv_skb+0x1fb/0x450
[ 1152.757843][T16722]  ? rtnetlink_bind+0x80/0x80
[ 1152.762548][T16722]  ? netlink_ack+0x1170/0x1170
[ 1152.767348][T16722]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1152.772584][T16722]  netlink_unicast+0x74d/0x8d0
[ 1152.777469][T16722]  netlink_sendmsg+0x8ad/0xbd0
[ 1152.782253][T16722]  ? netlink_getsockopt+0x550/0x550
[ 1152.787468][T16722]  ? aa_sock_msg_perm+0x94/0x150
[ 1152.792429][T16722]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1152.797730][T16722]  ? security_socket_sendmsg+0x7c/0xa0
[ 1152.803211][T16722]  ? netlink_getsockopt+0x550/0x550
[ 1152.808456][T16722]  ____sys_sendmsg+0x5be/0x970
[ 1152.813267][T16722]  ? __sys_sendmsg_sock+0x30/0x30
[ 1152.818329][T16722]  ? __import_iovec+0x315/0x500
[ 1152.823190][T16722]  ? import_iovec+0x6f/0xa0
[ 1152.827703][T16722]  ___sys_sendmsg+0x2a2/0x360
[ 1152.832486][T16722]  ? try_to_wake_up+0x6ae/0x1080
[ 1152.837435][T16722]  ? __sys_sendmsg+0x290/0x290
[ 1152.842232][T16722]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1152.847117][T16722]  ? __x64_sys_sendmsg+0x80/0x80
[ 1152.852078][T16722]  ? lockdep_hardirqs_on+0x94/0x140
[ 1152.857294][T16722]  do_syscall_64+0x4c/0xa0
[ 1152.861741][T16722]  ? clear_bhb_loop+0x60/0xb0
[ 1152.866426][T16722]  ? clear_bhb_loop+0x60/0xb0
[ 1152.871191][T16722]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1152.877099][T16722] RIP: 0033:0x7fa0f399c819
[ 1152.881522][T16722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1152.901251][T16722] RSP: 002b:00007fa0f4838028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1152.909698][T16722] RAX: ffffffffffffffda RBX: 00007fa0f3c16090 RCX: 00007fa0f399c819
[ 1152.917774][T16722] RDX: 0000000000000010 RSI: 00002000000012c0 RDI: 0000000000000006
[ 1152.925771][T16722] RBP: 00007fa0f3a32c91 R08: 0000000000000000 R09: 0000000000000000
[ 1152.933758][T16722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1152.941757][T16722] R13: 00007fa0f3c16128 R14: 00007fa0f3c16090 R15: 00007ffcc53e8588
[ 1152.949809][T16722]  </TASK>
[ 1152.953581][T16722] Kernel Offset: disabled
[ 1152.958040][T16722] Rebooting in 86400 seconds..